WnPC removal. help please!!

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

WnPC removal. help please!!21st May 2009, 8:19 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:03:07 PM, on 5/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\EARTHL~2\PCFINE~1\MXTask.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\EARTHL~2\PCFINE~1\mxtask.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1145376593\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\User\Application Data\winav.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\KCEOR7C6\hijackgpthis[1].exe
C:\Program Files\Internet Explorer\Iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - ~00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - ~D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - (no file)
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {2681668E-8757-483B-8F82-F4028458D902} - C:\WINDOWS\system32\urQhExYO.dll (file missing)
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [AGRSMMSG] "C:\WINDOWS\AGRSMMSG.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] "C:\WINDOWS\system32\HDAudPropShortcut.exe"
O4 - HKLM\..\Run: [CreateCD_Reminder] "C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe"
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [SoundMan] "C:\WINDOWS\SOUNDMAN.EXE"
O4 - HKLM\..\Run: [AlcWzrd] "C:\WINDOWS\ALCWZRD.EXE"
O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE"
O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [VAIO Recovery] "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1145376593\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MySpaceIM] "C:\Program Files\MySpace\IM\MySpaceIM.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AVScan] "C:\Documents and Settings\User\Application Data\winav.exe"
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm565YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119978232296
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC FineTune Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\EARTHL~2\PCFINE~1\MXTask.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

Re: WnPC removal. help please!!21st May 2009, 8:38 pm

Hello.
Lets get an uninstall list to start with.

Open HijackThis.
When Hijack This opens, click "Open the Misc Tools section"
Then select "Open Uninstall Manager"
Click on "Save List..." (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
WnPC removal. help please!! DXwU4

Re: WnPC removal. help please!!21st May 2009, 9:48 pm

here's the uninstall list.

Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
Adobe Shockwave Player 11
Agere Systems PCI Soft Modem
AIM 6
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Bonjour
Click to DVD 2.0.03 Menu Data
Click to DVD 2.4.02
DivX Codec
DVgate Plus
EarthLink PC FineTune
EarthLink Software
EarthLink Toolbar
Fast Browser Search (My Web Tattoo)
frankenstein800.zip
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
HP Deskjet 3840
HP Software Update
Image Converter 2
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Adapters and Drivers
InterVideo WinDVD for VAIO
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 6
Learn2 Player (Uninstall Only)
MediaBar 2.0
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Data Access Components KB870669
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007 Trial
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server Desktop Engine (VAIO_VEDB)
Microsoft Works
MoodLogic
Movielink eHome version 1.1
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MySpaceIM
OpenMG Limited Patch 4.1-05-13-31-01
OpenMG Metadata Extractor for Windows Media Player
OpenMG Secure Module 4.1.00
PictureGear Studio 2.0
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
Sonic Encoders
Sonic RecordNow!
SonicStage 3.0
SonicStage Mastering Studio Audio Filter Custom Preset
Sony Certificate PCH
Sony MP4 Shared Library
Sony TV Tuner Library 1.0
Sony Video Shared Library

Re: WnPC removal. help please!!21st May 2009, 9:54 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Adobe Reader 7.0
Ask Toolbar
Fast Browser Search (My Web Tattoo)
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 6
MediaBar 2.0

Next,

Open HijackThis
Choose "Do a system scan only"
Check the boxes in front of these lines:

R3 - URLSearchHook: (no name) - ~EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - ~00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - ~D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - (no file)
O2 - BHO: (no name) - {2681668E-8757-483B-8F82-F4028458D902} - C:\WINDOWS\system32\urQhExYO.dll (file missing)
O4 - HKCU\..\Run: [AVScan] "C:\Documents and Settings\User\Application Data\winav.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm565YYUS
Press "Fix Checked"
Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Re: WnPC removal. help please!!21st May 2009, 10:15 pm

would not uninstall fast browser or media bar 2.0
nothing happens when i click on either one of them.

Re: WnPC removal. help please!!21st May 2009, 10:17 pm

Okay, leave them two and we'll uninstall them another way.
Do the HJT fix + MBAM for now.

Re: WnPC removal. help please!!21st May 2009, 10:53 pm

tried to get MBAM. it loaded but when i click on the icon nothing happens.

Re: WnPC removal. help please!!21st May 2009, 11:21 pm

Download combofix from here
Link 1
Link 2

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Re: WnPC removal. help please!!22nd May 2009, 4:40 am

ComboFix 09-05-21.01 - User 05/21/2009 23:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.710 [GMT -5:00]
Running from: c:\documents and settings\User\My Documents\Combo-Fix.exe
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Webroot Internet Security Essentials *disabled* {2DB6657C-B970-44d3-AB42-6325A913CCC2}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\User\Application Data\AdProtect NoSpam
c:\documents and settings\User\Application Data\AdProtect NoSpam\Settings.xml
c:\documents and settings\User\Application Data\FunWebProducts
c:\documents and settings\User\Application Data\FunWebProducts\Data\User\avatar.dat
c:\documents and settings\User\Application Data\FunWebProducts\Data\User\register.dat
c:\documents and settings\User\Application Data\gadcom
c:\documents and settings\User\err.log
c:\documents and settings\user\favorites\Online Security Test.url
c:\documents and settings\User\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\User\Local Settings\Temporary Internet Files\gynuh.dl
c:\documents and settings\User\Local Settings\Temporary Internet Files\iredim.sys
c:\documents and settings\User\Local Settings\Temporary Internet Files\ohojez.reg
c:\documents and settings\User\Local Settings\Temporary Internet Files\oqyfucerok._dl
c:\documents and settings\User\Local Settings\Temporary Internet Files\utylo._sy
c:\documents and settings\User\Local Settings\Temporary Internet Files\xibelig.reg
c:\documents and settings\User\Local Settings\Temporary Internet Files\xuse.sys
c:\program files\ad-protect
c:\program files\ad-protect\adpiemonitor.dll
c:\program files\ad-protect\Logs\adp_activity-12072006-173256.log
c:\program files\ad-protect\sdebug.log
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\00192DBD.urr
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\setting2.htm.bak
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\MyWebSearch\bar\Settings\settings.dat.bak
c:\windows\Downloaded Program Files\WebP2PInstaller.dll
c:\windows\Fonts\acrsecB.fon
c:\windows\Fonts\acrsecI.fon
c:\windows\IE4 Error Log.txt
c:\windows\ieocx.dll
c:\windows\setup.exe
c:\windows\smdat32a.sys
c:\windows\smdat32m.sys
c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\system32\DelSelf.bat
c:\windows\system32\drivers\UACxjoymxowpruyfnb.sys
c:\windows\system32\mcrh.tmp
c:\windows\system32\opnOihFY.dll
c:\windows\system32\OYxEhQru.ini
c:\windows\system32\OYxEhQru.ini2
c:\windows\system32\P2P Networking v126.cpl
c:\windows\system32\P2P Networking
c:\windows\system32\P2P Networking\P2P Networking.eng
c:\windows\system32\UACbgnmmyskrlkoujd.dll
c:\windows\system32\UACevscvinvxewflnl.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACltqskdibpjewqoh.dat
c:\windows\system32\UACmlwabwvwpxylbqq.dll
c:\windows\system32\UACqbljwmlytbbxaag.log
c:\windows\system32\UACqqoivnnkpbaswch.log
c:\windows\system32\UACvkyxmdxwhpmpixf.dll
c:\windows\system32\UACvnpprftibwuxrte.log
c:\windows\system32\UACvrbnrpftiwtmsoa.dll
c:\windows\system32\urqrpqoL.dll
c:\windows\system32\wpv0011.cpx
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys

((((((((((((((((((((((((( Files Created from 2009-04-22 to 2009-05-22 )))))))))))))))))))))))))))))))
.

2009-05-21 20:47 . 2009-05-21 20:47 -------- d-----w c:\windows\system32\scripting
2009-05-21 20:47 . 2009-05-21 20:47 -------- d-----w c:\windows\l2schemas
2009-05-21 20:47 . 2009-05-21 20:47 -------- d-----w c:\windows\system32\en
2009-05-21 20:47 . 2009-05-21 20:47 -------- d-----w c:\windows\system32\bits
2009-05-21 20:45 . 2009-05-21 20:45 -------- d-----w c:\windows\ServicePackFiles
2009-05-21 17:45 . 2009-05-21 17:45 177 ----a-w c:\documents and settings\User\Application Data\asd.bat
2009-05-21 17:44 . 2009-05-21 17:44 42496 ----a-w c:\windows\system32\mashtuic32.dll
2009-05-19 09:11 . 2009-05-19 09:11 1096704 ----a-w c:\documents and settings\User\Application Data\winav.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-21 22:03 . 2005-02-23 21:24 -------- d-----w c:\program files\Java
2009-05-21 21:35 . 2005-02-23 22:19 43440 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-21 20:50 . 2005-02-23 20:10 86811 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-21 18:34 . 2008-12-03 15:35 -------- d-----w c:\program files\BearShare Applications
2009-05-18 20:08 . 2007-03-16 22:12 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-03-06 14:22 . 2005-02-23 18:57 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-02 16:47 . 2009-04-07 15:51 87456 ----a-w c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.9.0\SkinEngine\features\photoview\FileModifiedDate.dll
2009-03-02 16:47 . 2009-04-07 15:51 972192 ----a-w c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.9.0\SkinEngine\features\photoview\PhotoSharing.dll
2008-11-14 15:42 . 2008-11-14 15:42 17249 ----a-w c:\program files\Common Files\jivisaxim.exe
2008-11-14 15:42 . 2008-11-14 15:42 12680 ----a-w c:\program files\Common Files\cogahyf._sy
2008-11-14 15:42 . 2008-11-14 15:42 11038 ----a-w c:\program files\Common Files\rowamava.reg
2008-11-14 15:42 . 2008-11-14 15:42 10501 ----a-w c:\program files\Common Files\umydyvo.bin
2008-11-10 21:45 . 2008-11-10 21:45 16301 ----a-w c:\program files\Common Files\mudefaxefu.ban
2008-11-10 21:45 . 2008-11-10 21:45 16019 ----a-w c:\program files\Common Files\baridah.reg
2008-11-10 21:45 . 2008-11-10 21:45 13250 ----a-w c:\program files\Common Files\ogyqyx.com
2008-11-10 21:45 . 2008-11-10 21:45 10931 ----a-w c:\program files\Common Files\bytujynin.bat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2008-09-02 14:05 398776 ----a-w c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2008-11-13 23:04 238968 ----a-w c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2007-09-29 50528]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-02-01 8699904]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-12 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"E6TaskPanel"="c:\program files\EarthLink TotalAccess\TaskPanl.exe" [2005-03-05 942080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="c:\windows\AGRSMMSG.exe" [2005-03-04 88209]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 344064]
"High Definition Audio Property Page Shortcut"="c:\windows\system32\HDAudPropShortcut.exe" [2004-08-13 61952]
"CreateCD_Reminder"="c:\windows\Sonysys\VAIO Recovery\reminder.exe" [2004-07-16 53248]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552]
"SoundMan"="c:\windows\SOUNDMAN.EXE" [2004-11-02 77824]
"AlcWzrd"="c:\windows\ALCWZRD.EXE" [2004-11-29 2748928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"HostManager"="c:\program files\Common Files\AOL\1145376593\ee\AOLSoftware.exe" [2005-11-03 50792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-01 180269]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"UserFaultCheck"="c:\windows\system32\dumprep.exe" [2008-04-14 10752]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-11-13 6273400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-02-01 8699904]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\1145376593\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1145376593\\ee\\aim6.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/12/2008 5:02 PM 29808]
R2 EarthLinkMonitor;EarthLink Monitor Service;c:\program files\EarthLink TotalAccess\WENGINE\wmonitor.exe [1/26/2005 11:47 AM 65604]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 PC FineTune Task Manager;PC FineTune Task Manager;c:\progra~1\EARTHL~2\PCFINE~1\MXTask.exe -Service --> c:\progra~1\EARTHL~2\PCFINE~1\MXTask.exe -Service [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/11/2007 12:12 PM 24652]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [11/18/2008 3:17 PM 1086840]
R3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\BW2NDIS5.SYS [11/1/2004 2:16 PM 17536]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 WlanUIG;2Wire 802.11g USB Driver;c:\windows\system32\drivers\WlanUIG.sys [8/22/2005 4:58 PM 347648]
.
Contents of the 'Scheduled Tasks' folder

2008-12-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2005-06-28 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-02-23 00:12]

2009-05-11 c:\windows\Tasks\wrSpySweeper_LDF45650417BF4D54BC56B63B4995C988.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-11-18 23:11]

2009-05-11 c:\windows\Tasks\wrSpySweeper_LDF45650417BF4D54BC56B63B4995C988.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-11-18 23:11]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-TomTomHOME.exe - c:\program files\TomTom HOME 2\HOMERunner.exe
ShellExecuteHooks-{657FE57A-1AC8-455E-9651-51044228C11A} - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.sony.com/vaiopeople
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: EarthLink Google Search - c:\program files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
IE: Transfer by Image Converter 2 - c:\program files\Sony\Image Converter 2\menu.htm
LSP: c:\program files\EarthLink TotalAccess\Accelerator\prplsf.dll
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15.cab
DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-21 23:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

Re: WnPC removal. help please!!22nd May 2009, 4:41 am

.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(780)
c:\program files\EarthLink TotalAccess\Accelerator\prplsf.dll

- - - - - - - > 'explorer.exe'(624)
c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\windows\system32\ati2evxx.exe
c:\progra~1\EARTHL~2\PCFINE~1\MXTASK.exe
c:\progra~1\EARTHL~2\PCFINE~1\MXTASK.exe
c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
c:\program files\Sony\Sony TV Tuner Library\SMceMan.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Sony\Sony TV Tuner Library\RM_SV.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Webroot\Spy Sweeper\SSU.exe
.
**************************************************************************
.
Completion time: 2009-05-22 23:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-22 04:35

Pre-Run: 221,390,262,272 bytes free
Post-Run: 221,649,866,752 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

269 --- E O F --- 2009-05-21 22:55

Re: WnPC removal. help please!!22nd May 2009, 9:13 am

Hello.

Please download Revo Uninstall from here: Revo Uinstaller

Download and run the setup file for Revo Uninstaller.
Once setup, run Revo Uninstaller.
Select the following item if present for removal by clicking on it once.

Fast Browser Search (My Web Tattoo)
MediaBar 2.0
Viewpoint Manager (remove only)
Viewpoint Media Player
Viewpoint Toolbar
Then hit the "Uninstall" button at the top.
Close Revo Uninstaller.

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Driver::
Viewpoint Manager Service

File::
c:\windows\system32\mashtuic32.dll
c:\documents and settings\User\Application Data\winav.exe
c:\documents and settings\User\Application Data\asd.bat
c:\program files\Common Files\jivisaxim.exe
c:\program files\Common Files\cogahyf._sy
c:\program files\Common Files\rowamava.reg
c:\program files\Common Files\umydyvo.bin
c:\program files\Common Files\mudefaxefu.ban
c:\program files\Common Files\baridah.reg
c:\program files\Common Files\ogyqyx.com
c:\program files\Common Files\bytujynin.bat

Folder::
c:\documents and settings\All Users\Application Data\Viewpoint
c:\program files\BearShare Applications

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=-
"UpdatesDisableNotify"=-

DDS::
mSearch Bar =
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15.cab
DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
WnPC removal. help please!! Sfxdaw

This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

WnPC removal. help please!!

descriptionWnPC removal. help please!!21st May 2009, 8:19 pm

descriptionRe: WnPC removal. help please!!21st May 2009, 8:38 pm

descriptionRe: WnPC removal. help please!!21st May 2009, 9:48 pm

descriptionRe: WnPC removal. help please!!21st May 2009, 9:54 pm

descriptionRe: WnPC removal. help please!!21st May 2009, 10:15 pm

descriptionRe: WnPC removal. help please!!21st May 2009, 10:17 pm

descriptionRe: WnPC removal. help please!!21st May 2009, 10:53 pm

descriptionRe: WnPC removal. help please!!21st May 2009, 11:21 pm

descriptionRe: WnPC removal. help please!!22nd May 2009, 4:40 am

descriptionRe: WnPC removal. help please!!22nd May 2009, 4:41 am

descriptionRe: WnPC removal. help please!!22nd May 2009, 9:13 am

descriptionRe: WnPC removal. help please!!