📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Need Help - keeps Uploading

Options
2

Comments

  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    mrsJeckyl wrote: »
    I've gone into LOGS and it doesn't mention any DATABASE version, but the log which was there:

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org
    Database version: 4070
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702
    06/05/2010 12:01:20
    mbam-log-2010-05-06 (12-01-20).txt
    Scan type: Full scan (C:\|H:\|)
    Objects scanned: 286509

    As above :)
    :idea:
  • mrsJeckyl
    mrsJeckyl Posts: 201 Forumite
    Part of the Furniture 100 Posts Combo Breaker
    Ah - I am blonde if you didn't guess. :)
    Thanks for all your help btw, I feel like I am actually getting somewhere now.

    Last log

    ComboFix 10-05-05.0A - owner 06/05/2010 13:13:35.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.855 [GMT 1:00]
    Running from: c:\documents and settings\owner\My Documents\qwerty.exe
    AV: Virgin Media Security Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
    FW: Virgin Media Security Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\documents and settings\HP_Administrator\System
    c:\documents and settings\HP_Administrator\System\win_qs8.jqx
    C:\mtwb.dat
    c:\program files\Fast Browser Search
    c:\program files\Fast Browser Search\IE\about.html
    c:\program files\Fast Browser Search\IE\affid.dat
    c:\program files\Fast Browser Search\IE\basis.xml
    c:\program files\Fast Browser Search\IE\error.html
    c:\program files\Fast Browser Search\IE\fbsProtection.xml
    c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml
    c:\program files\Fast Browser Search\IE\icons.bmp
    c:\program files\Fast Browser Search\IE\info.txt
    c:\program files\Fast Browser Search\IE\local.xml
    c:\program files\Fast Browser Search\IE\logobg.bmp
    c:\program files\Fast Browser Search\IE\MTWBtoolbar.html
    c:\program files\Fast Browser Search\IE\search.bmp
    c:\program files\Fast Browser Search\IE\sgpUpdater.xml
    c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
    c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
    c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
    c:\program files\Fast Browser Search\IE\Toolbar Help.htm
    c:\program files\Fast Browser Search\IE\version.txt
    c:\program files\Search Guard Plus
    c:\program files\Search Guard Plus\fbsProtection.xml
    c:\program files\Search Guard Plus\fbsSearchProvider.xml
    c:\program files\Search Guard PlusU
    c:\program files\Search Guard PlusU\sgpUpdater.xml
    c:\recycler\k-1-3542-4232123213-7676767-8888886
    c:\recycler\S-1-5-21-3061287123-3824019521-3434418539-1007
    c:\recycler\S-1-5-21-725345543-1644491937-839522115-500
    C:\restore
    c:\windows\system32\drivers\xhmrqqtg.sys
    H:\Autorun.inf
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    \Legacy_xhmrqqtg
    \Service_xhmrqqtg

    ((((((((((((((((((((((((( Files Created from 2010-04-06 to 2010-05-06 )))))))))))))))))))))))))))))))
    .
    2010-05-06 11:20 . 2010-05-06 11:20
    d
    w- c:\program files\Trend Micro
    2010-05-06 09:24 . 2010-05-06 09:24
    d
    w- c:\documents and settings\owner\Application Data\Malwarebytes
    2010-05-06 09:24 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-05-06 09:24 . 2010-05-06 09:24
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2010-05-06 09:24 . 2010-05-06 09:24
    d
    w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
    2010-05-06 09:24 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-05-03 15:23 . 2009-11-02 14:27 25608 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
    2010-05-03 15:23 . 2009-10-23 12:25 285704 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
    2010-05-03 15:23 . 2010-05-03 15:23 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys
    2010-05-03 15:23 . 2010-05-03 15:23 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys
    2010-05-03 15:22 . 2010-05-03 15:22
    d
    w- c:\program files\Raxco
    2010-05-03 15:22 . 2010-05-03 15:22
    d
    w- c:\documents and settings\All Users.WINDOWS\Application Data\Raxco
    2010-05-02 18:30 . 2010-05-02 18:30
    d
    w- c:\windows\system32\wbem\Repository
    2010-04-21 16:49 . 2010-04-12 16:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-04-20 15:54 . 2010-04-21 07:00
    d
    w- c:\documents and settings\owner\Local Settings\Application Data\Downloaded Installations
    2010-04-15 05:37 . 2008-04-14 02:42 221184 ----a-w- c:\windows\system32\wmpns.dll
    2010-04-11 21:47 . 2010-04-11 21:47
    d
    w- c:\documents and settings\owner\Local Settings\Application Data\{8F7095BF-8AA4-4D7A-A402-0B0899E9D72C}
    2010-04-07 16:06 . 2010-02-12 10:03 293376
    w- c:\windows\system32\browserchoice.exe
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-05-06 12:30 . 2010-01-23 17:54
    d
    w- c:\documents and settings\owner\Application Data\LimeWire
    2010-05-06 12:28 . 2007-03-09 14:59
    d
    w- c:\program files\Lx_cats
    2010-05-06 12:27 . 2010-01-19 14:08 720 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
    2010-05-06 11:20 . 2010-05-06 11:20 388096 ----a-r- c:\documents and settings\owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-05-03 15:25 . 2010-02-16 09:46
    d
    w- c:\documents and settings\owner\Application Data\Virgin Media
    2010-05-03 15:22 . 2010-02-16 09:46
    d
    w- c:\program files\Virgin Media
    2010-05-03 15:21 . 2010-02-16 09:46
    d
    w- c:\documents and settings\All Users.WINDOWS\Application Data\Virgin Media
    2010-05-03 15:18 . 2010-05-03 15:17 125704416 ----a-w- c:\documents and settings\owner\Application Data\Virgin Media\HUB\downloads\VirginMediaSecurity_9.41.exe.dir\VirginMediaSecurity_9.exe
    2010-05-03 15:02 . 2009-04-29 13:06
    d
    w- c:\program files\McAfee
    2010-04-21 17:24 . 2006-10-23 09:28
    d
    w- c:\program files\Common Files\Java
    2010-04-21 16:49 . 2010-04-21 16:49 503808 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3305f280-n\msvcp71.dll
    2010-04-21 16:49 . 2010-04-21 16:49 499712 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3305f280-n\jmc.dll
    2010-04-21 16:49 . 2010-04-21 16:49 348160 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3305f280-n\msvcr71.dll
    2010-04-21 16:49 . 2010-04-21 16:49 12800 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-56acedb4-n\decora-d3d.dll
    2010-04-21 16:49 . 2010-04-21 16:49 61440 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-56acedb4-n\decora-sse.dll
    2010-04-21 16:48 . 2006-10-23 09:28
    d
    w- c:\program files\Java
    2010-04-21 07:07 . 2009-07-31 16:50
    d
    w- c:\program files\thinkbroadband.com
    2010-04-15 05:41 . 2010-04-04 06:32 0 ----a-w- c:\windows\Ysubolifa.bin
    2010-04-15 02:04 . 2010-01-16 11:40
    d
    w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
    2010-04-14 17:38 . 2010-04-04 06:32 120 ----a-w- c:\windows\Hsiridalumihudu.dat
    2010-04-11 21:45 . 2010-04-11 21:45 16 ----a-w- c:\documents and settings\owner\Application Data\jasltw.dat
    2010-04-04 06:28 . 2010-04-04 06:27 16 ----a-w- c:\windows\system32\config\systemprofile\Application Data\jasltw.dat
    2010-04-02 21:12 . 2010-04-02 21:12 16 ----a-w- c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\jasltw.dat
    2010-03-25 06:38 . 2006-10-23 09:43
    d--h--w- c:\program files\InstallShield Installation Information
    2010-03-10 06:15 . 2008-04-15 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-02-25 06:24 . 2008-04-15 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-24 13:11 . 2008-04-15 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-16 14:08 . 2008-04-15 12:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 13:25 . 2008-04-14 00:01 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-12 04:33 . 2008-04-15 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-11 12:02 . 2008-04-15 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
    2007-03-26 18:32 . 2007-03-26 18:32 251 ----a-w- c:\program files\wt3d.ini
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 68856]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
    "nwiz"="nwiz.exe" [2009-07-08 1657376]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-08 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-08 13762560]
    "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
    "LXCDCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll" [2005-07-11 69632]
    "lxcdmon.exe"="c:\program files\Lexmark 6300 Series\lxcdmon.exe" [2005-06-24 200704]
    "EzPrint"="c:\program files\Lexmark 6300 Series\ezprint.exe" [2005-07-05 94208]
    "VirginMediaHUB.exe"="c:\program files\Virgin Media\HUB\VirginMediaHUB.exe" [2009-12-14 4277488]
    "tbbMeter"="c:\program files\thinkbroadband.com\tbbMeter\tbbmeter.exe" [2009-11-22 688648]
    c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    c:\documents and settings\owner\Start Menu\Programs\Startup\
    LimeWire On Startup.lnk - c:\documents and settings\owner\Desktop\LimeWire\LimeWire.exe [2009-12-16 503808]
    c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
    Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]
    @="Service"
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
    2010-01-22 10:16 33603584 ----a-w- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "c:\\Documents and Settings\\owner\\Desktop\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Virgin Media\\HUB\\ServicepointService.exe"=
    R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [03/05/2010 16:23 25608]
    R2 Radialpoint Security Services;Virgin Media Security;c:\program files\Virgin Media\Security\RpsSecurityAwareR.exe [04/01/2010 12:17 165408]
    R2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe [03/05/2010 16:23 5832712]
    R2 ServicepointService;ServicepointService;c:\program files\Virgin Media\HUB\ServicepointService.exe [16/02/2010 10:46 668912]
    R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [03/05/2010 16:23 122376]
    R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys [03/05/2010 16:23 30216]
    R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [03/05/2010 16:23 25736]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [27/03/2009 01:25 1086208]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31/01/2010 01:44 135664]
    S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [23/04/2007 14:54 83208]
    S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [23/04/2007 14:54 15112]
    S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [23/04/2007 14:54 108680]
    S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [23/04/2007 14:54 100488]
    S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [23/04/2007 14:54 98568]
    --- Other Services/Drivers In Memory ---
    *NewlyCreated* - DE39585B
    *NewlyCreated* - F287B985
    *Deregistered* - de39585b
    *Deregistered* - dpnwhdtm
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan sysagent
    .
    Contents of the 'Scheduled Tasks' folder
    2010-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 00:44]
    2010-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 00:44]
    .
    .
    Supplementary Scan
    .
    uStart Page = hxxp://uk.yahoo.com/
    uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    .
    - - - - ORPHANS REMOVED - - - -
    HKLM-Run-Oyixezi - c:\windows\azahowoboz.dll

    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-05-06 13:29
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    LXCDCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpnwhdtm]
    .
    DLLs Loaded Under Running Processes
    - - - - - - - > 'lsass.exe'(1052)
    c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
    - - - - - - - > 'explorer.exe'(3808)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    Other Running Processes
    .
    c:\windows\system32\nvsvc32.exe
    c:\program files\Virgin Media\Security\Fws.exe
    c:\program files\Virgin Media\Security\rps.exe
    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
    c:\windows\system32\RUNDLL32.EXE
    c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
    c:\windows\system32\lxcdcoms.exe
    c:\windows\eHome\ehmsas.exe
    c:\windows\system32\dllhost.exe
    c:\program files\Common Files\Teleca Shared\Generic.exe
    c:\program files\Virgin Media\HUB\VirginMediaHUBComHandler.exe
    c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    .
    **************************************************************************
    .
    Completion time: 2010-05-06 13:35:40 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-05-06 12:35
    Pre-Run: 143,087,443,968 bytes free
    Post-Run: 143,479,779,328 bytes free
    - - End Of File - - FAEE0643931038C99209D8AD46728908
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Open notepad and copy/paste the text in RED below

    File::
    c:\windows\Ysubolifa.bin
    c:\windows\Hsiridalumihudu.dat
    c:\program files\wt3d.ini




    Save this as "CFScript"

    Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

    CFScript.gif


    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply

    Combofix should never take more that 20 minutes including the reboot if malware is detected.
    If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
    :idea:
  • gaming_guy
    gaming_guy Posts: 6,128 Forumite
    1,000 Posts Combo Breaker
    O4 - Startup: LimeWire On Startup.lnk = C:\Documents and Settings\owner\Desktop\LimeWire\LimeWire.exe

    indicates that limewire is installed on your machine. this may be the cause of all the malware and the upload total as it is a filesharing (P2P and torrent capable program) program.
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    gaming_guy wrote: »
    indicates that limewire is installed on your machine. this may be the cause of all the malware and the upload total as it is a filesharing (P2P and torrent capable program) program.


    Cheers gaming. I was going to mention that but forgot

    Id put money on limewire being the cause
    :idea:
  • fiddiwebb
    fiddiwebb Posts: 1,806 Forumite
    Hmmm....though it was, just seemed a lot of MB to go wandering either that or your wireless connection was not secure.
  • mrsJeckyl
    mrsJeckyl Posts: 201 Forumite
    Part of the Furniture 100 Posts Combo Breaker
    Good call with Lime wire - I think this problem did start when my husband last used it, didn't completely link the 2 as I haven't opened it and don't use it.
    The Wireless connection should be OK, because the laptop is wired and until we get a dongle for it we have a long cable connecting and I don't think my step son can't use his laptop when he comes to visit.

    Report:

    ComboFix 10-05-05.0A - owner 06/05/2010 15:16:46.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.984 [GMT 1:00]
    Running from: c:\documents and settings\owner\Desktop\qwerty.exe
    Command switches used :: c:\documents and settings\owner\Desktop\CFScript.txt
    AV: Virgin Media Security Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
    FW: Virgin Media Security Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
    * Resident AV is active

    FILE ::
    "c:\program files\wt3d.ini"
    "c:\windows\Hsiridalumihudu.dat"
    "c:\windows\Ysubolifa.bin"
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\documents and settings\HP_Administrator\Local Settings\Application Data\{670448B3-671B-4A9C-80A6-1BF58906A3FB}
    c:\documents and settings\HP_Administrator\Local Settings\Application Data\{670448B3-671B-4A9C-80A6-1BF58906A3FB}\chrome.manifest
    c:\documents and settings\HP_Administrator\Local Settings\Application Data\{670448B3-671B-4A9C-80A6-1BF58906A3FB}\chrome\content\_cfg.js
    c:\documents and settings\HP_Administrator\Local Settings\Application Data\{670448B3-671B-4A9C-80A6-1BF58906A3FB}\chrome\content\c.js
    c:\documents and settings\HP_Administrator\Local Settings\Application Data\{670448B3-671B-4A9C-80A6-1BF58906A3FB}\chrome\content\overlay.xul
    c:\documents and settings\HP_Administrator\Local Settings\Application Data\{670448B3-671B-4A9C-80A6-1BF58906A3FB}\install.rdf
    c:\documents and settings\owner\Local Settings\Application Data\{8F7095BF-8AA4-4D7A-A402-0B0899E9D72C}
    c:\documents and settings\owner\Local Settings\Application Data\{8F7095BF-8AA4-4D7A-A402-0B0899E9D72C}\chrome.manifest
    c:\documents and settings\owner\Local Settings\Application Data\{8F7095BF-8AA4-4D7A-A402-0B0899E9D72C}\chrome\content\_cfg.js
    c:\documents and settings\owner\Local Settings\Application Data\{8F7095BF-8AA4-4D7A-A402-0B0899E9D72C}\chrome\content\overlay.xul
    c:\documents and settings\owner\Local Settings\Application Data\{8F7095BF-8AA4-4D7A-A402-0B0899E9D72C}\install.rdf
    c:\program files\wt3d.ini
    c:\windows\Hsiridalumihudu.dat
    c:\windows\Ysubolifa.bin
    .
    ((((((((((((((((((((((((( Files Created from 2010-04-06 to 2010-05-06 )))))))))))))))))))))))))))))))
    .
    2010-05-06 13:45 . 2010-05-06 13:45
    d
    w- c:\documents and settings\owner\Application Data\Yahoo!
    2010-05-06 13:45 . 2010-05-06 13:45
    d
    w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo! Companion
    2010-05-06 11:20 . 2010-05-06 11:20 388096 ----a-r- c:\documents and settings\owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-05-06 11:20 . 2010-05-06 11:20
    d
    w- c:\program files\Trend Micro
    2010-05-06 09:24 . 2010-05-06 09:24
    d
    w- c:\documents and settings\owner\Application Data\Malwarebytes
    2010-05-06 09:24 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-05-06 09:24 . 2010-05-06 09:24
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2010-05-06 09:24 . 2010-05-06 09:24
    d
    w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
    2010-05-06 09:24 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-05-03 15:23 . 2009-11-02 14:27 25608 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
    2010-05-03 15:23 . 2009-10-23 12:25 285704 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
    2010-05-03 15:23 . 2010-05-03 15:23 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys
    2010-05-03 15:23 . 2010-05-03 15:23 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys
    2010-05-03 15:22 . 2010-05-03 15:22
    d
    w- c:\program files\Raxco
    2010-05-03 15:22 . 2010-05-03 15:22
    d
    w- c:\documents and settings\All Users.WINDOWS\Application Data\Raxco
    2010-05-03 15:17 . 2010-05-03 15:18 125704416 ----a-w- c:\documents and settings\owner\Application Data\Virgin Media\HUB\downloads\VirginMediaSecurity_9.41.exe.dir\VirginMediaSecurity_9.exe
    2010-05-02 18:30 . 2010-05-02 18:30
    d
    w- c:\windows\system32\wbem\Repository
    2010-04-21 16:49 . 2010-04-21 16:49 503808 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3305f280-n\msvcp71.dll
    2010-04-21 16:49 . 2010-04-21 16:49 499712 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3305f280-n\jmc.dll
    2010-04-21 16:49 . 2010-04-21 16:49 348160 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3305f280-n\msvcr71.dll
    2010-04-21 16:49 . 2010-04-21 16:49 12800 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-56acedb4-n\decora-d3d.dll
    2010-04-21 16:49 . 2010-04-21 16:49 61440 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-56acedb4-n\decora-sse.dll
    2010-04-21 16:49 . 2010-04-12 16:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-04-20 15:54 . 2010-04-21 07:00
    d
    w- c:\documents and settings\owner\Local Settings\Application Data\Downloaded Installations
    2010-04-15 05:37 . 2008-04-14 02:42 221184 ----a-w- c:\windows\system32\wmpns.dll
    2010-04-07 16:06 . 2010-02-12 10:03 293376
    w- c:\windows\system32\browserchoice.exe
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-05-06 13:45 . 2009-05-28 16:40
    d
    w- c:\program files\CCleaner
    2010-05-06 13:29 . 2010-01-23 17:54
    d
    w- c:\documents and settings\owner\Application Data\LimeWire
    2010-05-06 13:28 . 2007-03-09 14:59
    d
    w- c:\program files\Lx_cats
    2010-05-06 13:27 . 2010-01-19 14:08 720 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
    2010-05-03 15:25 . 2010-02-16 09:46
    d
    w- c:\documents and settings\owner\Application Data\Virgin Media
    2010-05-03 15:22 . 2010-02-16 09:46
    d
    w- c:\program files\Virgin Media
    2010-05-03 15:21 . 2010-02-16 09:46
    d
    w- c:\documents and settings\All Users.WINDOWS\Application Data\Virgin Media
    2010-05-03 15:02 . 2009-04-29 13:06
    d
    w- c:\program files\McAfee
    2010-04-21 17:24 . 2006-10-23 09:28
    d
    w- c:\program files\Common Files\Java
    2010-04-21 16:48 . 2006-10-23 09:28
    d
    w- c:\program files\Java
    2010-04-21 07:07 . 2009-07-31 16:50
    d
    w- c:\program files\thinkbroadband.com
    2010-04-15 02:04 . 2010-01-16 11:40
    d
    w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
    2010-04-11 21:45 . 2010-04-11 21:45 16 ----a-w- c:\documents and settings\owner\Application Data\jasltw.dat
    2010-04-04 06:28 . 2010-04-04 06:27 16 ----a-w- c:\windows\system32\config\systemprofile\Application Data\jasltw.dat
    2010-04-02 21:12 . 2010-04-02 21:12 16 ----a-w- c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\jasltw.dat
    2010-03-25 06:38 . 2006-10-23 09:43
    d--h--w- c:\program files\InstallShield Installation Information
    2010-03-10 06:15 . 2008-04-15 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-02-25 06:24 . 2008-04-15 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-24 13:11 . 2008-04-15 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-16 14:08 . 2008-04-15 12:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 13:25 . 2008-04-14 00:01 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-12 04:33 . 2008-04-15 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-11 12:02 . 2008-04-15 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 68856]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
    "nwiz"="nwiz.exe" [2009-07-08 1657376]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-08 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-08 13762560]
    "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
    "LXCDCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll" [2005-07-11 69632]
    "lxcdmon.exe"="c:\program files\Lexmark 6300 Series\lxcdmon.exe" [2005-06-24 200704]
    "EzPrint"="c:\program files\Lexmark 6300 Series\ezprint.exe" [2005-07-05 94208]
    "VirginMediaHUB.exe"="c:\program files\Virgin Media\HUB\VirginMediaHUB.exe" [2009-12-14 4277488]
    "tbbMeter"="c:\program files\thinkbroadband.com\tbbMeter\tbbmeter.exe" [2009-11-22 688648]
    c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    c:\documents and settings\owner\Start Menu\Programs\Startup\
    LimeWire On Startup.lnk - c:\documents and settings\owner\Desktop\LimeWire\LimeWire.exe [2009-12-16 503808]
    c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
    Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]
    @="Service"
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
    2010-01-22 10:16 33603584 ----a-w- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "c:\\Documents and Settings\\owner\\Desktop\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Virgin Media\\HUB\\ServicepointService.exe"=
    R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [03/05/2010 16:23 25608]
    R2 Radialpoint Security Services;Virgin Media Security;c:\program files\Virgin Media\Security\RpsSecurityAwareR.exe [04/01/2010 12:17 165408]
    R2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe [03/05/2010 16:23 5832712]
    R2 ServicepointService;ServicepointService;c:\program files\Virgin Media\HUB\ServicepointService.exe [16/02/2010 10:46 668912]
    R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [03/05/2010 16:23 122376]
    R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys [03/05/2010 16:23 30216]
    R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [03/05/2010 16:23 25736]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [27/03/2009 01:25 1086208]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31/01/2010 01:44 135664]
    S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [23/04/2007 14:54 83208]
    S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [23/04/2007 14:54 15112]
    S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [23/04/2007 14:54 108680]
    S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [23/04/2007 14:54 100488]
    S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [23/04/2007 14:54 98568]
    --- Other Services/Drivers In Memory ---
    *NewlyCreated* - 36E07FED
    *NewlyCreated* - C56D406A
    *Deregistered* - 36e07fed
    *Deregistered* - c56d406a
    *Deregistered* - dpnwhdtm
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan sysagent
    .
    Contents of the 'Scheduled Tasks' folder
    2010-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 00:44]
    2010-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 00:44]
    .
    .
    Supplementary Scan
    .
    uStart Page = hxxp://uk.yahoo.com/
    uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    .
    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-05-06 15:22
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    LXCDCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpnwhdtm]
    .
    DLLs Loaded Under Running Processes
    - - - - - - - > 'lsass.exe'(1040)
    c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
    .
    Completion time: 2010-05-06 15:24:21
    ComboFix-quarantined-files.txt 2010-05-06 14:24
    ComboFix2.txt 2010-05-06 12:35
    Pre-Run: 143,502,508,032 bytes free
    Post-Run: 143,472,807,936 bytes free
    - - End Of File - - 3394294DADD45DFA00ADE1E22A87D944
  • mrsJeckyl
    mrsJeckyl Posts: 201 Forumite
    Part of the Furniture 100 Posts Combo Breaker
    Just been reading some other threads on limewire as I have never given it much thought. It sounds like it would be an idea to delete it. TBH - I never use it and my husband normally seems to listen to stuff he already has on CD, so he can group it easier.

    What do you guys think?
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Quite simply, if you dont use it then uninstall it
    If it IS used, scan everything with a antivirus (Not the useless virgin one you now use) before using it

    My suggestion would be to remove virgin and replace with AVIRA or AVAST (windows firewall would be fine if you use a router. otherwise you could use PCTOOLS FIREWALL)
    :idea:
  • mrsJeckyl
    mrsJeckyl Posts: 201 Forumite
    Part of the Furniture 100 Posts Combo Breaker
    aliEnRIK, thank you so much for all your help today. You have been a godsend.

    My daughters thank you too - I haven't let them play cbeebies today so I can sort out the computer.
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 351.1K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.6K Spending & Discounts
  • 244.1K Work, Benefits & Business
  • 599K Mortgages, Homes & Bills
  • 177K Life & Family
  • 257.4K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture