Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page new here, have malware or something
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 12-06-2008, 06:49 PM   #1 (permalink)
Registered User
 
Join Date: Dec 2008
Posts: 5
OS: xp home sp3


new here, have malware or something
i have read the instructions and have tried to follow them to my best abilities. but did not get an attach.txt file when i ran the scans

my issue here is i am getting popups when using a browser, also i get random audio without any window opening. i have ran spybot adaware and mcafee with no fix, i have checked my addremove programs and found nothing out of the ordinary, spybot noted something along the lines of command service and being unable to fix the issue...so this is what i have...

thank you for your time...


DDS (Version 1.0) - NTFSx86
Run by Exavior at 19:12:58.06 on Sat 12/06/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2482 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATITool\ATITool.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Belkin\F5D8053v4\BelkinWCUI.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Exavior\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\mlJBuusQ.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7CE8DB6F-B578-4E9C-A978-A4D952E9C9D2} - c:\windows\system32\rqRHyxur.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [gadcom] "c:\documents and settings\exavior\application data\gadcom\gadcom.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [FlashIcon] c:\program files\generic\usb card reader driver v2.3\FlashIcon.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SoundMan] SOUNDMAN.EXE
StartupFolder: c:\docume~1\exavior\startm~1\programs\startup\bitcomet.lnk - c:\program files\bitcomet\BitComet.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\atitool.lnk - c:\program files\atitool\ATITool.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f5d8053v4\BelkinWCUI.exe
uPolicies-system: NoAdminPage = 1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: mlJBuusQ - mlJBuusQ.dll
AppInit_DLLs: hhidrc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\mlJBuusQ.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\rqRHyxur

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-5-6 207656]
R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-7-7 611664]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-11-24 358736]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-5-6 144704]
R3 FStarForce;FStarForce;c:\windows\system32\drivers\FStarForce.sys [2008-11-2 9216]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-5-6 605512]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-5-6 79240]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-5-6 35240]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-5-6 34152]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-5-6 40488]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2008-11-11 517632]
S2 cmdService;Command Service;c:\windows\wmfjaybiywxs\command.exe []
S3 3dfxvs;3dfxvs;c:\windows\system32\drivers\3dfxvsm.sys [2007-4-9 148352]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [2003-7-23 22821]
S3 MarkFun_NT;MarkFun_NT;\??\c:\program files\gigabyte\@bios\markfun.w32 [2007-11-29 17912]
S3 s3legacy;s3legacy;c:\windows\system32\drivers\s3legacy.sys [2007-4-15 65664]
S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [2007-4-15 166720]

=============== Created Last 30 ================

2008-12-06 17:25 903,320 a--sh--- c:\windows\system32\ruxyHRqr.ini2
2008-12-06 13:50 121 ---sh--- c:\windows\system32\jlopcxlq.ini
2008-12-06 13:49 129,024 a------- c:\windows\system32\hhidrc.dll
2008-12-06 13:49 129,024 a------- c:\windows\system32\oqifvfxq.dll
2008-12-06 13:47 908,072 a--sh--- c:\windows\system32\ruxyHRqr.ini
2008-12-06 13:47 302,592 a------- c:\windows\system32\rqRHyxur.dll
2008-12-06 13:42 198,760 a------- c:\windows\system32\wpv741228549770.cpx
2008-12-06 13:42 34,816 a------- c:\windows\system32\mlJBuusQ.dll
2008-11-11 19:34 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 19:34 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2008-11-11 19:29 21,361 a------- c:\windows\system32\drivers\AegisP.sys
2008-11-11 19:22 517,632 a------- c:\windows\system32\drivers\rt2870.sys
2008-11-06 19:57 164 a------- c:\windows\avrack.ini
2008-11-06 19:57 <DIR> --d----- c:\program files\Realtek AC97

==================== Find3M ====================

2008-10-24 16:31 9,216 a------- c:\windows\system32\drivers\FStarForce.sys
2008-10-24 06:21 455,296 a------- c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-15 19:14 524,288 a------- c:\windows\system32\DivXsm.exe
2008-09-15 19:14 3,596,288 a------- c:\windows\system32\qt-dx331.dll
2008-09-15 19:12 1,044,480 a------- c:\windows\system32\libdivx.dll
2008-09-15 19:12 200,704 a------- c:\windows\system32\ssldivx.dll
2008-09-15 19:12 196,608 a------- c:\windows\system32\dtu100.dll
2008-09-15 19:12 81,920 a------- c:\windows\system32\dpl100.dll
2008-09-15 19:12 593,920 a------- c:\windows\system32\dpuGUI11.dll
2008-09-15 19:12 344,064 a------- c:\windows\system32\dpus11.dll
2008-09-15 19:12 294,912 a------- c:\windows\system32\dpu11.dll
2008-09-15 19:12 294,912 a------- c:\windows\system32\dpu10.dll
2008-09-15 19:12 57,344 a------- c:\windows\system32\dpv11.dll
2008-09-15 19:12 53,248 a------- c:\windows\system32\dpuGUI10.dll
2008-09-15 19:11 823,296 a------- c:\windows\system32\divx_xx0c.dll
2008-09-15 19:11 823,296 a------- c:\windows\system32\divx_xx07.dll
2008-09-15 19:11 815,104 a------- c:\windows\system32\divx_xx0a.dll
2008-09-15 19:11 802,816 a------- c:\windows\system32\divx_xx11.dll
2008-09-15 19:11 683,520 a------- c:\windows\system32\DivX.dll
2008-09-15 19:11 161,096 a------- c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-15 19:11 12,288 a------- c:\windows\system32\DivXWMPExtType.dll
2008-09-15 07:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-09 20:14 1,307,648 a------- c:\windows\system32\msxml6.dll
2008-02-03 10:21 87,608 a------- c:\docume~1\exavior\applic~1\inst.exe
2008-02-03 10:21 47,360 a------- c:\docume~1\exavior\applic~1\pcouffin.sys
2007-11-24 18:06 22,328 a------- c:\docume~1\exavior\applic~1\PnkBstrK.sys

============= FINISH: 19:13:26.51 ===============
Attached Files
File Type: zip gmerfile.zip (7.9 KB, 1 views)
carcrazystorn is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 12-06-2008, 08:34 PM   #2 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,463
OS: N/A


Re: new here, have malware or something
Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Post the log from ComboFix when you've accomplished that.
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-06-2008, 10:17 PM   #3 (permalink)
Registered User
 
Join Date: Dec 2008
Posts: 5
OS: xp home sp3


Re: new here, have malware or something
ComboFix 08-12-06.04 - Exavior 2008-12-06 22:52:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2810 [GMT -5:00]
Running from: c:\documents and settings\Exavior\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Exavior\Application Data\inst.exe
c:\documents and settings\Exavior\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\Common Files\mbols~1
c:\program files\ymante~1
c:\windows\system32\hhidrc.dll
c:\windows\system32\jlopcxlq.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\oqifvfxq.dll
c:\windows\system32\rqRHyxur.dll
c:\windows\system32\ruxyHRqr.ini
c:\windows\system32\ruxyHRqr.ini2
c:\windows\system32\wnstssv.exe
c:\windows\system32\wpv741228549770.cpx
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Service_cmdService


((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.

2008-12-06 19:14 . 2008-12-06 20:03 250 --a------ c:\windows\gmer.ini
2008-12-06 13:42 . 2008-12-06 13:42 34,816 --a------ c:\windows\system32\mlJBuusQ.dll
2008-11-27 19:57 . 2008-12-06 21:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater
2008-11-11 19:34 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 19:34 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 19:29 . 2008-11-11 19:29 21,361 --a------ c:\windows\system32\drivers\AegisP.sys
2008-11-11 19:22 . 2008-11-11 19:22 <DIR> d-------- c:\documents and settings\Exavior\Application Data\InstallShield
2008-11-11 19:22 . 2007-07-29 05:50 517,632 --a------ c:\windows\system32\drivers\rt2870.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 04:09 302,592 ----a-w c:\windows\system32\byXPIcaY.dll
2008-12-07 00:09 --------- d-----w c:\program files\BitComet
2008-12-06 22:05 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-06 21:34 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-28 00:58 --------- d-----w c:\program files\Google
2008-11-14 23:17 --------- d-----w c:\program files\McAfee
2008-11-12 03:00 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-12 00:22 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-12 00:22 --------- d-----w c:\program files\Belkin
2008-11-10 17:33 --------- d-----w c:\program files\Sprint music manager
2008-11-07 00:57 --------- d-----w c:\program files\Realtek AC97
2008-11-07 00:57 --------- d-----w c:\program files\AvRack
2008-11-06 23:12 --------- d-----w c:\program files\YouTube Downloader
2008-11-04 02:06 --------- d-----w c:\documents and settings\All Users\Application Data\Fallout3
2008-11-03 01:56 --------- d-----w c:\program files\Bethesda Softworks
2008-11-03 01:55 --------- d-----w c:\program files\MSBuild
2008-11-03 01:53 --------- d-----w c:\program files\Reference Assemblies
2008-10-26 02:44 --------- d-----w c:\program files\DivX
2008-10-26 02:33 --------- d-----w c:\documents and settings\Exavior\Application Data\dvdcss
2008-10-26 00:51 --------- d-----w c:\program files\DS2
2008-10-26 00:42 --------- d-----w c:\program files\Diablo II
2008-10-26 00:41 --------- d-----w c:\program files\Postal2STP
2008-10-24 21:31 9,216 ----a-w c:\windows\system32\drivers\FStarForce.sys
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-16 00:14 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-16 00:14 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-16 00:12 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-09-16 00:11 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-09-16 00:11 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-09-16 00:11 683,520 ----a-w c:\windows\system32\DivX.dll
2008-09-16 00:11 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-16 00:11 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-02-03 15:21 47,360 ----a-w c:\documents and settings\Exavior\Application Data\pcouffin.sys
2007-11-24 23:06 22,328 ----a-w c:\documents and settings\Exavior\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16EEBD4C-1987-4B80-8DA5-5C661787848C}]
2008-12-06 23:09 302592 --a------ c:\windows\system32\byXPIcaY.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2008-12-06 13:42 34816 --a------ c:\windows\system32\mlJBuusQ.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 169984]
"6c07c045"="c:\windows\system32\ioyuweej.dll" [2008-12-06 72704]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 c:\windows\soundman.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
ATITool.lnk - c:\program files\ATITool\ATITool.exe [2006-12-08 3035136]
Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F5D8053v4\BelkinWCUI.exe [2008-11-11 1474560]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= "c:\windows\system32\mlJBuusQ.dll" [2008-12-06 34816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJBuusQ]
2008-12-06 13:42 34816 c:\windows\system32\mlJBuusQ.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=hhidrc.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 c:\windows\system32\byXPIcaY

[HKLM\~\startupfolder\C:^Documents and Settings^Exavior^Start Menu^Programs^Startup^winlogon.lnk]
path=c:\documents and settings\Exavior\Start Menu\Programs\Startup\winlogon.lnk
backup=c:\windows\pss\winlogon.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"cmdService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12163:TCP"= 12163:TCP:BitComet 12163 TCP
"12163:UDP"= 12163:UDP:BitComet 12163 UDP

R3 FStarForce;FStarForce;c:\windows\system32\DRIVERS\FStarForce.sys [2008-11-02 9216]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\DRIVERS\rt2870.sys [2008-11-11 517632]
S3 3dfxvs;3dfxvs;c:\windows\system32\DRIVERS\3dfxvsm.sys [2007-04-09 148352]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [2003-07-23 22821]
S3 MarkFun_NT;MarkFun_NT;\??\c:\program files\Gigabyte\@BIOS\markfun.w32 [2007-11-29 17912]
S3 s3legacy;s3legacy;c:\windows\system32\DRIVERS\s3legacy.sys [2007-04-15 65664]
S3 s3m;s3m;c:\windows\system32\DRIVERS\s3m.sys [2007-04-15 166720]
.
Contents of the 'Scheduled Tasks' folder

2008-10-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]

2008-09-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]
.
- - - - ORPHANS REMOVED - - - -

BHO-{E193B07B-B1C8-4F8C-BBE3-A4523FFB3F63} - c:\windows\system32\rqRHyxur.dll
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKLM-Run-FlashIcon - c:\program files\Generic\USB Card Reader Driver v2.3\FlashIcon.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FireFox -: Profile - c:\documents and settings\Exavior\Application Data\Mozilla\Firefox\Profiles\dsgplyf4.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-06 23:07:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\byXPIcaY.dll 302592 bytes executable
c:\windows\system32\YacIPXyb.ini 368 bytes
c:\windows\system32\YacIPXyb.ini2 368 bytes

scan completed successfully
hidden files: 3

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MarkFun_NT]
"ImagePath"="\??\c:\program files\Gigabyte\@BIOS\markfun.w32"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\mlJBuusQ.dll

- - - - - - - > 'explorer.exe'(9484)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\ioyuweej.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\byXPIcaY.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\rundll32.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-12-06 23:15:40 - machine was rebooted [Exavior]
ComboFix-quarantined-files.txt 2008-12-07 04:15:27

Pre-Run: 41,709,203,456 bytes free
Post-Run: 42,229,100,544 bytes free

242 --- E O F --- 2008-11-12 03:00:10
carcrazystorn is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-06-2008, 10:35 PM   #4 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,463
OS: N/A


Re: new here, have malware or something
Open NOTEPAD and copy/paste the text in the quotebox below into it:

Code:
http://www.techsupportforum.com/security-center/hijackthis-log-help/320940-new-here-have-malware-something.html
Collect::
c:\windows\system32\mlJBuusQ.dll
c:\windows\system32\byXPIcaY.dll
c:\windows\system32\ioyuweej.dll
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"6c07c045"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"cmdService"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000000
Save this as "CFScript"





Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Additonally, ComboFix will generate a zipped file at C:\Qoobox\Quarantine\[4]Submit@Date_Time.zip
Before proceeding to the next step, please submit this file to http://www.bleepingcomputer.com/subm....php?channel=4


---------------


Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Vista users right click on the Internet Explorer shortcut, and choose Run As Administrator.

**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.


---------------


In your next post, please include fresh logs from:
  1. Online scan
  2. ComboFix's log
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-07-2008, 01:12 PM   #5 (permalink)
Registered User
 
Join Date: Dec 2008
Posts: 5
OS: xp home sp3


Re: new here, have malware or something
i really appreciate the time and effort you have put forth to try and help me out here. i consider myself more than your average computer user and things such as this really tend to get on my nerves when i cant fix them myself. i have submitted the zip file. and here are my two logs asked for.

ComboFix 08-12-06.04 - Exavior 2008-12-07 8:52:12.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2759 [GMT -5:00]
Running from: c:\documents and settings\Exavior\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Exavior\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\byXPIcaY.dll
c:\windows\system32\ioyuweej.dll
c:\windows\system32\jeewuyoi.ini
c:\windows\system32\mlJBuusQ.dll
c:\windows\system32\nvtakf.dll
c:\windows\system32\rltkjpbl.dll
c:\windows\system32\YacIPXyb.ini
c:\windows\system32\YacIPXyb.ini2

.
((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.

2008-12-06 19:14 . 2008-12-06 20:03 250 --a------ c:\windows\gmer.ini
2008-11-27 19:57 . 2008-12-06 21:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater
2008-11-11 19:34 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 19:34 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 19:29 . 2008-11-11 19:29 21,361 --a------ c:\windows\system32\drivers\AegisP.sys
2008-11-11 19:22 . 2008-11-11 19:22 <DIR> d-------- c:\documents and settings\Exavior\Application Data\InstallShield
2008-11-11 19:22 . 2007-07-29 05:50 517,632 --a------ c:\windows\system32\drivers\rt2870.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 00:09 --------- d-----w c:\program files\BitComet
2008-12-06 22:05 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-06 21:34 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-28 00:58 --------- d-----w c:\program files\Google
2008-11-14 23:17 --------- d-----w c:\program files\McAfee
2008-11-12 03:00 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-12 00:22 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-12 00:22 --------- d-----w c:\program files\Belkin
2008-11-10 17:33 --------- d-----w c:\program files\Sprint music manager
2008-11-07 00:57 --------- d-----w c:\program files\Realtek AC97
2008-11-07 00:57 --------- d-----w c:\program files\AvRack
2008-11-06 23:12 --------- d-----w c:\program files\YouTube Downloader
2008-11-04 02:06 --------- d-----w c:\documents and settings\All Users\Application Data\Fallout3
2008-11-03 01:56 --------- d-----w c:\program files\Bethesda Softworks
2008-11-03 01:55 --------- d-----w c:\program files\MSBuild
2008-11-03 01:53 --------- d-----w c:\program files\Reference Assemblies
2008-10-26 02:44 --------- d-----w c:\program files\DivX
2008-10-26 02:33 --------- d-----w c:\documents and settings\Exavior\Application Data\dvdcss
2008-10-26 00:51 --------- d-----w c:\program files\DS2
2008-10-26 00:42 --------- d-----w c:\program files\Diablo II
2008-10-26 00:41 --------- d-----w c:\program files\Postal2STP
2008-10-24 21:31 9,216 ----a-w c:\windows\system32\drivers\FStarForce.sys
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-02-03 15:21 47,360 ----a-w c:\documents and settings\Exavior\Application Data\pcouffin.sys
2007-11-24 23:06 22,328 ----a-w c:\documents and settings\Exavior\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((( snapshot@2008-12-06_23.14.53.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-07 00:36:10 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-07 13:51:22 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-07 00:36:10 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-07 13:51:22 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-07 00:36:10 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-07 13:51:22 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 c:\windows\soundman.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
ATITool.lnk - c:\program files\ATITool\ATITool.exe [2006-12-08 3035136]
Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F5D8053v4\BelkinWCUI.exe [2008-11-11 1474560]

[HKLM\~\startupfolder\C:^Documents and Settings^Exavior^Start Menu^Programs^Startup^winlogon.lnk]
path=c:\documents and settings\Exavior\Start Menu\Programs\Startup\winlogon.lnk
backup=c:\windows\pss\winlogon.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12163:TCP"= 12163:TCP:BitComet 12163 TCP
"12163:UDP"= 12163:UDP:BitComet 12163 UDP

R3 FStarForce;FStarForce;c:\windows\system32\DRIVERS\FStarForce.sys [2008-11-02 9216]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\DRIVERS\rt2870.sys [2008-11-11 517632]
S3 3dfxvs;3dfxvs;c:\windows\system32\DRIVERS\3dfxvsm.sys [2007-04-09 148352]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [2003-07-23 22821]
S3 MarkFun_NT;MarkFun_NT;\??\c:\program files\Gigabyte\@BIOS\markfun.w32 [2007-11-29 17912]
S3 s3legacy;s3legacy;c:\windows\system32\DRIVERS\s3legacy.sys [2007-04-15 65664]
S3 s3m;s3m;c:\windows\system32\DRIVERS\s3m.sys [2007-04-15 166720]
.
Contents of the 'Scheduled Tasks' folder

2008-10-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]

2008-09-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]
.
- - - - ORPHANS REMOVED - - - -

BHO-{128b5821-c73d-4e5b-b206-1356d78bfc75} - c:\windows\system32\nvtakf.dll
BHO-{1EFFA368-F7B5-4516-81D5-6095D9C90A1F} - c:\windows\system32\byXPIcaY.dll
Notify-mlJBuusQ - mlJBuusQ.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FireFox -: Profile - c:\documents and settings\Exavior\Application Data\Mozilla\Firefox\Profiles\dsgplyf4.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 08:58:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MarkFun_NT]
"ImagePath"="\??\c:\program files\Gigabyte\@BIOS\markfun.w32"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
.
**************************************************************************
.
Completion time: 2008-12-07 9:05:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-07 14:05:21
ComboFix2.txt 2008-12-07 04:15:41

Pre-Run: 42,207,461,376 bytes free
Post-Run: 42,188,873,728 bytes free

179 --- E O F --- 2008-11-12 03:00:10










--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, December 7, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, December 07, 2008 09:20:51
Records in database: 1441946
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 114079
Threat name: 3
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 00:57:20


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\hhidrc.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.exh 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\nvtakf.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.exh 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\oqifvfxq.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.exh 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\rltkjpbl.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.exh 1
C:\Qoobox\Quarantine\[4]-Submit_2008-12-07@8.51.zip Infected: Trojan-Downloader.Win32.Agent.atga 1
C:\WINDOWS\system32\drivers\etc\yes19\pnc.exe Infected: not-a-virus:RemoteAdmin.Win32.NetCat.a 1
carcrazystorn is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-07-2008, 02:27 PM   #6 (permalink)
Registered User
 
Join Date: Dec 2008
Posts: 5
OS: xp home sp3


Re: new here, have malware or something
i have tried the computer out for about an hour or so now, and have not run into the issues i was encountering before.
carcrazystorn is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-07-2008, 03:11 PM   #7 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,463
OS: N/A


Re: new here, have malware or something
C:\QooBox\ is ComboFix's quarantine folder. We'll take care of it when we uninstall ComboFix


Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

  1. Uninstall ComboFix ... do not skip this step
    This process will perform some post cleanup measures.
    Do this by going to to Start > Run & typing in ComboFix /u


  2. ANTIVIRUS SOFTWARE
    It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


  3. Microsoft Windows Updatehttp://www.windowsupdate.com
    Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  4. SPYWAREBLASTER
    SpywareBlaster prevents the installation of malicious ActiveX, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies & restricts the actions of potentially unwanted sites.

    Unlike other programs, SpywareBlaster does not have to remain running in the background. A tutorial on installing & using this product can be found here → http://www.bleepingcomputer.com/forums/tutorial49.html

Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.
  • http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

  • http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.

  • http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.

  • http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.

    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

    NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://computercops.biz/postlite7736-.html

After doing all these, your system will be optimised against future threats.

It's okay to delete the Hijack This folder in a couple weeks if everything is working okay.
Have a safe & happy computing day.

Kindly respond to this thread once more so we can mark this thread as resolved.
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-07-2008, 03:24 PM   #8 (permalink)
Registered User
 
Join Date: Dec 2008
Posts: 5
OS: xp home sp3


Re: new here, have malware or something
i am quite surprised to see that i already use most of those suggestions, i will get the couple i dont already have, i guess it just goes to show that as long as you are running windows you'll never be as safe as those who run other OS's...

thanks again, i will bookmark this page for future reference.
carcrazystorn is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 09:27 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85