Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

User Tag List

cant access anti virus sites or microsoft

This is a discussion on cant access anti virus sites or microsoft within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. Ive had this problem for a few a days. I've heard of combofix but not sure how to use it


 
 
Thread Tools Search this Thread
Old 04-28-2012, 12:41 PM   #1
Registered Member
 
Join Date: Apr 2012
Posts: 6
OS: xp


Mistake

Ive had this problem for a few a days. I've heard of combofix but not sure how to use it so any help would be appreciated.

Heres My Hijackthis log

Quote:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:41:10 PM, on 28/04/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\BitTorrent\BitTorrent.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Sign In
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\Documents and Settings\Chriz\Local Settings\Application Data\jrdqxmro\rxugimbb.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Mixersel] C:\Program Files\Realtek\InstallShield\mixersel.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [RxuGimbb] C:\Documents and Settings\Chriz\Local Settings\Application Data\jrdqxmro\rxugimbb.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\..\svchost.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe

--
End of file - 7779 bytes
jparish1986 is offline  
Sponsored Links
Advertisement
 
Old 04-28-2012, 02:30 PM   #2
Security Team
Analyst
 
RPMcMurphy's Avatar
 
Join Date: Dec 2009
Location: Michigan
Posts: 2,045
OS: Windows Vista / Win 7



Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

We want all our members to perform the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post the logs in your next reply for my review.
__________________


ASAP & UNITE Member
RPMcMurphy is offline  
Old 04-29-2012, 01:00 AM   #3
Registered Member
 
Join Date: Apr 2012
Posts: 6
OS: xp



I cannot download nothing due to this virus or whatever it is any chance you can email me the tools?
jparish1986 is offline  
Sponsored Links
Advertisement
 
Old 04-29-2012, 08:34 AM   #4
Security Team
Analyst
 
RPMcMurphy's Avatar
 
Join Date: Dec 2009
Location: Michigan
Posts: 2,045
OS: Windows Vista / Win 7



Unfortunately I can not email the files to you. Can you download them from a working PC and transfer them to the infected one?
__________________


ASAP & UNITE Member
RPMcMurphy is offline  
Old 04-30-2012, 09:21 AM   #5
Registered Member
 
Join Date: Apr 2012
Posts: 6
OS: xp



Just doing the logs now as managed to get them download using an online proxy.
jparish1986 is offline  
Old 04-30-2012, 11:45 AM   #6
Registered Member
 
Join Date: Apr 2012
Posts: 6
OS: xp



At last just finished the scans.

I dont have access to any discs btw.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Chriz at 16:07:25 on 2012-04-30
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2806.2141 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.hotmail.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mWinlogon: Userinit=c:\windows\system32\userinit.exe,,c:\documents and settings\chriz\local settings\application data\jrdqxmro\rxugimbb.exe
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [RxuGimbb] c:\documents and settings\chriz\local settings\application data\jrdqxmro\rxugimbb.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [Mixersel] c:\program files\realtek\installshield\mixersel.exe
mRun: [CHotkey] zHotkey.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver2\LVCOMS.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2B6486DB-DD8E-4BBD-A37F-B4EA6535C5AE} : DhcpNameServer = 192.168.0.1
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\chriz\application data\mozilla\firefox\profiles\1mtmw7l3.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 8f217ba7-cb5f-48e4-85d2-97c9dfd2ce6b
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics
.
FF - user.js: extensions.autoDisableScopes - 14
.
============= SERVICES / DRIVERS ===============
.
R2 MCVSRte;McAfee.com VirusScan Online Realtime Engine;c:\progra~1\mcafee.com\vso\mcvsrte.exe [2005-9-9 122880]
R3 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2005-9-9 225375]
R3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [2005-9-9 23296]
R4 Micorsoft Windows Service;Micorsoft Windows Service;\??\c:\docume~1\chriz\locals~1\temp\yjsnijtr.sys --> c:\docume~1\chriz\locals~1\temp\yjsnijtr.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 msupdate;Microsoft security update service;c:\windows\svchost.exe [2012-4-9 20992]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-9 253088]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [2012-4-23 25728]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 libusb0;libusb-win32 - Kernel Driver 04/10/2012 0.0.0.0;c:\windows\system32\drivers\libusb0.sys [2012-4-10 42592]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2005-9-9 352256]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-29 129976]
S3 NETGEAR NETGEAR MA101 USB Adapter(R);NETGEAR NETGEAR MA101 USB Adapter(R) Service for NETGEAR MA101 USB Adapter;c:\windows\system32\drivers\ma1012kr.sys [2006-1-22 85888]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2006-4-17 152576]
S3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-4-11 1181104]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-4-11 1185704]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-04-29 06:52:39 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-29 06:52:34 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-04-29 06:52:33 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-04-28 18:22:43 388096 -c--a-r- c:\documents and settings\chriz\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-04-28 18:22:43 -------- d-----w- c:\program files\Trend Micro
2012-04-25 12:43:25 -------- dcsh--w- c:\documents and settings\chriz\IETldCache
2012-04-25 10:55:06 -------- dc----w- c:\documents and settings\chriz\application data\Hulubulu
2012-04-25 10:55:02 -------- d-----w- c:\program files\Advanced Renamer
2012-04-25 10:38:13 -------- dc-h--w- c:\windows\ie8
2012-04-25 10:28:32 -------- d-----w- C:\apps
2012-04-25 09:57:38 -------- dc----w- c:\documents and settings\chriz\.android
2012-04-25 09:56:24 -------- d-----w- c:\program files\Android
2012-04-24 07:45:59 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2012-04-24 07:45:59 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-04-24 07:45:22 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-04-24 07:44:44 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-04-24 07:43:40 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-04-24 07:40:41 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-04-24 07:40:34 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-04-23 10:51:52 1419232 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2012-04-23 10:51:51 25728 ----a-w- c:\windows\system32\drivers\androidusb.sys
2012-04-14 09:56:50 -------- d-----w- C:\notepad2_4.2.25_x86
2012-04-13 18:18:02 -------- d-----w- C:\Pokewitch
2012-04-11 13:34:41 -------- d-----w- c:\windows\system32\scripting
2012-04-11 13:34:40 -------- d-----w- c:\windows\l2schemas
2012-04-11 13:34:38 -------- d-----w- c:\windows\system32\en
2012-04-11 13:34:37 -------- d-----w- c:\windows\system32\bits
2012-04-11 13:24:52 -------- d-----w- c:\windows\network diagnostic
2012-04-11 13:18:36 -------- d-----w- c:\windows\EHome
2012-04-11 12:31:48 -------- d-----w- C:\ProcAlyzer Dumps
2012-04-11 12:05:45 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-04-11 12:05:27 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-04-11 12:05:20 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-04-11 11:47:56 -------- d-----w- c:\program files\0xRH
2012-04-10 20:13:53 -------- d-----w- C:\HOSPITAL
2012-04-10 20:12:20 -------- d--h--w- c:\windows\PIF
2012-04-10 2013 99532 -c--a-w- c:\documents and settings\chriz\ms.exe
2012-04-10 2013 -------- dc----w- c:\documents and settings\chriz\local settings\application data\jrdqxmro
2012-04-10 17:03:35 -------- dc----w- c:\documents and settings\chriz\local settings\application data\SecondLife
2012-04-10 17:02:30 -------- d-----w- c:\program files\SecondLifeViewer
2012-04-10 15:29:49 -------- d-----w- c:\program files\Rockstar Games
2012-04-10 13:09:45 42592 ----a-w- c:\windows\system32\drivers\libusb0.sys
2012-04-10 13:08:46 67680 ----a-w- c:\windows\system32\libusb0.dll
2012-04-10 13:08:44 -------- d-----w- c:\program files\SixaxisPairTool
2012-04-10 11:15:14 -------- d-----w- c:\windows\ServicePackFiles
2012-04-10 11:13:34 -------- d-----w- c:\program files\MSXML 4.0
2012-04-09 18:08:17 20992 ----a-r- c:\windows\svchost.exe
2012-04-09 17:25:59 172032 ----a-w- c:\windows\system32\igfxres.dll
2012-04-09 17:19:52 -------- d-----w- C:\Intel
2012-04-09 17:18:49 -------- d-----w- c:\program files\SystemRequirementsLab
2012-04-09 16:49:09 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-04-09 16:32:13 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2012-04-09 16:29:16 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-09 16:29:16 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-09 16:22:35 -------- d-----w- c:\program files\EA GAMES
2012-04-09 16:22:34 445504 ----a-r- c:\windows\system32\vp6vfw.dll
2012-04-09 16:17:02 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-04-09 16:17:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2012-04-09 16:15:41 357888 -c----w- c:\windows\system32\dllcache\srv.sys
2012-04-09 16:14:54 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-04-09 16:14:42 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-04-09 16:14:35 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-04-09 16:12:21 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2012-04-09 16:11:55 293376 ------w- c:\windows\system32\browserchoice.exe
2012-04-09 16:10:35 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
2012-04-09 16:10:16 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2012-04-09 16:09:47 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-04-09 16:09:47 272128 ------w- c:\windows\system32\drivers\bthport.sys
2012-04-09 16:09:01 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2012-04-09 15:39:38 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2012-04-09 15:39:33 -------- d-----w- c:\windows\system32\PreInstall
2012-04-08 22:50:23 -------- d-----w- c:\windows\system32\LogFiles
2012-04-08 18:56:19 -------- d-----w- c:\windows\system32\SoftwareDistribution
2012-04-08 14:36:36 -------- d-----w- C:\Bit Torrent Complete
2012-04-08 14:36:13 -------- d-----w- C:\Bit Torrent Incomplete
2012-04-08 14:32:49 -------- d-----w- c:\program files\Yontoo
2012-04-08 14:32:46 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2012-04-08 14:32:44 -------- d-----w- c:\program files\BitTorrent
2012-04-08 14:32:23 -------- dc----w- c:\documents and settings\chriz\application data\BitTorrent
.
==================== Find3M ====================
.
2012-04-09 16:12:53 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-09 16:12:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 16:09:38.58 ===============
Attached Files
File Type: zip attach.zip (10.7 KB, 11 views)
jparish1986 is offline  
Old 04-30-2012, 01:21 PM   #7
Security Team
Analyst
 
RPMcMurphy's Avatar
 
Join Date: Dec 2009
Location: Michigan
Posts: 2,045
OS: Windows Vista / Win 7



Please do this next:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Once the Microsoft Windows Recovery Console is installed click on Yes[/b], to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please include the following in your next post:
  • ComboFix log
__________________


ASAP & UNITE Member
RPMcMurphy is offline  
Old 05-01-2012, 08:50 AM   #8
Registered Member
 
Join Date: Apr 2012
Posts: 6
OS: xp



Here is the log.

Sorry I'm taking so long work nights.

ComboFix 12-05-01.01 - Chriz 01/05/2012 15:20:34.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2806.2181 [GMT 1:00]
Running from: c:\documents and settings\Chriz\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Chriz\Local Settings\Application Data\fovydbro.log
c:\documents and settings\Chriz\Local Settings\Application Data\hhmvpavu.log
c:\documents and settings\Chriz\Local Settings\Application Data\jrdqxmro\rxugimbb.exe
c:\documents and settings\Chriz\Local Settings\Application Data\lvflrjss.log
c:\documents and settings\Chriz\Local Settings\Application Data\qnhquieq.log
c:\documents and settings\Chriz\Local Settings\Application Data\syuxjlgb.log
c:\documents and settings\Chriz\Local Settings\Application Data\tpclchcy.log
c:\documents and settings\Chriz\Local Settings\Application Data\umrbasqr.log
c:\documents and settings\Chriz\Local Settings\Application Data\xipslewv.log
c:\documents and settings\Chriz\ms.exe
c:\documents and settings\Chriz\Recent\Thumbs.db
c:\documents and settings\Chriz\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\progra~1\MyWay\SrchAstt\1.bin\MYSRchas.dll
c:\program files\MyWay
c:\program files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
c:\program files\MyWay\SrchAstt\1.bin\PARTNER.DAT
c:\program files\MyWay\SrchAstt\1.bin\UNINSTAL.INF
c:\program files\MyWay\SrchAstt\Cache\00055AD6
c:\program files\MyWay\SrchAstt\Cache\files.ini
c:\program files\screensavers.com
c:\windows\desktop
c:\windows\desktop\Gameboy Colour.lnk
c:\windows\svchost.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\drivers\etc\hosts.ics
D:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MICORSOFT_WINDOWS_SERVICE
-------\Legacy_MSUPDATE
-------\Service_Micorsoft Windows Service
-------\Service_msupdate
.
.
((((((((((((((((((((((((( Files Created from 2012-04-01 to 2012-05-01 )))))))))))))))))))))))))))))))
.
.
2012-04-30 18:33 . 2012-04-30 18:33 -------- dc----w- c:\documents and settings\Chriz\Application Data\CheckPoint
2012-04-30 18:32 . 2012-04-30 18:33 -------- d-----w- c:\program files\CheckPoint
2012-04-30 18:32 . 2012-04-30 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint
2012-04-30 18:25 . 2012-04-30 18:25 -------- dc----w- c:\documents and settings\Chriz\Application Data\Wireshark
2012-04-30 18:13 . 2012-04-30 18:13 -------- d-----w- c:\program files\WinPcap
2012-04-30 18:13 . 2012-04-30 18:13 -------- d-----w- c:\program files\Wireshark
2012-04-29 06:52 . 2012-04-29 06:52 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-28 18:22 . 2012-04-28 18:22 388096 -c--a-r- c:\documents and settings\Chriz\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-28 18:22 . 2012-04-28 18:22 -------- d-----w- c:\program files\Trend Micro
2012-04-25 15:00 . 2012-04-25 15:00 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-04-25 12:44 . 2012-04-25 12:44 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-04-25 12:43 . 2012-04-25 12:43 -------- dcsh--w- c:\documents and settings\Chriz\IETldCache
2012-04-25 10:55 . 2012-04-25 10:55 -------- dc----w- c:\documents and settings\Chriz\Application Data\Hulubulu
2012-04-25 10:55 . 2012-04-25 10:55 -------- d-----w- c:\program files\Advanced Renamer
2012-04-25 10:38 . 2012-04-25 10:39 -------- dc-h--w- c:\windows\ie8
2012-04-25 10:28 . 2012-04-25 11:41 -------- d-----w- C:\apps
2012-04-25 09:57 . 2012-04-25 09:59 -------- dc----w- c:\documents and settings\Chriz\.android
2012-04-25 09:56 . 2012-04-25 09:56 -------- d-----w- c:\program files\Android
2012-04-24 07:45 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2012-04-24 07:45 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-04-24 07:45 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-04-24 07:44 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-04-24 07:43 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-04-24 07:40 . 2012-01-09 16:20 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-04-24 07:40 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-04-23 10:51 . 2010-08-07 13:19 1419232 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2012-04-23 10:51 . 2010-08-07 13:19 25728 ----a-w- c:\windows\system32\drivers\androidusb.sys
2012-04-14 09:56 . 2012-04-14 09:56 -------- d-----w- C:\notepad2_4.2.25_x86
2012-04-13 18:18 . 2012-04-14 09:55 -------- d-----w- C:\Pokewitch
2012-04-11 14:21 . 2012-04-11 14:21 -------- d-----w- c:\program files\Microsoft.NET
2012-04-11 13:34 . 2012-04-11 13:34 -------- d-----w- c:\windows\system32\scripting
2012-04-11 13:34 . 2012-04-11 13:34 -------- d-----w- c:\windows\l2schemas
2012-04-11 13:34 . 2012-04-11 13:34 -------- d-----w- c:\windows\system32\en
2012-04-11 13:34 . 2012-04-11 13:34 -------- d-----w- c:\windows\system32\bits
2012-04-11 13:18 . 2012-04-11 13:18 -------- d-----w- c:\windows\EHome
2012-04-11 12:31 . 2012-04-11 12:31 -------- d-----w- C:\ProcAlyzer Dumps
2012-04-11 12:05 . 2012-04-11 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-04-11 12:05 . 2009-01-25 11:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-04-11 12:05 . 2012-04-11 18:13 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-04-11 11:47 . 2012-04-11 11:47 -------- d-----w- c:\program files\0xRH
2012-04-10 20:12 . 2012-04-10 20:12 -------- d--h--w- c:\windows\PIF
2012-04-10 20:06 . 2012-05-01 14:29 -------- dc----w- c:\documents and settings\Chriz\Local Settings\Application Data\jrdqxmro
2012-04-10 17:03 . 2012-04-10 17:04 -------- dc----w- c:\documents and settings\Chriz\Application Data\SecondLife
2012-04-10 17:03 . 2012-04-10 17:12 -------- dc----w- c:\documents and settings\Chriz\Local Settings\Application Data\SecondLife
2012-04-10 17:02 . 2012-04-10 20:37 -------- d-----w- c:\program files\SecondLifeViewer
2012-04-10 15:29 . 2012-04-10 15:29 -------- d-----w- c:\program files\Rockstar Games
2012-04-10 13:09 . 2012-04-10 13:09 42592 ----a-w- c:\windows\system32\drivers\libusb0.sys
2012-04-10 13:08 . 2011-08-05 15:44 67680 ----a-w- c:\windows\system32\libusb0.dll
2012-04-10 13:08 . 2012-04-10 20:37 -------- d-----w- c:\program files\SixaxisPairTool
2012-04-10 11:15 . 2012-04-11 13:29 -------- d-----w- c:\windows\ServicePackFiles
2012-04-10 11:13 . 2012-04-10 11:13 -------- d-----w- c:\program files\MSXML 4.0
2012-04-09 18:12 . 2012-04-10 20:18 -------- d-----w- c:\program files\7-Zip
2012-04-09 17:25 . 2007-01-13 08:45 172032 ----a-w- c:\windows\system32\igfxres.dll
2012-04-09 17:19 . 2012-04-09 17:19 -------- d-----w- C:\Intel
2012-04-09 17:18 . 2012-04-09 17:18 -------- d-----w- c:\program files\SystemRequirementsLab
2012-04-09 17:18 . 2012-04-09 17:18 -------- dc----w- c:\documents and settings\Chriz\Application Data\SystemRequirementsLab
2012-04-09 17:18 . 2012-04-09 17:18 -------- d-----w- c:\windows\Sun
2012-04-09 16:49 . 2012-04-09 16:49 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-04-09 16:32 . 2004-08-03 21:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2012-04-09 16:29 . 2012-04-25 09:53 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-09 16:29 . 2012-04-25 09:53 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-09 16:22 . 2012-04-09 18:27 -------- d-----w- c:\program files\EA GAMES
2012-04-09 16:22 . 2008-03-13 01:10 445504 ----a-r- c:\windows\system32\vp6vfw.dll
2012-04-09 16:17 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2012-04-09 16:17 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-04-09 16:15 . 2011-02-17 13:18 357888 -c----w- c:\windows\system32\dllcache\srv.sys
2012-04-09 16:14 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-04-09 16:14 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-04-09 16:14 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-04-09 16:12 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2012-04-09 16:11 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2012-04-09 16:10 . 2009-06-10 08:19 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
2012-04-09 16:10 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2012-04-09 16:09 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-04-09 16:09 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2012-04-09 16:09 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2012-04-09 15:39 . 2010-06-14 07:41 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2012-04-08 22:50 . 2012-04-08 22:50 -------- d-----w- c:\windows\system32\LogFiles
2012-04-08 14:36 . 2012-04-10 15:21 -------- d-----w- C:\Bit Torrent Complete
2012-04-08 14:36 . 2012-04-23 18:53 -------- d-----w- C:\Bit Torrent Incomplete
2012-04-08 14:32 . 2012-04-08 14:32 -------- d-----w- c:\program files\Yontoo
2012-04-08 14:32 . 2012-04-11 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2012-04-08 14:32 . 2012-04-08 14:32 -------- d-----w- c:\program files\BitTorrent
2012-04-08 14:32 . 2012-04-28 19:17 -------- dc----w- c:\documents and settings\Chriz\Application Data\BitTorrent
2012-04-08 14:31 . 2012-04-08 14:31 -------- dc----w- c:\documents and settings\Chriz\Local Settings\Application Data\Mozilla
2012-04-08 13:55 . 2004-08-04 19:00 126976 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-29 14:10 . 2005-04-25 23:06 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2005-04-25 23:05 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-03 09:22 . 2005-04-25 23:06 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-04-29 06:52 . 2012-04-08 14:31 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RxuGimbb"="c:\documents and settings\Chriz\Local Settings\Application Data\jrdqxmro\rxugimbb.exe" [2012-05-01 99532]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-03-15 966656]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-12 61952]
"Mixersel"="c:\program files\Realtek\InstallShield\mixersel.exe" [2003-11-10 369664]
"CHotkey"="zHotkey.exe" [2005-05-03 543232]
"SoundMan"="SOUNDMAN.EXE" [2004-10-21 77824]
"AlcWzrd"="ALCWZRD.EXE" [2004-10-21 2744832]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 135214]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-02-07 3865504]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-03-16 738944]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-03-19 73360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Chriz\Start Menu\Programs\Startup\
rxugimbb.exe [2012-4-10 99532]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\documents and settings\Chriz\Local Settings\Application Data\jrdqxmro\rxugimbb.exe"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe"
"RxuGimbb"=c:\documents and settings\Chriz\Local Settings\Application Data\jrdqxmro\rxugimbb.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AOLDialer"=c:\program files\Common Files\AOL\ACS\AOLDial.exe
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
"D-Link AirPlus G"=c:\program files\D-Link\AirPlus G\AirGCFG.exe
"MCAgentExe"=c:\progra~1\mcafee.com\agent\mcagent.exe
"MCUpdateExe"=c:\progra~1\mcafee.com\agent\McUpdate.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"RealTray"=c:\program files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"VirusScan Online"=c:\progra~1\mcafee.com\vso\mcvsshld.exe
"VSOCheckTask"="c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [16/03/2012 5:06 PM 27016]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [16/03/2012 5:07 PM 497280]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25/06/2010 6:07 PM 35088]
R3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [09/09/2005 12:12 PM 23296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [09/04/2012 5:29 PM 253088]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [23/04/2012 11:51 AM 25728]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [02/06/2011 11:08 AM 11336]
S3 libusb0;libusb-win32 - Kernel Driver 04/10/2012 0.0.0.0;c:\windows\system32\drivers\libusb0.sys [10/04/2012 2:09 PM 42592]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [29/04/2012 7:52 AM 129976]
S3 NETGEAR NETGEAR MA101 USB Adapter(R);NETGEAR NETGEAR MA101 USB Adapter(R) Service for NETGEAR MA101 USB Adapter;c:\windows\system32\drivers\ma1012kr.sys [22/01/2006 5:40 PM 85888]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [17/04/2006 10:08 PM 152576]
S3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [11/04/2012 1:05 PM 1181104]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [11/04/2012 1:05 PM 1185704]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MICORSOFT_WINDOWS_SERVICE
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 09:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Chriz\Application Data\Mozilla\Firefox\Profiles\1mtmw7l3.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: extentions.y2layers.installId - 8f217ba7-cb5f-48e4-85d2-97c9dfd2ce6b
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-Scooby-Doo(TM), Showdown in Ghost Town(TM) - c:\program files\The Learning Company\Scooby-Doo(TM)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-05-01 15:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(676)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(732)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(3764)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\mcafee.com\vso\mcvsrte.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\zHotkey.exe
c:\windows\SOUNDMAN.EXE
c:\windows\ALCWZRD.EXE
c:\windows\system32\wdfmgr.exe
c:\progra~1\mcafee.com\vso\mcshield.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-05-01 15:46:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-01 14:46
.
Pre-Run: 44,914,925,568 bytes free
Post-Run: 44,852,813,824 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30
.
- - End Of File - - A3703EBBD781CEDE71ED885484B694BB
jparish1986 is offline  
Old 05-01-2012, 08:25 PM   #9
Security Team
Analyst
 
RPMcMurphy's Avatar
 
Join Date: Dec 2009
Location: Michigan
Posts: 2,045
OS: Windows Vista / Win 7



Please do this next:

Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above https://

Code:
https://www.techsupportforum.com/forums/f50/cant-access-anti-virus-sites-or-microsoft-642886.html
Collect::
c:\documents and settings\Chriz\Local Settings\Application Data\jrdqxmro\rxugimbb.exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RxuGimbb"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
File::
c:\documents and settings\Chriz\Start Menu\Programs\Startup\rxugimbb.exe
Folder::
c:\documents and settings\Chriz\Local Settings\Application Data\jrdqxmro
Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.




This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Be sure that everything else is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post the results.
Please include the following in your next post:
  • ComboFix log
  • MBAM log
__________________


ASAP & UNITE Member
RPMcMurphy is offline  
Old 05-02-2012, 12:58 PM   #10
Registered Member
 
Join Date: Apr 2012
Posts: 6
OS: xp



Here are the logs.

But I know have a new problem after using that script, Windows Explorer keeps crashing when I open any folder.
Attached Files
File Type: txt combofix log.txt (99.1 KB, 17 views)
File Type: txt mbam-log-2012-05-02 (18-56-13).txt (2.9 KB, 10 views)
jparish1986 is offline  
Old 05-02-2012, 08:51 PM   #11
Security Team
Analyst
 
RPMcMurphy's Avatar
 
Join Date: Dec 2009
Location: Michigan
Posts: 2,045
OS: Windows Vista / Win 7



Please do this next:

Please follow these instructions to run System File Checker:
  • Click Start > Run or press the Windows Key + R, and enter the following command into the run box and click OK:
sfc /scannow
Quote:
sfc<space>/scannow
Go to thisLINK to run an online scannner from ESET.
  • Note: For browsers other than Internet Explorer, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If you are using Internet Explorer, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Please include the following in your next post:
  • Let me know is SFC turned anything up
  • ESET log
__________________


ASAP & UNITE Member
RPMcMurphy is offline  
Old 05-10-2012, 12:38 AM   #12
TSF-Emeritus
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum
__________________

amateur is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 06:33 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts