Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Malware Problem


  • Please log in to reply
1 reply to this topic

#1 sparda101

sparda101

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 04 March 2008 - 06:50 PM

Hi guys, have recently been developing several problems with my system, most common issue being that my mouse cursor starts behaving erratically and if I'm watching a DVD starts jumping and audio gets scrambled, using the internet gets quite frustrating as that too becomes quite temperamental, I'm also occasionally getting my computer suddenly shutting down on me, now I've already checked for any possible hardware faults, and have already run all my problem checking software and come up with nothing, these are the utilities I use:
AVG
Ad-Aware
CCleaner
Windows Defender

Have since run ComboFix as that seemed to resolve the issue last time it happened, but it doesn't seem to have worked this time and I was hoping someone here might be able to spot something from the log:

ComboFix 08-03-04.4 - Compaq_Owner 2008-03-04 23:22:08.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1394 [GMT 0:00]
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-02-04 to 2008-03-04 )))))))))))))))))))))))))))))))
.

2008-03-04 13:54 . 2008-03-04 13:54 <DIR> d-------- C:\Program Files\Axon Data
2008-03-02 22:10 . 2008-03-04 13:27 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\GanymedeNet
2008-03-02 20:46 . 2008-03-02 20:46 <DIR> d-------- C:\Program Files\Common Files\EasyInfo
2008-03-01 13:49 . 2008-03-01 13:49 565,170 --a------ C:\WINDOWS\system32\large.bnk
2008-03-01 13:49 . 2008-03-01 13:49 278,528 --a------ C:\WINDOWS\system32\livesnth.dll
2008-03-01 13:49 . 2008-03-01 13:49 203,776 --a------ C:\WINDOWS\system32\clrviddc.dll
2008-03-01 06:22 . 2008-03-01 06:22 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-01 06:22 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-03-01 06:21 . 2008-03-01 06:21 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-03-01 06:21 . 2008-03-01 06:21 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-03-01 06:17 . 2008-03-01 06:22 <DIR> d-------- C:\Program Files\Windows Live
2008-03-01 06:17 . 2008-03-01 06:20 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-01 06:17 . 2008-03-01 06:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-28 20:07 . 2008-02-28 20:07 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2008-02-26 23:46 . 2008-02-26 23:46 <DIR> d-------- C:\Program Files\Veoh Networks
2008-02-25 17:06 . 2008-03-04 17:44 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\My Battle for Middle-earth Files
2008-02-25 15:27 . 2008-02-25 15:27 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-02-25 15:27 . 2008-02-25 15:27 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-02-25 13:03 . 2008-02-25 13:03 <DIR> d-------- C:\Program Files\Common Files\UDL
2008-02-25 13:03 . 2002-10-23 01:00 131,072 -ra------ C:\WINDOWS\system32\Epcmlib.dll
2008-02-25 13:01 . 2008-02-25 13:04 <DIR> d-------- C:\Program Files\EPSON
2008-02-25 13:01 . 2003-02-19 01:04 72,825 --a------ C:\WINDOWS\system32\EBPMON24.DLL
2008-02-25 13:01 . 2003-05-21 02:25 63,488 --a------ C:\WINDOWS\system32\ECBTEG.DLL
2008-02-25 13:01 . 2000-06-07 01:01 34,304 --a------ C:\WINDOWS\system32\EBPCHP.DLL
2008-02-25 13:01 . 2003-04-10 18:29 31,744 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-02-25 13:01 . 2001-09-04 02:04 182 --a------ C:\WINDOWS\system32\EBPPORT4.DAT
2008-02-25 13:01 . 2008-02-25 13:01 25 --a------ C:\WINDOWS\CDEC64Euro.ini
2008-02-25 12:58 . 2008-02-25 12:58 <DIR> d-------- C:\WINDOWS\EffectResources
2008-02-25 12:58 . 2008-02-25 12:58 <DIR> d-------- C:\WINDOWS\CatRoot
2008-02-25 12:58 . 2008-02-25 12:58 <DIR> d-------- C:\Program Files\Vimicro
2008-02-25 12:58 . 2005-11-30 12:50 392,316 --a------ C:\WINDOWS\system32\drivers\usbVM305.sys
2008-02-25 12:58 . 2000-10-31 12:00 307,200 --a------ C:\WINDOWS\vidcap32.Exe
2008-02-25 12:58 . 2005-08-08 18:22 155,722 --a------ C:\WINDOWS\system32\VM305Prp.Ax
2008-02-25 12:58 . 2005-08-08 16:36 114,688 --a------ C:\WINDOWS\VM305Cap.exe
2008-02-25 12:58 . 2005-08-05 18:36 81,920 --a------ C:\WINDOWS\system32\VM305STI.dll
2008-02-25 12:58 . 2005-08-05 15:15 61,440 --a------ C:\WINDOWS\VM305_STI.EXE
2008-02-25 12:58 . 2005-04-22 08:57 53,248 --a------ C:\WINDOWS\Sti305.exe
2008-02-25 12:58 . 2002-10-16 09:29 49,152 --a------ C:\WINDOWS\amcap.exe
2008-02-21 01:57 . 2008-02-21 01:57 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-02-10 14:02 . 2005-01-14 03:41 11,254 --a------ C:\WINDOWS\system32\locate.com
2008-02-10 14:01 . 2008-02-10 14:02 <DIR> d-------- C:\MGtools
2008-02-10 14:01 . 2008-02-10 14:02 59,438 --a------ C:\MGlogs.zip
2008-02-10 13:46 . 2008-02-10 13:46 1,238,736 --a------ C:\MGtools.exe
2008-02-05 11:47 . 2008-02-05 11:47 268 --ah----- C:\sqmdata03.sqm
2008-02-05 11:47 . 2008-02-05 11:47 244 --ah----- C:\sqmnoopt05.sqm
2008-02-04 10:08 . 2008-02-04 10:08 244 --ah----- C:\sqmnoopt04.sqm
2008-02-04 10:08 . 2008-02-04 10:08 232 --ah----- C:\sqmdata02.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-04 17:09 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\AVG7
2008-03-04 13:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-04 13:27 --------- d-----w C:\Program Files\Xfire
2008-03-04 13:27 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Xfire
2008-02-28 20:07 --------- d-----w C:\Program Files\Steam
2008-02-25 15:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-12 00:07 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\IMVU
2008-02-09 22:53 --------- d-----w C:\Program Files\DivX
2008-02-08 13:45 --------- d-----w C:\Program Files\PKR
2008-01-31 16:24 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-31 16:24 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-31 15:31 --------- d-----w C:\Program Files\Empire Interactive
2008-01-31 13:36 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\SecondLife
2008-01-30 22:45 --------- d-----w C:\Program Files\IMVU
2008-01-30 22:39 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-01-30 17:22 --------- d-----w C:\Program Files\SecondLife
2008-01-28 20:48 --------- d-----w C:\Program Files\Ventrilo
2008-01-28 14:10 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\teamspeak2
2008-01-28 08:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-21 13:05 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-01-21 13:05 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-01-21 13:05 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-01-09 11:18 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-01-09 11:18 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-01-09 11:18 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-01-09 11:18 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-01-03 11:02 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-24 11:27 15,600 ----a-w C:\WINDOWS\gdrv.sys
2007-12-11 19:44 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2006-11-17 23:18 0 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2006-05-01 11:22 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
2006-07-03 17:04 88 --sha-r C:\WINDOWS\system32\A1147025C7.sys
2006-09-06 19:08 3,558 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 23:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-02-22 21:42 3537968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"nwiz"="nwiz.exe" [2007-04-26 07:28 1626112 C:\WINDOWS\system32\nwiz.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 22:17 90112]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 09:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 12:44 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2007-02-06 12:08 1953792]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-28 08:40 579072]
"BigDog305"="C:\WINDOWS\VM305_STI.exe" [2005-08-05 15:15 61440]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-26 07:28 8429568]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-02-08 19:23 180269]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-30 01:34 5419008]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 12:45 36040]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-28 08:40 219136]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\Documents and Settings\Compaq_Owner\My Documents\chris' crap\ClockTimes.html
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"F:\\Program Files\\EA GAMES\\The Battle for Middle-earth ™\\game.dat"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2006-12-20 19:41]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-12-24 11:27]
S3 PciCon;PciCon;E:\PciCon.sys []
S3 ZSMC0305;VIMICRO USB PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys [2005-11-30 12:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{831d1ae2-b20e-11dc-96d8-806d6172696f}]
\Shell\AutoRun\command - E:\Run.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-04 22:44:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-04 20:09:57 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-03-04 23:22:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 23:26:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@?9????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-04 23:26:54
ComboFix-quarantined-files.txt 2008-03-04 23:26:51
ComboFix2.txt 2008-02-10 14:00:09
.
2008-01-28 08:44:54 --- E O F ---


And I'll be running HijackThis tomorrow and will post up the log.

Many Thanks

Chris

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:47 AM

Posted 24 March 2008 - 02:01 PM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.

When posting your logs please post them directly into the reply. Do not attach them.

Thank you for your patience.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users