I think I have a virus...?

Hi, I'm not very experienced in computer tech support, but lately I've been getting random pop-ups when I open Firefox. I have ComboFix, Ad-Aware SE, and Spybot S&D. When I run Spybot, it'll recover a few problems, but most of them say that there was an error and won't let me remove anything. Ad-Aware has yet to finish a full scan, and sometimes I'll get an error saying that my computer may be unprotected and have a virus in my lower right taskbar. Any ideas?

ComboFix:
ComboFix 09-04-25.A3 - Owner 04/26/2009 7:20.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.782 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\system32\drivers\ovfsthmuflpjewgevdpqdqpkxmyxirshhykvvn.sys
c:\windows\system32\hinuhilu.dll
c:\windows\system32\jejobadi.exe
c:\windows\system32\ovfsthginykyuywngqkjpwuxtivamraggmhocr.dat
c:\windows\system32\ovfsthkoepansblllnrygpxxnbwrntfblmkymr.dll
c:\windows\system32\ovfsthsmqwlbkilovjmksifslwvfjkvmrtswdg.dat
c:\windows\system32\ovfsthvdoikosrabxgfyvkkssqewpsonrwntvf.dll
c:\windows\system32\ovfsthxojvdprokmbvjubvsqinkwkvscigthba.dll
c:\windows\system32\umezimiv.ini

----- BITS: Possible infected sites -----

hxxp://83.149.105.228
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthecfumhfuyxewqqhxdpxwbpjxtetjlkib

((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-4-26 )))))))))))))))))))))))))))))))
.

2009-04-26 14:32 . 2009-04-26 14:32 -------- d-----w c:\program files\Jcore
2009-04-26 05:12 . 2009-04-26 05:12 326 ----a-w c:\windows\wininit.ini
2009-04-26 04:13 . 2009-04-26 04:16 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-26 04:13 . 2009-04-26 04:16 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-26 01:16 . 2009-04-26 02:18 61440 ----a-w c:\windows\system32\ftp_non_crp.exe
2009-04-25 17:48 . 2009-04-25 17:48 63 ----a-w c:\windows\mdm.ini
2009-04-25 15:47 . 2009-04-25 15:47 -------- d-----w c:\documents and settings\Owner\Application Data\pidle
2009-04-25 15:46 . 2009-04-25 15:46 182911 ----a-w c:\windows\system32\prnet.tmp
2009-04-20 21:00 . 2009-04-20 21:02 -------- d-----w c:\program files\CDisplayEx
2009-04-19 03:16 . 2009-04-19 03:15 286720 ----a-w c:\windows\iun507.exe
2009-04-19 03:16 . 2009-04-19 03:16 -------- d-----w c:\program files\Cherry Dolls
2009-04-10 03:36 . 2009-04-10 03:37 -------- d-----w c:\program files\QuickTime
2009-04-10 03:36 . 2009-04-10 03:36 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-05 14:58 . 2009-04-05 14:58 -------- d-----w C:\79605178d27d23d27148
2009-04-05 14:35 . 2009-04-17 02:52 197 ----a-w c:\windows\system32\MRT.INI
2009-04-05 14:35 . 2009-04-05 14:34 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-05 03:35 . 2009-04-05 03:35 -------- d-----w c:\program files\Realtek AC97

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 14:31 . 2008-10-05 04:30 -------- d-----w c:\program files\Steam
2009-04-26 03:52 . 2009-01-26 03:52 50688 --sha-w c:\windows\system32\metefovu.exe
2009-04-25 15:35 . 2008-10-01 04:33 32408 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-21 02:29 . 2008-10-17 04:10 -------- d-----w c:\documents and settings\Owner\Application Data\uTorrent
2009-04-05 14:34 . 2008-09-30 14:46 -------- d-----w c:\program files\Java
2009-04-05 14:31 . 2008-10-11 20:43 -------- d-----w c:\program files\Hero Editor
2009-04-05 03:36 . 2008-10-02 03:40 32 ----a-w C:\ALCSetup.log
2009-03-21 14:32 . 2009-03-21 14:28 -------- d-----w c:\program files\Canon
2009-03-21 14:29 . 2009-03-21 14:29 -------- d--h--w c:\documents and settings\All Users\Application Data\CanonBJ
2009-03-21 14:27 . 2009-03-21 14:27 -------- d--h--w c:\program files\CanonBJ
2009-03-06 14:44 . 2006-02-28 12:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-02 19:28 . 2009-03-02 19:28 -------- d-----w c:\program files\Common Files\logishrd
2009-02-20 08:30 . 2006-02-28 12:00 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-20 08:30 . 2006-02-28 12:00 659456 ----a-w c:\windows\system32\wininet.dll
2009-02-09 10:20 . 2006-02-28 12:00 723456 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2006-02-28 12:00 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2006-02-28 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:20 . 2006-02-28 12:00 616960 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:19 . 2006-02-28 12:00 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-06 17:22 . 2006-02-28 12:00 2136064 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 17:14 . 2006-02-28 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 16:54 . 2006-02-28 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 16:49 . 2004-08-03 22:59 2015744 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 2006-02-28 12:00 55808 ----a-w c:\windows\system32\secur32.dll
2008-10-31 22:35 . 2008-10-31 22:35 0 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
2007-01-21 07:22 . 2008-10-02 02:40 1782 ----a-w c:\program files\illusion.reg
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D88E1558-7C2D-407A-953A-C044F5607CEA}]
2009-04-26 14:32 135168 ----a-w c:\program files\Jcore\Jcore2.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]
"Steam"="c:\program files\Steam\Steam.exe" [2008-10-08 1410296]
"prnet"="c:\windows\system32\prnet.tmp" [2009-04-25 182911]
"pidle"="c:\documents and settings\Owner\Application Data\pidle\pidle.exe" [2009-04-25 56832]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-10-18 135168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-05 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-07-17 64000]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-22 185872]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"prnet"="c:\windows\system32\prnet.tmp" [2009-04-25 182911]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-03-01 577536]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
run_startmenu.cmd [2004-10-11 45]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Steam\\SteamApps\\quigt\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

R3 PciCon;PciCon; [x]
S0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\DRIVERS\xfilt.sys [2006-02-23 11264]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2005-03-16 13696]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5b43347-9025-11dd-a8f6-0019216c8848}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{3bdee393-06b4-43d5-99be-734ed8f4079b} - c:\windows\system32\hefamalo.dll
HKLM-Run-CPM7383555a - c:\windows\system32\disenaku.dll
HKLM-Run-70b066c6 - c:\windows\system32\vimizemu.dll
HKLM-Run-gimusimobi - c:\windows\system32\yiwuyipa.dll
SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\disenaku.dll

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.emachines.com/
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\zq28vg3l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-26 07:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1392)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-04-26 7:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-26 14:36
ComboFix2.txt 2009-04-06 23:54
ComboFix3.txt 2009-04-05 21:20

Pre-Run: 7,616,372,736 bytes free
Post-Run: 7,660,507,136 bytes free

176 --- E O F --- 2009-04-17 02:52

#1
RedDanger

Posted 27 April 2009 - 04:33 AM

Advertisements

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us