Login | Live Chat & Podcast at 1:00PM Eastern on Sunday! |
 Search | |
| |
09-Aug-2008, 02:30 PM
#1 | |||||
| Solved: HELP! Malware badly lagging my internet! |
| |
11-Aug-2008, 01:22 PM
#4 | |||||
| First of all thanks for your reply. However I couldn't get combofix to work. (It always stalls right after the loading bar is done and when it supposed to display the cmd screen). Am I doing something wrong? please help me. This malware is causing my internet lots of problems  |
13-Aug-2008, 12:06 AM
#10 | |||||
| Hi again. Just got combofix up and working  (had to uninstall spyware doctor in the process). So here's the combofix log ComboFix 08-08-11.01 - user 2008-08-13 10:59:46.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2709 [GMT 8:00] Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\nvcidtns.ini C:\WINDOWS\system32\pskill.exe C:\WINDOWS\system32\xlbcocac.ini . ((((((((((((((((((((((((( Files Created from 2008-07-13 to 2008-08-13 ))))))))))))))))))))))))))))))) . 2008-08-13 10:43 . 2008-08-13 10:43 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-13 10:43 . 2008-08-13 10:43 <DIR> d-------- C:\Documents and Settings\user\Application Data\Malwarebytes 2008-08-13 10:43 . 2008-08-13 10:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-13 10:43 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-13 10:43 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-10 01:28 . 2008-08-10 01:28 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-10 01:23 . 2008-08-10 01:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-08-10 01:06 . 2008-08-10 01:08 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-08-10 01:06 . 2008-08-10 01:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-10 01:02 . 2008-08-10 01:02 24 --a------ C:\Documents and Settings\user\mylist.dat 2008-08-10 00:11 . 2008-08-10 00:12 <DIR> d-------- C:\Documents and Settings\user\Application Data\OSI 2008-08-09 20:58 . 2008-08-09 20:58 <DIR> d-------- C:\Documents and Settings\Administrator.USERS-BD95437B7 2008-08-09 20:44 . 2008-08-09 20:44 <DIR> d-------- C:\Program Files\CCleaner 2008-08-09 20:11 . 2008-08-10 01:36 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-07-31 22:10 . 2008-07-31 22:10 <DIR> d-------- C:\Program Files\fanboi 2008-07-26 00:07 . 2008-07-26 00:07 <DIR> d-------- C:\Program Files\Teamspeak2_RC2 2008-07-26 00:07 . 2008-07-26 00:07 <DIR> d-------- C:\Documents and Settings\user\Application Data\teamspeak2 2008-07-26 00:07 . 2008-07-26 00:07 34,064 --a------ C:\WINDOWS\system32\lhacm.acm 2008-07-16 23:31 . 2008-07-16 23:31 <DIR> d-------- C:\Program Files\NetworkDLS 2008-07-16 23:29 . 2008-07-16 23:31 <DIR> d-------- C:\Program Files\CPU Speed Pro . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-12 10:02 --------- d-----w C:\Program Files\ESET 2008-08-10 04:10 --------- d-----w C:\Documents and Settings\user\Application Data\uTorrent 2008-08-09 16:52 --------- d-----w C:\Program Files\Advanced System Optimizer 2008-08-09 16:11 --------- d-----w C:\Documents and Settings\user\Application Data\Free Download Manager 2008-08-09 14:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-07-30 09:37 --------- d-----w C:\Documents and Settings\user\Application Data\LimeWire 2008-07-20 14:43 --------- d-----w C:\Program Files\SpeedFan 2008-07-12 03:14 --------- d-----w C:\Program Files\Tudou 2008-07-09 12:58 --------- d-----w C:\Program Files\Veoh Networks 2008-07-08 07:20 --------- d-----w C:\Program Files\Diskeeper Corporation 2008-07-08 07:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation 2008-07-04 06:24 --------- d-----w C:\Program Files\RivaTuner v2.09 2008-07-03 18:15 --------- d-----w C:\Program Files\Driver Sweeper 2008-07-02 15:07 --------- d-----w C:\Program Files\Common Files\Nero 2008-07-02 15:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-06-27 15:58 --------- d-----w C:\Program Files\Common Files\Adobe 2008-06-27 12:54 --------- d-----w C:\Documents and Settings\user\Application Data\FontCreator 2008-06-27 12:35 --------- d-----w C:\Program Files\High-Logic 2008-06-27 12:14 --------- d-----w C:\Documents and Settings\user\Application Data\Free&Easy Font Viewer 2008-06-24 15:37 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-06-24 15:37 --------- d-----w C:\Documents and Settings\user\Application Data\SystemRequirementsLab 2008-06-24 15:11 --------- d-----w C:\Program Files\ACW 2008-06-21 12:28 --------- d-----w C:\Program Files\Magic Video Converter 2008-06-21 12:23 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-21 12:23 --------- d-----w C:\Program Files\Ulead Systems 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-18 15:56 --------- d-----w C:\Program Files\VeryPDF PDF2Word v2.0 2008-06-17 16:08 --------- d-----w C:\Program Files\Cheat Engine 2008-06-17 06:58 --------- d-----w C:\Program Files\OCCT 2008-06-16 14:45 --------- d-----w C:\Program Files\QT Lite 2008-06-16 14:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-05-31 11:51 22,328 ----a-w C:\Documents and Settings\user\Application Data\PnkBstrK.sys 2008-05-31 11:47 103,736 ----a-w C:\Documents and Settings\user\Application Data\PnkBstrB.exe 2008-05-31 11:46 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe 2008-05-31 11:46 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-05-31 11:46 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-05-30 06:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll 2008-05-30 06:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll 2008-05-30 06:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll 2008-05-30 06:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll 2008-05-30 06:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll 2008-05-30 06:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll 2008-05-30 06:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll 2008-05-26 02:20 143,104 ----a-w C:\WINDOWS\system32\guard32.dll 2008-05-16 03:48 446,464 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2006-02-28 12:00 94,784 --sh--w C:\WINDOWS\twain.dll 2006-02-28 12:00 50,688 --sh--w C:\WINDOWS\twain_32.dll 2006-02-28 12:00 1,028,096 --sh--w C:\WINDOWS\system32\mfc42.dll 2006-02-28 12:00 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll 2006-02-28 12:00 413,696 --sh--w C:\WINDOWS\system32\msvcp60.dll 2006-02-28 12:00 343,040 --sh--w C:\WINDOWS\system32\msvcrt.dll 2007-12-04 18:38 550,912 --sh--w C:\WINDOWS\system32\oleaut32.dll 2006-02-28 12:00 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll 2006-02-28 12:00 11,776 --sh--w C:\WINDOWS\system32\regsvr32.exe . ------- Sigcheck ------- 2007-06-13 18:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\explorer.exe 2007-06-13 19:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2006-02-28 20:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2007-06-13 18:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\system32\dllcache\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C514A4E5-E889-4CA8-BE28-CAC7E19F25FE}] 2008-08-10 00:12 274432 --a------ C:\Documents and Settings\user\Application Data\OSI\dlls\EFOToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{AB26BF6C-BB04-4F00-8F98-BDE786CDE97D}"= "C:\Documents and Settings\user\Application Data\OSI\dlls\EFOToolbar.dll" [2008-08-10 00:12 274432] [HKEY_CLASSES_ROOT\clsid\{ab26bf6c-bb04-4f00-8f98-bde786cde97d}] [HKEY_CLASSES_ROOT\EFOToolbar.EFOObj.1] [HKEY_CLASSES_ROOT\TypeLib\{668611E3-7EC2-44EF-BF11-2D814E19FAA3}] [HKEY_CLASSES_ROOT\EFOToolbar.EFOObj] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{AB26BF6C-BB04-4F00-8F98-BDE786CDE97D}"= "C:\Documents and Settings\user\Application Data\OSI\dlls\EFOToolbar.dll" [2008-08-10 00:12 274432] [HKEY_CLASSES_ROOT\clsid\{ab26bf6c-bb04-4f00-8f98-bde786cde97d}] [HKEY_CLASSES_ROOT\EFOToolbar.EFOObj.1] [HKEY_CLASSES_ROOT\TypeLib\{668611E3-7EC2-44EF-BF11-2D814E19FAA3}] [HKEY_CLASSES_ROOT\EFOToolbar.EFOObj] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-12-13 19:10 103720] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 20:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43 57344] "SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06 45056] "COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-05-31 11:47 1655552] "CTDVDDET"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2003-06-18 01:00 45056] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136] "RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.09\RivaTuner.exe" [2008-04-29 02:25 2707456] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explo rer] "AllowLegacyWebView"= 1 (0x1) "AllowUnhashedWebView"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "D:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "C:\\Nexon\\KartRider\\NMService.exe"= "C:\\Program Files\\Counter-Strike 1.6\\hl.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "C:\\Program Files\\COMODO\\Firewall\\cmdagent.exe"= "C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"= "C:\\Program Files\\Cisco Systems\\VPN Client\\cvpnd.exe"= "C:\\Program Files\\COMODO\\Firewall\\cfp.exe"= "C:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE"= "C:\\WINDOWS\\system32\\winlogon.exe"= "C:\\WINDOWS\\system32\\lsass.exe"= "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\Polish\\setup.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"= "C:\\Program Files\\Creative\\SBAudigy2\\Surround Mixer\\CTSysVol.exe"= "C:\\WINDOWS\\system32\\spoolsv.exe"= "C:\\WINDOWS\\system32\\taskmgr.exe"= "C:\\WINDOWS\\system32\\imapi.exe"= "C:\\Program Files\\Windows Live\\Messenger\\usnsvc.exe"= R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-05-26 10:20] R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-05-26 10:20] S2 FanSpeedNT Service;FanSpeedNT Service;C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX00.094\fanspeedNT.exe [] S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX00.766\kerneld.wnt [] S3 fspio;fspio;C:\WINDOWS\system32\drivers\fspio.sys [2001-03-08 17:10] S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [] S3 WinRing0_1_0_1;WinRing0_1_0_1;C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX00.593\W inRing0.sys [] S3 XDva037;XDva037;C:\WINDOWS\system32\XDva037.sys [] S3 XDva104;XDva104;C:\WINDOWS\system32\XDva104.sys [] *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-08-07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57] 2007-11-04 C:\WINDOWS\Tasks\Uniblue SpyEraser.job - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe [2008-04-02 09:50] . - - - - ORPHANS REMOVED - - - - BHO-{10A42D1D-B661-43D6-9A6F-43926EA10DA8} - C:\WINDOWS\system32\radafipi.dll . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\6j3ruqoe.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US  fficialFF -: plugin - C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll FF -: plugin - D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-13 11:01:57 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver] "ImagePath"="\??\C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX00.766\kerneld.wn t" . Completion time: 2008-08-13 11:02:54 ComboFix-quarantined-files.txt 2008-08-13 03:02:52 Pre-Run: 23,442,284,544 bytes free Post-Run: 23,453,364,224 bytes free 218 --- E O F --- 2008-08-01 14:01:35 And another copy of the hijack log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:05:36 AM, on 8/13/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchsave.com/index.php?sm=home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9415/tudouva.pac R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: BrowserHelperEFO Class - {C514A4E5-E889-4CA8-BE28-CAC7E19F25FE} - C:\Documents and Settings\user\Application Data\OSI\dlls\EFOToolbar.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O3 - Toolbar: EFOToolbar - {AB26BF6C-BB04-4F00-8F98-BDE786CDE97D} - C:\Documents and Settings\user\Application Data\OSI\dlls\EFOToolbar.dll O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.09\RivaTuner.exe" /S O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [mawiguredu] Rundll32.exe "C:\WINDOWS\system32\baborefe.dll",s (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [mawiguredu] Rundll32.exe "C:\WINDOWS\system32\baborefe.dll",s (User 'NETWORK SERVICE') O8 - Extra context menu item: &3D Satellite Search - res://C:\Documents and Settings\user\Application Data\OSI\dlls\EFOToolbar.dll/GoSatteliteSearch.dll.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: S&earchSave Web Search - res://C:\Documents and Settings\user\Application Data\OSI\dlls\EFOToolbar.dll/GoWebSearch.dll.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1194153140750 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1194177411859 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{479D6E63-813F-480B-98B9-9E45982AB063}: NameServer = 165.21.100.88 165.21.83.88 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe O23 - Service: FanSpeedNT Service - Unknown owner - C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX00.094\fanspeedNT.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 8110 bytes |
13-Aug-2008, 12:51 PM
#13 | ||||||
| Ok. Little known about it that I could find.  Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systemsUpgrading Java:
Are you having any problems now? |
13-Aug-2008, 01:16 PM
#15 | ||||||
| Great! You're welcome! Follow these steps to uninstall Combofix and tools used in the removal of malware
It's a good idea to Flush your System Restore after removing malware. Turn off system restore, restart the machine and then turn it back on. For help with XP visit: How to turn off and turn on System Restore in Windows XP That will purge the restore folder and clear any malware that has accumulated there. Now you should Clean up your PC Here are some additional links for you to check out to help you with your computer security. How did I get infected in the first place. Secunia software inspector & update checker Good free tools and advice on how to tighten your security settings. |
 |
| |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| |
| You Are Using:  |
Advertisements do not imply our endorsement of that product or service. All times are GMT -4. The time now is 05:17 PM. Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved. |  |
Facebook
Twitter
TechGuy.tv
TSG Mobile