Thread: Problems after a virus/malware. please help
View Single Post

  #7  
Old 09-25-2007, 02:36 PM
matt_coates Offline
Registered User
  
Join Date: Sep 2007
Posts: 12
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 9755 bytes

Combo Fix Report:

ComboFix 07-09-26 - Matt 2007-09-25 19:30:53.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1487 [GMT 1:00]
Running from: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\I5BCLC76\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Hotbar
C:\WINDOWS\system32\fo-remove.exe
C:\WINDOWS\system32\nse412.dll
C:\WINDOWS\system32\UpMedia
C:\WINDOWS\system32\UpMedia\uninstallSE.exe

.
((((((((((((((((((((((((( Files Created from 2007-08-25 to 2007-09-25 )))))))))))))))))))))))))))))))
.

2007-09-25 19:30 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-25 17:55 3,830 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-25 17:53 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-09-25 17:53 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-25 17:53 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-09-25 17:53 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-25 01:46 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-08 19:31 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\ArcSoft
2007-09-08 19:21 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Google
2007-08-26 08:47 <DIR> d-------- C:\Program Files\PCFriendly

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-09-25 19:30 --------- d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-09-25 01:47 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-24 20:02 --------- d-------- C:\Program Files\Norton SystemWorks Basic Edition
2007-09-17 11:13 --------- d-------- C:\Program Files\Full Tilt Poker
2007-08-22 09:42 --------- d-------- C:\Program Files\Sheffield United - DNA
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-18 07:22]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [2006-05-18 15:26]
"Gainward"="C:\Program Files\Vtune\TBPanel.exe" [2006-09-13 11:16]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 14:43]
"nwiz"="nwiz.exe" [2006-08-11 14:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-08-11 14:43 C:\WINDOWS\system32\nvmctray.dll]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 04:01]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 12:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-11-06 09:27]
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 20:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-06-15 12:36]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 06:59]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 08:11]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 13:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-24 22:59]
"WhenUSave"="C:\Program Files\Save\Save.exe" []
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]

C:\Documents and Settings\Matt\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2006-08-22 16:45:55]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
"NoViewOnDrive"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoFolderOptions"=0 (0x0)

R0 SI3132;SiI-3132 SATALink Controller;C:\WINDOWS\system32\DRIVERS\SI3132.sys
R2 BCMNTIO;BCMNTIO;\??\C:\PROGRA~1\CheckIt\DIAGNO~1\B CMNTIO.sys
R2 Belkin Wireless USB Network Adapter Service;Belkin Wireless USB Network Adapter;C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
R2 MAPMEM;MAPMEM;\??\C:\PROGRA~1\CheckIt\DIAGNO~1\MAP MEM.sys
R2 TBPanel;TBPanel;C:\WINDOWS\system32\drivers\TBPane l.sys
R3 ADIDTSFiltService;ADI DTS Filter Service;C:\WINDOWS\system32\drivers\adidts.sys
R3 NPDriver;Norton UnErase Protection Driver;\??\C:\WINDOWS\system32\Drivers\NPDRIVER.SY S
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys
S3 Cardex;Cardex;\??\C:\WINDOWS\system32\drivers\TBPA NEL.SYS
S3 SDdriver;SDdriver;\??\C:\WINDOWS\system32\Drivers\ sddriver.sys


[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\K]
AutoRun\command- K:\LaunchU3.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-09-25 16:01:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-09-24 19:00:01 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Matt.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
"2007-09-24 19:02:13 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
.
************************************************** ************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-26 20:19:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

************************************************** ************************
.
Completion time: 2007-09-26 20:23:34 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-26 20:23
.
--- E O F ---
Reply With Quote