Jump to content

shakeelared

Members
  • Posts

    7
  • Joined

  • Last visited

Everything posted by shakeelared

  1. ok il run the steps.but im confused a bit about the recovery console thin.do i download it first then disconnect to the internet??since if im not mistaken will require an active connection right?
  2. yeah i managed to get the cd and awaiting the next dtep.thx again for the help.
  3. ok, thx for the info after i have the cd what i do??btw mine is quite outdated(service pack 2 i think) is it ok?
  4. il try to find one, coz my pc hasnt been formatted or disturbed for quite a while now.just a question tho is it safe to use recovery console that combo fix wants to use??
  5. hi, i am 100% sure im infected the litinika.dll malware.so being the usual panic pc user i searched for a soln here and there and tried some things. 1st i tried tho was combofix.im not sure what version but deleted some stuff and every thing seems fine but after some tme its back.after running the combofix for a few times i gave up as the problem still persisted. so i turned to mbam.but after installing it i had the problems stated in the "Procedures to help resolve issues preventing MBAM from running".(since i didnt knew it was the malware thats does this before joining here).i simply uninstalled the mbam and tried other soln wch is deleting the quarantine folder of combofix and downloaded the latest version of combofix, run the thing again and up to now every thing looks fine. so now i have downloaded a new version of mbam but im not sure whether to install it or not since i dont know if my pc is free from the malicious programs. i dont have hjt, and havent done any other steps but the above.im also posting the combofix log. .another burning question i have is is it safe to delete the "quarantine folder" of combofix??if i delete it does the contents in it will exploit the features of TuneUp utility called "tuneUp undelete" and come back?? i really am not sure if my system is free or not an am in need of help thank you in advance. combofix log: ComboFix 10-01-23.05 - Mafia 01/24/2010 17:06:12.4.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2711 [GMT 8:00] Running from: c:\documents and settings\Mafia\My Documents\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\bebuviza.dll c:\windows\system32\dezuzara.dll c:\windows\system32\jikotato.dll c:\windows\system32\kagavuva.dll c:\windows\system32\tegavipo.dll c:\windows\system32\tubiwewa.dll c:\windows\system32\vojedayu.dll c:\windows\Tasks\kqbnnvmt.job c:\windows\Temp\tmp3.tmp . ((((((((((((((((((((((((( Files Created from 2009-12-24 to 2010-01-24 ))))))))))))))))))))))))))))))) . 2010-01-23 22:50 . 2010-01-23 22:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-01-22 07:49 . 2010-01-23 21:56 -------- d-----w- c:\documents and settings\Mafia\Application Data\BitComet 2010-01-04 17:16 . 2010-01-07 14:52 -------- d-----w- c:\windows\system32\Hummbird 2010-01-01 18:58 . 2010-01-01 18:58 -------- d-----w- c:\documents and settings\Mafia\Application Data\Braid . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-24 09:01 . 2009-05-17 14:19 -------- d-----w- c:\program files\mIRC 2010-01-23 23:16 . 2009-06-15 15:37 -------- d-----w- c:\documents and settings\Mafia\Application Data\uTorrent 2010-01-23 23:02 . 2009-05-17 15:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-01-23 22:32 . 2009-05-17 16:54 -------- d-----w- c:\documents and settings\Mafia\Application Data\ReGet Software 2010-01-17 20:25 . 2009-05-17 15:33 -------- d-----w- c:\documents and settings\Mafia\Application Data\Free Download Manager 2010-01-01 13:48 . 2009-12-06 11:17 -------- d-----w- c:\documents and settings\Mafia\Application Data\runic games 2009-12-05 10:52 . 2009-05-17 17:09 -------- d-----w- c:\program files\Winamp 2009-12-05 10:07 . 2009-12-05 10:07 67584 ----a-w- c:\windows\system32\xanalyze.dll 2009-12-05 10:07 . 2009-12-05 10:07 19299 ----a-w- c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat 2009-12-05 10:07 . 2009-05-17 18:44 164352 ----a-w- c:\windows\system32\SpoonUninstall.exe 2009-12-03 17:51 . 2009-12-03 17:51 -------- d-----w- c:\documents and settings\Mafia\Application Data\Malwarebytes 2009-12-03 17:51 . 2009-12-03 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes . ------- Sigcheck ------- [-] 2008-07-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-07-16 16806400] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-17 148888] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-16 13877248] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-16 86016] "RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe" [2009-08-22 2781184] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] 2007-05-15 07:55 1057328 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2004-10-13 08:04 278528 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 07:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-05-18 09:01 98304 ----a-w- c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc] 2007-05-15 07:55 1628208 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "McAfeeFramework"=2 (0x2) "TuneUp.ProgramStatisticsSvc"=2 (0x2) "TuneUp.Defrag"=3 (0x3) "InCDsrv"=2 (0x2) "iPodService"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Free Download Manager\\fdm.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\ReGet Software\\ReGet Deluxe\\ReGetDx.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Documents and Settings\\Mafia\\My Documents\\TBM\\HTTP Tunnel Genius.exe"= "c:\\Program Files\\Avira\\AntiVir Desktop\\avgnt.exe"= R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [5/18/2009 2:01 PM 155136] R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [5/18/2009 2:01 PM 5248] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/18/2009 1:28 AM 108289] R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [3/9/2009 12:25 PM 38304] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.manutd.com/ uInternet Settings,ProxyOverride = local IE: Do&wnload by ReGet Deluxe - c:\program files\Common Files\ReGet Shared\CC_Link.htm IE: Download A&ll by ReGet Deluxe - c:\program files\Common Files\ReGet Shared\CC_All.htm IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Mafia\Application Data\Mozilla\Firefox\Profiles\sxtgfwq3.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.talksoccer.net/forum/italian-football/ FF - component: c:\documents and settings\Mafia\Application Data\Mozilla\Firefox\Profiles\sxtgfwq3.default\extensions\{93EAA62A-6E42-4891-927A-DFFC6A684F7A}\components\MozillaFFExtension.dll ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . - - - - ORPHANS REMOVED - - - - BHO-{e8968037-2846-40ae-b932-d93820f970b4} - tubiwewa.dll HKLM-Run-futubivez - c:\windows\system32\bebuviza.dll HKLM-Run-zohohunudo - kagavuva.dll SharedTaskScheduler-{f80fd5f0-67e4-456c-8c84-408446d834a7} - c:\windows\system32\bebuviza.dll SSODL-zebapowuh-{f80fd5f0-67e4-456c-8c84-408446d834a7} - c:\windows\system32\bebuviza.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-24 17:09 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A32A438]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xb80ecf28 \Driver\ACPI -> ACPI.sys @ 0xb7f59cb8 \Driver\atapi -> 0x8a32a438 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 NDIS: Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xb7ddfbb0 PacketIndicateHandler -> NDIS.sys @ 0xb7dcea0d SendHandler -> NDIS.sys @ 0xb7de2b40 Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2492) c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\NVIDIA Corporation\nTune\nTuneService.exe c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE c:\windows\system32\RUNDLL32.EXE . ************************************************************************** . Completion time: 2010-01-24 17:11:40 - machine was rebooted ComboFix-quarantined-files.txt 2010-01-24 09:11 Pre-Run: 11,212,943,360 bytes free Post-Run: 11,187,118,080 bytes free - - End Of File - - CD15162720A55A302A19A9F71F5B1BBB
  6. i think ive posted my problem in the wrong section, my apologies.mod can you plz move it to the appropriate section thx.
  7. hi, i am 100% sure im infected the litinika.dll malware.so being the usual panic pc user i searched for a soln here and there and tried some things. 1st i tryed tho was combofix.im not sure what version but deleted some stuff and every thing seems fine but after some tme its back.after running the combofix for a few times i gave up as the problem still persisted. so i turned to mbam.but after installing it i had the problems stated in the "Procedures to help resolve issues preventing MBAM from running".since i didnt knew it was the malware thats do this.i simply uninstalled the mbam and tried other soln wch is deleting the quarantine folder of combofix and downloaded the latest version of combofix, run the thing again and up to now every thing looks fine. so now i have downloaded a new version of mbam but im not sure whether to install it or not since i dont know if my pc is free from the malicious programs. i dont have hjt, and havent done any other steps but the above.im also posting the combofix log. i really am not sure if my system is free or not an am in need of help.mods if this thread is at the wrong place or a violation pl take the appropriate steps thx. combofix log: ComboFix 10-01-23.05 - Mafia 01/24/2010 17:06:12.4.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2711 [GMT 8:00] Running from: c:\documents and settings\Mafia\My Documents\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\bebuviza.dll c:\windows\system32\dezuzara.dll c:\windows\system32\jikotato.dll c:\windows\system32\kagavuva.dll c:\windows\system32\tegavipo.dll c:\windows\system32\tubiwewa.dll c:\windows\system32\vojedayu.dll c:\windows\Tasks\kqbnnvmt.job c:\windows\Temp\tmp3.tmp . ((((((((((((((((((((((((( Files Created from 2009-12-24 to 2010-01-24 ))))))))))))))))))))))))))))))) . 2010-01-23 22:50 . 2010-01-23 22:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-01-22 07:49 . 2010-01-23 21:56 -------- d-----w- c:\documents and settings\Mafia\Application Data\BitComet 2010-01-04 17:16 . 2010-01-07 14:52 -------- d-----w- c:\windows\system32\Hummbird 2010-01-01 18:58 . 2010-01-01 18:58 -------- d-----w- c:\documents and settings\Mafia\Application Data\Braid . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-24 09:01 . 2009-05-17 14:19 -------- d-----w- c:\program files\mIRC 2010-01-23 23:16 . 2009-06-15 15:37 -------- d-----w- c:\documents and settings\Mafia\Application Data\uTorrent 2010-01-23 23:02 . 2009-05-17 15:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-01-23 22:32 . 2009-05-17 16:54 -------- d-----w- c:\documents and settings\Mafia\Application Data\ReGet Software 2010-01-17 20:25 . 2009-05-17 15:33 -------- d-----w- c:\documents and settings\Mafia\Application Data\Free Download Manager 2010-01-01 13:48 . 2009-12-06 11:17 -------- d-----w- c:\documents and settings\Mafia\Application Data\runic games 2009-12-05 10:52 . 2009-05-17 17:09 -------- d-----w- c:\program files\Winamp 2009-12-05 10:07 . 2009-12-05 10:07 67584 ----a-w- c:\windows\system32\xanalyze.dll 2009-12-05 10:07 . 2009-12-05 10:07 19299 ----a-w- c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat 2009-12-05 10:07 . 2009-05-17 18:44 164352 ----a-w- c:\windows\system32\SpoonUninstall.exe 2009-12-03 17:51 . 2009-12-03 17:51 -------- d-----w- c:\documents and settings\Mafia\Application Data\Malwarebytes 2009-12-03 17:51 . 2009-12-03 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes . ------- Sigcheck ------- [-] 2008-07-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-07-16 16806400] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-17 148888] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-16 13877248] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-16 86016] "RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe" [2009-08-22 2781184] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] 2007-05-15 07:55 1057328 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2004-10-13 08:04 278528 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 07:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-05-18 09:01 98304 ----a-w- c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc] 2007-05-15 07:55 1628208 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "McAfeeFramework"=2 (0x2) "TuneUp.ProgramStatisticsSvc"=2 (0x2) "TuneUp.Defrag"=3 (0x3) "InCDsrv"=2 (0x2) "iPodService"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Free Download Manager\\fdm.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\ReGet Software\\ReGet Deluxe\\ReGetDx.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Documents and Settings\\Mafia\\My Documents\\TBM\\HTTP Tunnel Genius.exe"= "c:\\Program Files\\Avira\\AntiVir Desktop\\avgnt.exe"= R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [5/18/2009 2:01 PM 155136] R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [5/18/2009 2:01 PM 5248] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/18/2009 1:28 AM 108289] R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [3/9/2009 12:25 PM 38304] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.manutd.com/ uInternet Settings,ProxyOverride = local IE: Do&wnload by ReGet Deluxe - c:\program files\Common Files\ReGet Shared\CC_Link.htm IE: Download A&ll by ReGet Deluxe - c:\program files\Common Files\ReGet Shared\CC_All.htm IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Mafia\Application Data\Mozilla\Firefox\Profiles\sxtgfwq3.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.talksoccer.net/forum/italian-football/ FF - component: c:\documents and settings\Mafia\Application Data\Mozilla\Firefox\Profiles\sxtgfwq3.default\extensions\{93EAA62A-6E42-4891-927A-DFFC6A684F7A}\components\MozillaFFExtension.dll ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . - - - - ORPHANS REMOVED - - - - BHO-{e8968037-2846-40ae-b932-d93820f970b4} - tubiwewa.dll HKLM-Run-futubivez - c:\windows\system32\bebuviza.dll HKLM-Run-zohohunudo - kagavuva.dll SharedTaskScheduler-{f80fd5f0-67e4-456c-8c84-408446d834a7} - c:\windows\system32\bebuviza.dll SSODL-zebapowuh-{f80fd5f0-67e4-456c-8c84-408446d834a7} - c:\windows\system32\bebuviza.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-24 17:09 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A32A438]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xb80ecf28 \Driver\ACPI -> ACPI.sys @ 0xb7f59cb8 \Driver\atapi -> 0x8a32a438 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 NDIS: Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xb7ddfbb0 PacketIndicateHandler -> NDIS.sys @ 0xb7dcea0d SendHandler -> NDIS.sys @ 0xb7de2b40 Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2492) c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\NVIDIA Corporation\nTune\nTuneService.exe c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE c:\windows\system32\RUNDLL32.EXE . ************************************************************************** . Completion time: 2010-01-24 17:11:40 - machine was rebooted ComboFix-quarantined-files.txt 2010-01-24 09:11 Pre-Run: 11,212,943,360 bytes free Post-Run: 11,187,118,080 bytes free - - End Of File - - CD15162720A55A302A19A9F71F5B1BBB
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.