[Neat_Manatee]

Hi, today while playing age of empires III i noticed severe slowdown, so i checked task manager and there was a file called "mmbin3.exe" that was using 200mb of ram lol (i have 1 gb), i tried spybot, but it always said that couldnt remove a certain threat, needed to do this in next reboot, i reboot, spybot run on startup but again is unable to remove the threat. So i googled this file and came to a thread here in this forum ( http://www.geekstogo...pp-t176031.html ).
So i downloaded this ComboFix and run it, after reboot that file dont opened again but maybe there are still files / registry entries of this virus on my system, i will post my log here and also hijackthis log so can someone please give me some advice about how i can completely remove this virus? Big thanks in advance and sorry for any english mistake.

ComboFix Log:
ComboFix 07-11-08.1 - usuario 2007-11-16 2:59:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.737 [GMT -2:00]
Executando de: C:\Documents and Settings\usuario\Desktop\ComboFix.exe
* Criado um novo ponto de restauro
.

Incapaz de adquirir Privilégios de Sistema

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\4_exception.nls
C:\WINDOWS\system32\drivers\ip6fw.sys
C:\WINDOWS\system32\drivers\runtime2.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_RUNTIME
-------\LEGACY_RUNTIME2
-------\runtime


((((((((((((((((((((((( Ficheiros criados de 2007-10-16 to 2007-11-16 ))))))))))))))))))))))))))))))))
.

2007-11-16 02:59 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-16 02:50 92,672 --a------ C:\Arquivos de programas\KillBox.exe
2007-11-04 17:51 <DIR> d-------- C:\Documents and Settings\usuario\Dados de aplicativos\OpenOffice.org2
2007-11-04 17:47 <DIR> d-------- C:\Arquivos de programas\OpenOffice.org 2.3
2007-10-31 18:09 286,208 --a------ C:\WINDOWS\system32\cncs232.dll
2007-10-27 03:32 <DIR> d-------- C:\Arquivos de programas\Hamachi
2007-10-25 04:48 <DIR> d-------- C:\Arquivos de programas\InstallShield Installation Information
2007-10-24 03:20 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\nView_Profiles
2007-10-21 21:43 <DIR> d-------- C:\Arquivos de programas\The 7 Deadly Sins
2007-10-21 15:07 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Blizzard Entertainment

.
((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-16 04:22 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy
2007-11-16 03:20 --------- d-----w C:\Arquivos de programas\DivX
2007-11-15 22:25 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\uTorrent
2007-11-14 06:27 --------- d-----w C:\Arquivos de programas\eMule
2007-11-13 16:13 --------- d-----w C:\Arquivos de programas\World of Warcraft
2007-11-11 04:03 --------- d-----w C:\Arquivos de programas\RivaTuner v2.05
2007-11-08 22:32 --------- d-----w C:\Arquivos de programas\Java
2007-10-29 02:31 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\Hamachi
2007-10-27 05:32 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-10-21 19:08 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\mIRC
2007-10-21 06:17 8,628 ---ha-w C:\Arquivos de programas\pagedfrg.GID
2007-10-15 14:31 --------- d-----w C:\Arquivos de programas\WE Unlimited
2007-10-15 02:03 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java
2007-10-14 05:05 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\vlc
2007-10-14 04:27 --------- d-----w C:\Arquivos de programas\VideoLAN
2007-10-08 03:37 --------- d-----w C:\Arquivos de programas\Microsoft Games
2007-10-07 06:25 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\CyberLink
2007-10-07 06:24 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink
2007-10-06 04:36 2,784,563 ----a-w C:\Arquivos de programas\e1198_a7v8x-x.pdf
2007-10-05 23:35 --------- d-----w C:\Arquivos de programas\microsoft frontpage
2007-10-05 23:00 --------- d-----w C:\Arquivos de programas\uTorrent
2007-10-05 23:00 --------- d-----w C:\Arquivos de programas\SumatraPDF
2007-10-05 02:49 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Age of Empires 3 YPack Trial
2007-10-03 18:15 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\InstallShield
2007-09-30 11:20 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\Tibia
2007-09-29 04:08 359,040 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-09-27 20:23 --------- d-----w C:\Arquivos de programas\IrfanView
2007-09-27 20:22 --------- d-----w C:\Arquivos de programas\DAEMON Tools
2007-09-27 20:22 --------- d-----w C:\Arquivos de programas\BitComet
2007-09-27 20:22 --------- d-----w C:\Arquivos de programas\aMSN
2007-09-27 20:16 --------- d-----w C:\Arquivos de programas\lg_fwupdate
2007-09-27 20:16 --------- d-----w C:\Arquivos de programas\DVD Shrink
2007-09-27 20:16 --------- d-----w C:\Arquivos de programas\DVD Decrypter
2007-09-27 20:16 --------- d-----w C:\Arquivos de programas\Disk Cleaner
2007-09-27 20:16 --------- d-----w C:\Arquivos de programas\7-Zip
2007-09-25 20:51 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\Leadertech
2007-09-24 05:03 359,040 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-09-23 00:42 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\SumatraPDF
2007-09-22 00:00 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Age of Empires 3
2007-09-21 22:10 --------- d-----w C:\Arquivos de programas\VIA
2007-09-21 22:09 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield
2007-09-21 18:33 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NVIDIA
2007-09-21 18:17 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-09-21 18:16 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\Talkback
2007-09-21 17:57 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe
2007-09-20 17:50 --------- d-----w C:\Arquivos de programas\Analog Devices
2007-09-20 17:46 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink
2007-09-20 16:53 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead
2007-09-20 16:53 --------- d-----w C:\Arquivos de programas\Ahead
2007-09-20 16:52 --------- d-----w C:\Arquivos de programas\CyberLink DVD Solution
2007-09-20 16:51 --------- d-----w C:\Arquivos de programas\CyberLink
2007-09-20 16:17 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços
2007-09-20 16:16 --------- d-----w C:\Arquivos de programas\Arquivos comuns\MSSoap
2007-09-20 13:02 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SpeechEngines
2007-09-20 13:02 --------- d-----w C:\Arquivos de programas\Arquivos comuns\ODBC
2006-11-01 16:06 215,928 ----a-w C:\Arquivos de programas\pagedfrg.exe
2000-07-23 21:58 8,419 ----a-w C:\Arquivos de programas\pagedfrg.hlp
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray]
C:\Arquivos de programas\Ad-Aware 2007\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Arquivos de programas\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
"C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" blrun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft all2]
C:\WINDOWS\mmall2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Arquivos de programas\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
C:\WINDOWS\mmall2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SoundMAX Agent Service (default)"=2 (0x2)
"InCDsrv"=2 (0x2)
"aawservice"=2 (0x2)
"MDM"=2 (0x2)
"NVSvc"=2 (0x2)
"hpdj"=2 (0x2)

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys
S3 RivaTuner32;RivaTuner32;\??\C:\Arquivos de programas\RivaTuner v2.05\RivaTuner32.sys
S3 XDva033;XDva033;\??\C:\WINDOWS\system32\XDva033.sys

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-16 03:03:36
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializ veis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso
Ficheiros ocultos: 0

**************************************************************************
.
Tempo para conclusÆo: 2007-11-16 3:04:04 - machine was rebooted
.
--- E O F ---

Hijackthis log after i used ComboFix and rebooted in combofix request:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:19:09, on 16/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Arquivos de programas\HijackThis\HijackThis.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

--
End of file - 1447 bytes

Edited by Neat_Manatee, 15 November 2007 - 11:30 PM.