Home & Home OfficeBusinessPartnersClubAbout Security Stronghold

W32.Mydoom.V@mm Removal: Remove W32.Mydoom.V@mm Forever

Let our support team solve your problem with W32.Mydoom.V@mm and repair W32.Mydoom.V@mm right now!

Leave the detailed description of your W32.Mydoom.V@mm problem in the form below. Our support team will contact you in several minutes and give a step-by-step instruction on how to fix W32.Mydoom.V@mm problem. Please be specific. Do your best describing the problem. This will help us recommend right and complete W32.Mydoom.V@mm problem removal solution.

Describe your problem here and we'll contact you in several minutes:

Warning:

1) We hate spam as much as you do. We will not share your email with any third party or publish it anywhere. Your email is used only to contact you and give you W32.Mydoom.V@mm removal solution.
2) All fields of this form are obligatory.

Guaranteed Problem Solution	Threat's description and solution are developed by Security Stronghold security team. Let professionals make your problems solved now!
What is W32.Mydoom.V@mm? Technical details of W32.Mydoom.V@mm problem and W32.Mydoom.V@mm removal tool Methods for manual W32.Mydoom.V@mm removal Free download of a program that will solve your problem automatically Free instant professional support in solving W32.Mydoom.V@mm error from our Security Support Team

Threat's profile

	Name of the threat: W32.Mydoom.V@mm
	Command or file name: WIN32S.EXE
	Threat type: Spyware\trojan
	Affected OS: Win32 (Windows 9x, Windows XP, Windows Vista, Windows Seven)

W32.Mydoom.V@mm intrusion method

W32.Mydoom.V@mm copies its file(s) to your hard disk. Its typical file name is WIN32S.EXE. Then it creates new startup key with name W32.Mydoom.V@mm and value WIN32S.EXE. You can also find it in your processes list with name WIN32S.EXE or W32.Mydoom.V@mm.

If you have further questions about W32.Mydoom.V@mm, please fill in the form above and we'll contact you shortly.

» Download program to remove W32.Mydoom.V@mm (W32.Mydoom.V@mm Removal Tool)

How to fix W32.Mydoom.V@mm

This problem can be solved manually by deleting all registry keys and files connected with W32.Mydoom.V@mm, removing it from starup list and unregistering all corresponding DLLs. Additionally missing DLL's should be restored from distribution in case they are corrupted by W32.Mydoom.V@mm.

To get rid of W32.Mydoom.V@mm, you should:

1. Kill the following processes and delete the appropriate files:

no information

Warning: you should delete only those files which checksums are listed as malicious. There may be valid files with the same names in your system. We recommend you to use W32.Mydoom.V@mm Removal Tool for safe problem solution.

2. Delete the following malicious folders:

no information

3. Delete the following malicious registry entries and\or values:

no information

Warning: If value is listed for some registry entries, you should only clear these values and leave keys with such values untouched. We recommend you to use W32.Mydoom.V@mm Removal Tool for safe problem solution.

Here are the descriptions of problems connected with W32.Mydoom.V@mm and WIN32S.EXE we received earlier:

MyDoom Virus Problem

Problem Summary: MyDoom Virus Problem
I have executed the file ComboFix. The exe generated a txt log file as shown below. Please provide a resolution.

ComboFix 09-03-10.03 - comp3 2009-03-12 20:46:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2037.1482 [GMT 5.5:30]
Running from: c:\\documents and settings\\comp3\\Desktop\\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090311-1] *On-access scanning disabled* (Updated)
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\\windows\\system32\\AutoRun.inf
c:\\windows\\system32\\Cache
c:\\windows\\system32\\drivers\\ati6hjxx.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\\Legacy_ATI6HJXX
-------\\Legacy_icf
-------\\Legacy_TCPSR
-------\\Service_ati6hjxx
-------\\Service_tcpsr

((((((((((((((((((((((((( Files Created from 2009-02-12 to 2009-03-12 )))))))))))))))))))))))))))))))
.

2009-03-12 19:37 . 2009-03-12 19:35 297,088 --a------ C:\\FxMydoom.exe
2009-03-12 19:15 . 2009-03-12 19:15 d-------- c:\\program files\\CCleaner
2009-03-12 19:12 . 2009-02-21 07:36 3,171,208 --a------ C:\\ccsetup216.exe
2009-03-12 19:00 . 2009-03-12 19:00 d-------- c:\\documents and settings\\comp3\\Application Data\\TeamViewer
2009-03-12 18:59 . 2009-03-12 18:59 d-------- c:\\documents and settings\\comp3\\temp
2009-03-12 17:07 . 2009-03-12 17:07 d-a------ c:\\documents and settings\\All Users\\Application Data\\TEMP
2009-03-12 17:06 . 2009-03-12 17:06 d-------- c:\\documents and settings\\comp3\\Application Data\\Simply Super Software
2009-03-12 17:06 . 2003-02-02 20:06 153,088 --a------ c:\\windows\\system32\\UNRAR3.dll
2009-03-12 17:06 . 2002-03-06 01:00 75,264 --a------ c:\\windows\\system32\\unacev2.dll
2009-03-12 16:54 . 2009-03-12 16:54 d-------- c:\\program files\\Alwil Software
2009-03-12 11:46 . 2009-03-12 11:46 d-------- c:\\documents and settings\\comp3\\Application Data\\Malwarebytes
2009-03-12 11:46 . 2009-03-12 11:46 d-------- c:\\documents and settings\\All Users\\Application Data\\Malwarebytes
2009-03-12 10:32 . 2009-03-12 20:51 96,110 --a------ c:\\windows\\system32\\drivers\\2262f094.sys
2009-03-12 10:32 . 2009-03-12 10:32 33,280 --a------ c:\\documents and settings\\All Users\\lhigp.dll
2009-03-11 17:46 . 2009-03-11 21:16 99,950 --a------ c:\\windows\\system32\\drivers\\87f5a810.sys
2009-03-11 17:45 . 2009-03-11 17:45 33,280 --a------ c:\\windows\\system32\\acnjup.dll
2009-03-11 17:25 . 2009-03-11 17:25 33,280 --a------ c:\\documents and settings\\comp3\\bnvuskwj.dll
2009-03-11 17:24 . 2009-03-11 17:24 33,280 --a------ c:\\documents and settings\\All Users\\jkso.dll
2009-03-11 17:23 . 2009-03-11 17:42 99,950 --a------ c:\\windows\\system32\\drivers\\24f8dff7.sys
2009-03-11 15:21 . 2009-03-11 15:21 d-------- c:\\program files\\MSDN
2009-03-11 15:09 . 2009-03-11 15:09 d-------- c:\\program files\\Microsoft Device Emulator
2009-03-11 15:09 . 2009-03-11 15:09 d-------- c:\\program files\\Business Objects
2009-03-11 15:08 . 2009-03-11 15:08 d-------- c:\\program files\\Windows Mobile 5.0 SDK R2
2009-03-11 15:01 . 2009-03-11 15:01 d-------- c:\\documents and settings\\All Users\\Application Data\\PreEmptive Solutions
2009-03-11 14:56 . 2009-03-11 14:56 d-------- c:\\windows\\symbols
2009-03-11 14:54 . 2009-03-11 14:54 d-------- c:\\program files\\Microsoft SDKs
2009-03-11 14:54 . 2009-03-11 14:57 d-------- c:\\program files\\HTML Help Workshop
2009-03-11 14:54 . 2009-03-11 15:01 d-------- c:\\program files\\Common Files\\Merge Modules
2009-03-11 14:54 . 2009-03-11 14:54 d-------- c:\\program files\\CE Remote Tools
2009-03-11 14:52 . 2009-03-11 14:52 d-------- c:\\windows\\system32\\XPSViewer
2009-03-11 14:51 . 2009-03-11 14:51 d-------- c:\\program files\\Reference Assemblies
2009-03-11 14:48 . 2009-03-11 14:48 d-------- c:\\program files\\MSXML 6.0
2009-03-11 13:31 . 2009-03-11 13:31 d-------- c:\\program files\\MagicISO
2009-03-11 13:16 . 2009-03-11 14:52 d-------- c:\\program files\\MSBuild
2009-03-11 11:00 . 2009-03-11 11:00 247,656 --a------ c:\\windows\\system32\\ht8x4.exe
2009-03-10 20:19 . 2009-03-10 20:40 d-------- c:\\windows\\SxsCaPendDel
2009-03-10 17:45 . 2009-03-12 19:48 d-------- c:\\documents and settings\\comp3\\Application Data\\nidle
2009-03-10 17:38 . 2009-03-10 17:38 d---s---- c:\\documents and settings\\comp3\\UserData
2009-03-10 17:31 . 2009-03-10 17:31 d-------- c:\\windows\\IIS Temporary Compressed Files
2009-03-10 12:26 . 2009-03-10 12:26 0 -rahs---- C:\\kht
2009-03-10 12:22 . 2009-03-10 12:25 1,517 -rahs---- c:\\windows\\system32\\autorun.in
2009-03-10 12:22 . 2009-03-10 12:25 1,470 -rahs---- c:\\windows\\system32\\autorun.i
2009-03-09 21:43 . 2009-03-11 18:29 d-------- c:\\program files\\Microsoft SQL Server
2009-03-09 21:41 . 2009-03-09 21:41 d-------- c:\\program files\\Microsoft SQL Server Compact Edition
2009-03-09 21:32 . 2009-03-10 20:14 d-------- c:\\program files\\Microsoft.NET
2009-03-09 21:32 . 2009-03-09 21:32 d-------- c:\\program files\\Microsoft Web Designer Tools
2009-03-09 21:32 . 2009-03-11 15:09 d-------- c:\\program files\\Microsoft Visual Studio 9.0
2009-03-09 21:29 . 2006-06-29 13:07 14,048 --------- c:\\windows\\system32\\spmsg2.dll
2009-03-09 12:51 . 2009-02-12 05:54 37,183 --a------ C:\\addmember.php
2009-03-05 17:51 . 2009-03-05 17:51 d-------- c:\\program files\\Real
2009-03-05 17:51 . 2009-03-05 17:51 d-------- c:\\program files\\Common Files\\xing shared
2009-03-05 17:51 . 2009-03-05 17:51 d-------- c:\\program files\\Common Files\\Real
2009-03-05 13:51 . 2009-03-05 13:51 84,992 -ra-s---- c:\\windows\\system32\\rmtrx.dll
2009-03-04 12:15 . 2009-03-11 13:57 d--h----- C:\\$AVG8.VAULT$
2009-03-03 19:40 . 2009-03-03 19:40 d-------- c:\\program files\\ESET
2009-03-03 19:40 . 2009-03-03 19:40 d-------- c:\\documents and settings\\All Users\\Application Data\\ESET
2009-03-03 19:18 . 2009-03-03 19:18 d-------- c:\\windows\\system32\\drivers\\Avg
2009-03-03 19:18 . 2009-03-03 19:18 d-------- c:\\program files\\AVG
2009-03-03 19:18 . 2009-03-03 19:25 d-------- c:\\documents and settings\\comp3\\Application Data\\AVGTOOLBAR
2009-03-03 19:18 . 2009-03-03 19:18 d-------- c:\\documents and settings\\All Users\\Application Data\\avg8
2009-03-03 19:18 . 2009-03-03 19:18 97,928 --a------ c:\\windows\\system32\\drivers\\avgldx86.sys
2009-03-03 19:18 . 2009-03-03 19:18 10,520 --a------ c:\\windows\\system32\\avgrsstx.dll
2009-03-03 18:41 . 2009-03-03 19:18 d-------- c:\\documents and settings\\Administrator
2009-03-03 18:12 . 2009-03-03 19:18 d-------- c:\\documents and settings\\Guest
2009-02-28 11:46 . 2009-02-28 11:47 d-------- c:\\program files\\Sizer
2009-02-26 19:22 . 2009-02-27 12:14 d-------- c:\\documents and settings\\comp3\\Application Data\\dvdcss
2009-02-26 12:42 . 2009-02-26 12:42 d-------- c:\\program files\\Apple Software Update
2009-02-26 12:42 . 2009-02-26 12:42 d-------- c:\\documents and settings\\All Users\\Application Data\\Apple Computer
2009-02-21 16:39 . 2009-02-21 16:41 d-------- c:\\documents and settings\\comp3\\Application Data\\Ahead
2009-02-21 16:39 . 2009-02-21 19:58 69 --a------ c:\\windows\\NeroDigital.ini
2009-02-21 16:38 . 2009-02-21 16:38 d-------- c:\\documents and settings\\All Users\\Application Data\\Ahead
2009-02-20 18:24 . 2009-03-10 20:40 d-------- c:\\program files\\Google
2009-02-20 13:23 . 2009-02-20 13:23 d-------- c:\\program files\\Flash Movie Player
2009-02-19 19:20 . 2009-03-11 17:29 57,992 --ah----- c:\\windows\\system32\\mlfcache.dat
2009-02-17 13:55 . 2009-02-17 13:55 d-------- c:\\documents and settings\\comp3\\Application Data\\Media Player Classic
2009-02-14 17:23 . 2009-02-26 12:43 d-------- c:\\documents and settings\\comp3\\Application Data\\Apple Computer
2009-02-13 20:33 . 2009-02-16 20:13 d-------- c:\\documents and settings\\comp3\\Application Data\\Xilisoft Corporation
2009-02-13 16:42 . 2009-02-13 16:43 d-------- c:\\documents and settings\\comp3\\Application Data\\vlc
2009-02-13 12:52 . 2009-02-13 12:52 d-------- c:\\program files\\YouTube Downloader
2009-02-13 10:40 . 2009-03-12 12:10 d-------- C:\\My Web Sites
2009-02-13 10:39 . 2009-02-13 10:39 d-------- c:\\program files\\WinHTTrack

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-12 14:47 --------- d-----w c:\\program files\\Mozilla Firefox 3 Beta 2
2009-03-12 11:44 --------- d-----w c:\\documents and settings\\comp3\\Application Data\\uTorrent
2009-03-11 10:03 --------- d-----w c:\\documents and settings\\All Users\\Application Data\\Microsoft Help
2009-03-11 07:46 --------- d-----w c:\\program files\\Microsoft Works
2009-02-26 07:13 --------- d-----w c:\\program files\\Safari
2009-02-20 08:01 --------- d-----w c:\\program files\\Macromedia
2009-02-20 08:01 --------- d-----w c:\\program files\\Common Files\\Macromedia
2009-02-11 12:59 --------- d-----w c:\\program files\\uTorrent
2009-02-10 06:17 --------- d-----w c:\\documents and settings\\All Users\\Application Data\\Macrovision
2009-02-10 06:11 --------- d-----w c:\\program files\\Common Files\\Adobe
2009-02-10 06:06 --------- d--h--w c:\\program files\\InstallShield Installation Information
2009-02-10 06:06 --------- d-----w c:\\program files\\Common Files\\Macromedia Shared
2009-02-09 13:26 --------- d-----w c:\\program files\\VideoLAN
2009-02-09 08:25 --------- d-----w c:\\documents and settings\\All Users\\Application Data\\Adobe Systems
2009-02-09 06:04 --------- d-----w c:\\program files\\GlobalSCAPE
2009-02-09 06:04 --------- d-----w c:\\documents and settings\\comp3\\Application Data\\GlobalSCAPE
2009-02-09 06:04 --------- d-----w c:\\documents and settings\\All Users\\Application Data\\GlobalSCAPE
2009-02-09 05:18 --------- d-----w c:\\program files\\Common Files\\InstallShield
2009-02-09 05:17 --------- d-----w c:\\program files\\Opera
2009-02-09 05:17 --------- d-----w c:\\documents and settings\\All Users\\Application Data\\Apple
2009-02-08 06:58 --------- d-----w c:\\program files\\Common Files\\Adobe Systems Shared
2009-02-05 07:46 --------- d-----w c:\\documents and settings\\comp3\\Application Data\\InterTrust
2009-02-05 07:41 315,392 ----a-w c:\\windows\\HideWin.exe
2009-02-05 07:41 --------- d-----w c:\\program files\\Realtek
2009-02-05 07:38 --------- d-----w c:\\documents and settings\\comp3\\Application Data\\InstallShield
2009-02-05 07:34 --------- d-----w c:\\program files\\Intel
2009-02-05 07:28 --------- d-----w c:\\program files\\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"ctfmon.exe\"=\"c:\\windows\\system32\\ctfmon.exe\" [2004-08-04 15360]
\"Google Update\"=\"c:\\documents and settings\\comp3\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe\" [2009-02-10 133104]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"IgfxTray\"=\"c:\\windows\\system32\\igfxtray.exe\" [2007-07-11 131072]
\"HotKeysCmds\"=\"c:\\windows\\system32\\hkcmd.exe\" [2007-07-11 155648]
\"Persistence\"=\"c:\\windows\\system32\\igfxpers.exe\" [2007-07-11 131072]
\"GrooveMonitor\"=\"c:\\program files\\Microsoft Office\\Office12\\GrooveMonitor.exe\" [2006-10-27 31016]
\"AVG8_TRAY\"=\"c:\\progra~1\\AVG\\AVG8\\avgtray.exe\" [2009-03-03 1234712]
\"avast!\"=\"c:\\progra~1\\ALWILS~1\\Avast4\\ashDisp.exe\" [2009-02-06 81000]
\"RTHDCPL\"=\"RTHDCPL.EXE\" [2007-07-11 c:\\windows\\RTHDCPL.exe]

c:\\documents and settings\\comp3\\Start Menu\\Programs\\Startup\\
Adobe Gamma.lnk - c:\\program files\\Common Files\\Adobe\\Calibration\\Adobe Gamma Loader.exe [2005-03-16 113664]
Sizer.lnk - c:\\program files\\Sizer\\sizer.exe [2002-12-08 18944]

c:\\documents and settings\\All Users\\Start Menu\\Programs\\Startup\\
WinZip Quick Pick.lnk - c:\\program files\\WinZip\\WZQKPICK.EXE [2009-02-05 106560]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\windows]
\"AppInit_DLLs\"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\googletalk]
--a------ 2007-01-02 02:52 3739648 c:\\program files\\Google\\Google Talk\\googletalk.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center]
\"AntiVirusDisableNotify\"=dword:00000001
\"UpdatesDisableNotify\"=dword:00000001

[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile]
\"EnableFirewall\"= 0 (0x0)

[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"%windir%\\\\system32\\\\sessmgr.exe\"=
\"c:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\OUTLOOK.EXE\"=
\"c:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\GROOVE.EXE\"=
\"c:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\ONENOTE.EXE\"=
\"c:\\\\Program Files\\\\uTorrent\\\\uTorrent.exe\"=
\"c:\\\\Program Files\\\\Google\\\\Google Talk\\\\googletalk.exe\"=
\"c:\\\\Documents and Settings\\\\comp3\\\\Local Settings\\\\Application Data\\\\Google\\\\Google Talk Plugin\\\\googletalkplugin.dll\"=
\"c:\\\\Documents and Settings\\\\comp3\\\\Local Settings\\\\Application Data\\\\Google\\\\Google Talk Plugin\\\\googletalkplugin.exe\"=
\"c:\\\\Program Files\\\\AVG\\\\AVG8\\\\avgupd.exe\"=

[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\GloballyOpenPorts\\List]
\"56795:TCP\"= 56795:TCP:BuildIntel SystemSpeech
\"25551:TCP\"= 25551:TCP:BuildIntel PackagesGames
\"47906:TCP\"= 47906:TCP:BuildIntel Microsofttwain
\"14747:UDP\"= 14747:UDP:BuildIntel OptionsOptions
\"12180:TCP\"= 12180:TCP:BuildIntel MakerVideo
\"35691:UDP\"= 35691:UDP:BuildIntel Documentswinsxs
\"30545:UDP\"= 30545:UDP:BuildIntel OfficeDownloaded
\"15919:UDP\"= 15919:UDP:BuildIntel Documentsinf

R1 aswsp;avast! Self Protection;c:\\windows\\system32\\drivers\\aswSP.sys [2009-03-12 114768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\\windows\\system32\\drivers\\avgldx86.sys [2009-03-03 97928]
R1 epfwtdir;epfwtdir;c:\\windows\\system32\\drivers\\epfwtdir.sys [2007-12-21 30728]
R2 aswfsblk;aswFsBlk;c:\\windows\\system32\\drivers\\aswFsBlk.sys [2009-03-12 20560]
R2 avg8wd;AVG Free8 WatchDog;c:\\progra~1\\AVG\\AVG8\\avgwdsvc.exe [2009-03-03 231704]
R2 MsDtsServer;SQL Server Integration Services;c:\\program files\\Microsoft SQL Server\\90\\DTS\\Binn\\MsDtsSrvr.exe [2005-10-14 199384]
R2 msftesql$MASTER;SQL Server FullText Search (MASTER);c:\\program files\\Microsoft SQL Server\\MSSQL.5\\MSSQL\\Binn\\msftesql.exe [2006-02-14 92880]
R2 msftesql$MYMATE;SQL Server FullText Search (MYMATE);c:\\program files\\Microsoft SQL Server\\MSSQL.4\\MSSQL\\Binn\\msftesql.exe [2006-02-14 92880]
R2 msftesql$SQLEXPRESS_MAS;SQL Server FullText Search (SQLEXPRESS_MAS);c:\\program files\\Microsoft SQL Server\\MSSQL.3\\MSSQL\\Binn\\msftesql.exe [2006-02-14 92880]
R2 MSSQL$MASTER;SQL Server (MASTER);c:\\program files\\Microsoft SQL Server\\MSSQL.5\\MSSQL\\Binn\\sqlservr.exe [2006-04-14 28933976]
R2 MSSQL$MYMATE;SQL Server (MYMATE);c:\\program files\\Microsoft SQL Server\\MSSQL.4\\MSSQL\\Binn\\sqlservr.exe [2006-04-14 28933976]
R2 MSSQL$SQLEXPRESS_MAS;SQL Server (SQLEXPRESS_MAS);c:\\program files\\Microsoft SQL Server\\MSSQL.3\\MSSQL\\Binn\\sqlservr.exe [2006-04-14 28933976]
R3 slnt;Silan SC92031 PCI Fast Ethernet Adapter;c:\\windows\\system32\\drivers\\slnt.sys [2009-02-09 18004]
S2 jfmyihpecs;jfmyihpecs;c:\\windows\\System32\\svchost.exe -k netsvcs [2004-08-04 14336]
S2 ReportServer$SQLEXPRESS;SQL Server Reporting Services (SQLEXPRESS); [x]
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER); [x]
S2 W32mon;Config Time;c:\\windows\\system32\\svchost.exe -k netsvcs [2004-08-04 14336]

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Svchost - NetSvcs
W32mon
Jnfoe
oafkez
ayxisuhag
JfmyIhpecs
.
Contents of the \'Scheduled Tasks\' folder

2009-03-12 c:\\windows\\Tasks\\GoogleUpdateTaskUserS-1-5-21-1409082233-261903793-725345543-1003.job
- c:\\documents and settings\\comp3\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe [2009-02-10 15:19]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-TkBellExe - realsched.exe
MSConfigStartUp-Email Protection - c:\\progra~1\\QUICKH~1\\QUICKH~1\\EMLPROUI.EXE
MSConfigStartUp-Messenger - c:\\progra~1\\QUICKH~1\\QUICKH~1\\SCANMSG.EXE
MSConfigStartUp-On-Line Protection - c:\\progra~1\\QUICKH~1\\QUICKH~1\\cateye.exe
MSConfigStartUp-ResumeQuickupDownload - c:\\progra~1\\QUICKH~1\\QUICKH~1\\acappaa.exe
MSConfigStartUp-Startup Scan - c:\\progra~1\\QUICKH~1\\QUICKH~1\\Sensor.EXE
MSConfigStartUp-Update Scheduler - c:\\progra~1\\QUICKH~1\\QUICKH~1\\UPSCHD.EXE

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bleepingcomputer.com/combofix/how-to-use-combofix
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\\progra~1\\MICROS~2\\Office12\\EXCEL.EXE/3000
TCP: {22BCDE5B-6F85-4EE9-8A86-DA3C2A943747} = 198.168.0.1
TCP: {7E698D0B-D550-4676-A421-B6F2526946C4} = 202.138.96.2,202.138.103.100
FF - ProfilePath - c:\\documents and settings\\comp3\\Application Data\\Mozilla\\Firefox\\Profiles\\6blig0c1.default\\
FF - component: c:\\program files\\AVG\\AVG8\\Firefox\\components\\avgssff.dll
FF - component: c:\\program files\\AVG\\AVG8\\ToolbarFF\\components\\vmAVGConnector.dll
FF - component: c:\\program files\\Real\\RealPlayer\\browserrecord\\components\\nprpbrowserrecordplugin.dll
FF - plugin: c:\\documents and settings\\comp3\\Application Data\\Mozilla\\plugins\\npgoogletalk.dll
FF - plugin: c:\\documents and settings\\comp3\\Local Settings\\Application Data\\Google\\Update\\1.2.141.5\\npGoogleOneClick7.dll
FF - plugin: c:\\program files\\Opera\\program\\plugins\\nppdf32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-12 20:50:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\\System\\ControlSet005\\Services\\msftesql$MASTER]
\"ImagePath\"=\"\\\"c:\\program files\\Microsoft SQL Server\\MSSQL.5\\MSSQL\\Binn\\msftesql.exe\\\" -s:MSSQL.5 -f:MASTER\"

[HKEY_LOCAL_MACHINE\\System\\ControlSet005\\Services\\msftesql$MYMATE]
\"ImagePath\"=\"\\\"c:\\program files\\Microsoft SQL Server\\MSSQL.4\\MSSQL\\Binn\\msftesql.exe\\\" -s:MSSQL.4 -f:MYMATE\"

[HKEY_LOCAL_MACHINE\\System\\ControlSet005\\Services\\msftesql$SQLEXPRESS_MAS]
\"ImagePath\"=\"\\\"c:\\program files\\Microsoft SQL Server\\MSSQL.3\\MSSQL\\Binn\\msftesql.exe\\\" -s:MSSQL.3 -f:SQLEXPRESS_MAS\"

[HKEY_LOCAL_MACHINE\\System\\ControlSet005\\Services\\2262f094]
\"ImagePath\"=\"\\SystemRoot\\System32\\drivers\\2262f094.sys\"
--

[HKEY_LOCAL_MACHINE\\System\\ControlSet005\\Services\\W32mon]
\"ServiceDll\"=\"c:\\windows\\system32\\rmtrx.dll\"
.
------------------------ Other Running Processes ------------------------
.
c:\\program files\\Alwil Software\\Avast4\\aswUpdSv.exe
c:\\program files\\Alwil Software\\Avast4\\ashServ.exe
c:\\windows\\system32\\igfxsrvc.exe
c:\\windows\\system32\\inetsrv\\inetinfo.exe
c:\\program files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE
c:\\program files\\Microsoft SQL Server\\MSSQL.1\\MSSQL\\Binn\\sqlservr.exe
c:\\program files\\Microsoft SQL Server\\MSSQL.2\\MSSQL\\Binn\\sqlservr.exe
c:\\windows\\system32\\wdfmgr.exe
c:\\program files\\Alwil Software\\Avast4\\ashMaiSv.exe
c:\\program files\\Alwil Software\\Avast4\\ashWebSv.exe
c:\\documents and settings\\comp3\\temp\\TeamViewer\\Version4\\TeamViewer.exe
c:\\program files\\AVG\\AVG8\\avgrsx.exe
c:\\program files\\AVG\\AVG8\\avgrsx.exe
.
**************************************************************************
.
Completion time: 2009-03-12 20:56:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-12 15:26:30

Pre-Run: 19,773,566,976 bytes free
Post-Run: 19,594,235,904 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS
[operating systems]
c:\\cmdcons\\BOOTSECT.DAT=\"Microsoft Windows Recovery Console\" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS=\"Microsoft Windows XP Professional\" /noexecute=optin /fastdetect

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
289

Our support has contacted the author of this message, Somasundaram, and helped to solve his problem.

MyDoom Virus Problem

Our support has contacted the author of this message, Somasundaram, and helped to solve his problem.

i want to clean this trojan

Problem Summary: i want to clean this trojan
hi
i want to remove the trojan with this file = pic.exe
that always hiding from me and i cant delete it,also it makes a file with the name = autorun.inf
plz help me

Our support has contacted the author of this message, amin, and helped to solve his problem.

I can\'t open my drives by double clicking them

Problem Summary: I can\'t open my drives by double clicking them
I have a problem with my windows XP when I want to open my drives by double clicking them a command promt windows appear with title of my drive name + \" :\\pic.exe \" and then it close immediatly. I have reinstalled my Windows 3 times but no change appeared.

Our support has contacted the author of this message, Saturn, and helped to solve his problem.

fixmydoom.exe won\'t run

Problem Summary: fixmydoom.exe won\'t run
Tell me I do not have administrator level privledges, but I do,

Our support has contacted the author of this message, Rick Givens, and helped to solve his problem.

pic.exe

Problem Summary: pic.exe
can not open drive of widows

Our support has contacted the author of this message, sa, and helped to solve his problem.

win32s.exe

Problem Summary: win32s.exe
this file was infect to my computer and flash disk and i don\'n remove it. thank you...

Our support has contacted the author of this message, aliveli, and helped to solve his problem.

W32.Mydoom.V@mm Removal: Remove W32.Mydoom.V@mm Forever

Let our support team solve your problem with W32.Mydoom.V@mm and repair W32.Mydoom.V@mm right now!

Describe your problem here and we'll contact you in several minutes:

We'll contact you in 10 minutes or less after you click on this button! Individual solution guaranteed!

Warning:

Threat's profile

W32.Mydoom.V@mm intrusion method

Recommended Solution

How to fix W32.Mydoom.V@mm