Security Stronghold security made easy

Eliminacion de W32.Mydoom.V@mm: Eliminar W32.Mydoom.V@mm para siempre



* Que es W32.Mydoom.V@mm

* Descargar herramienta de eliminacion de W32.Mydoom.V@mm

* Eliminar W32.Mydoom.V@mm manualmente

* Obtenga asistencia tecnica

* Leer comentarios


Threat indicator: HIGH

Perfil de amenaza

Nombre de la amenaza:

Comando o nombre de archivo:

Tipo de amenaza:

Afectado SO:

W32.Mydoom.V@mm

Cnfgldr.exe

Worm

Win32 (Windows XP, Vista, Seven, 8)



Metodo de intrusion de W32.Mydoom.V@mm

W32.Mydoom.V@mm copia su archivo (s) a su disco duro. Su tipico nombre de archivo es Cnfgldr.exe. Entonces se crea una nueva clave de inicio con el nombre W32.Mydoom.V@mm y valor Cnfgldr.exe. Tambien lo puede encontrar en la lista de procesos con el nombre Cnfgldr.exe o W32.Mydoom.V@mm.

Si usted tiene mas preguntas sobre W32.Mydoom.V@mm, por favor complete el siguiente formulario y nos pondremos en contacto con usted pronto.


Descargar herramenta de eliminacion

Descarga este programa avanzado y resolver problemas con W32.Mydoom.V@mm y Cnfgldr.exe (descarga comenzara inmediatamente):

Descargar Spyhunter para eliminar W32.Mydoom.V@mm y Cnfgldr.exe ahora!

* SpyHunter fue desarrollado por la compania EnigmaSoftware sede en Estados Unidos y es capaz de eliminar problemas con W32.Mydoom.V@mm en el modo automatico. Programa fue probado en Windows XP, Windows Vista, Windows 7 y Windows 8.

Caracteristicas

* Elimina todos los archivos creados por W32.Mydoom.V@mm.

* Elimina todas las claves de registro creadas por W32.Mydoom.V@mm.

* Puede activar Sistema y Network Guardias y olvidarse de malware.

* Puede arreglar problemas con el navegador y proteger la configuracion del navegador.

* La eliminacion se garantiza - si SpyHunter no puede eliminar el virus de pedir soporte gratuito

* 24/7 Spyware Helpdesk Support incluido en el paquete.


Descargar Spyhunter Remediation Tool by Enigma Software

Descargue este software disenado especificamente para resolver problemas con W32.Mydoom.V@mm y Cnfgldr.exe y problemas similares. (descarga comenzara inmediatamente):

Descargar herramienta de eliminacion para W32.Mydoom.V@mm y Cnfgldr.exe ahora!

Caracteristicas

* Elimina todos los archivos creados por W32.Mydoom.V@mm.

* Elimina todas las claves de registro creadas por W32.Mydoom.V@mm.

* Que fija la redireccion y secuestrar de navegador si es necesario.

* Puede inmunizar a los discos de problema especifico.

* La eliminacion se garantiza - si Spyhunter Remediation Tool no puede eliminar el virus de pedir soporte gratuito

* 24/7 Helpdesk Support y 5 horas de soporte remoto a traves de GoToAssist incluido en el paquete.


Deje que nuestro centro de ayuda a resolver su problema con W32.Mydoom.V@mm y reparacion W32.Mydoom.V@mm ahora!

Deje la descripcion detallada de su W32.Mydoom.V@mm problema en el siguiente formulario. Nuestro equipo de soporte se comunicara con usted en varios minutos y dar una instruccion paso a paso como solucionar problemas con W32.Mydoom.V@mm. Por favor, sea especifico. Haz tu mejor describe el problema. Esto nos ayudara recomendamos solucion correcta y completa.

Click to ask professional of W32.Mydoom.V@mm solution

Describa su problema aqui y nos pondremos en contacto con usted en varios minutos:

We'll reply you in 10 minutes or less
* Nombre:
* E-mail:
* Resumen problema:
* Descripcion detallada:
Adjuntar archivo sospechoso:
Aqui se puede adjuntar el archivo usted sospecha que el virus o la fuente del problema. Si desea adjuntar varios archivos, ponerlos en un archivo y adjuntarlo en su lugar.

Nos pondremos en contacto con usted de vuelta en 10 minutos o menos despues de hacer clic en este boton.

Solucion individual garantizado!

 

Es importante:

  1. Odiamos el spam tanto como usted. No compartiremos su correo electronico con terceros o publicar en cualquier lugar. Tu email solo se utiliza para ponerse en contacto con usted y le dara solucion de eliminacion de W32.Mydoom.V@mm.
  2. Todos los campos de este formulario son obligatorios.

Software Industry Professionals Member
La descripcion de la amenaza y la solucion son desarrollados por Security Stronghold equipo de seguridad.

Aqui tambien se puede aprender:

* ?Que es W32.Mydoom.V@mm? Los detalles tecnicos de W32.Mydoom.V@mm problema y programa de eliminacion de W32.Mydoom.V@mm.

* Los metodos para remocion manual de W32.Mydoom.V@mm.

* Descarga instantanea de un programa que va a resolver su problema de forma automatica.


Como eliminar W32.Mydoom.V@mm de forma manual?

Este problema se puede resolver de forma manual mediante la supresion de todas las claves de registro y archivos relacionados con W32.Mydoom.V@mm, sacarlo de la lista de inicio y anular el registro de todos los archivos DLL correspondientes. DLL que faltan, ademas, deben ser restaurados de distribucion en caso de que sean danados por W32.Mydoom.V@mm.

Para deshacerse de W32.Mydoom.V@mm, usted debe:

1. Mata a los siguientes procesos y eliminar los archivos adecuados:

  • WIN32S.EXE

Advertencia: debe eliminar solo los archivos que checksums se enumeran como malicioso. Es posible que haya archivos validos con los mismos nombres en su sistema. Le recomendamos que utilizar Utilidad de eliminacion de W32.Mydoom.V@mm para la solucion de un problema de seguridad.

2. Elimine las siguientes carpetas maliciosos:

no information

3. Elimine las siguientes entradas en el registro maliciosos:

no information

Advertencia: si el valor esta en la lista de algunas entradas del registro, solo se debe limpiar estos valores y dejar las llaves con tales valores intactos. Le recomendamos que utilizar Utilidad de eliminacion de W32.Mydoom.V@mm para la solucion de un problema de seguridad.


4. Fijar problemas con el navegador manualmente

W32.Mydoom.V@mm puede afectar a su navegador que se traduce en la redireccion del navegador o la busqueda de secuestro. Le recomendamos que utilice la opcion libre "Reset Browsers" bajo "Tools" en Spyhunter Remediation Tool para restablecer todos los navegadores a la vez. Mencione que usted necesita para eliminar todos los archivos y matar a todos los procesos que pertenecen al W32.Mydoom.V@mm antes de hacer esto. Para reiniciar su navegador manualmente y restaurar tu pagina de inicio realice los pasos siguientes:


internet explorer logo

Internet Explorer


  • Si utiliza Windows XP, clic Inicio, y luego clic Ejecutar. Escriba lo siguiente en el Ejecutar caja sin comillas, y pulse Entrar: "inetcpl.cpl"

  • Si utiliza Windows 7 o Windows Vista, clic Inicio boton. Escriba lo siguiente en el Buscar caja sin comillas, and press Entrar: "inetcpl.cpl"

  • Haga clic en el Opciones avanzadas

  • In Restablecer configuracion de Internet Explorer, clic Restablecer... Clic Restablecer en la ventana abierta otra vez.

  • Seleccionar la casilla Eliminar configuaracion personal para eliminar el historial de navegacion, los proveedores de busquedas, pagina principal

  • Despues de Internet Explorer termine de restablecer, clic Cerrar en el cuadro de dialogo Restablecer configuracion de Internet Explorer


google chrome logo

Google Chrome


  • Vaya a la carpeta de instalacion de Google Chrome: C:\Users\"su nombre de usuario"\AppData\Local\Google\Chrome\Application\User Data.

  • En el carpeta de User Data, buscar un archivador llamado Default y cambie su nombre DefaultBackup.

  • Lanzar Google Chrome y se creara una nueva limpia archivador Default.


mozilla firefox logo

Mozilla Firefox


  • Abre Firefox

  • Ir a Ayuda > Informacion para solucionar problemas en menu.

  • Clic en Restablecer Firefox... boton.

  • Una vez que finalice Firefox, se mostrara una ventana y crear una carpeta en el escritorio. Clic Terminar.

Advertencia: En caso de que esta opcion no funcionara el uso libre opcion Restablecer navegadores bajo Tools menu en Utilidad de eliminacion de W32.Mydoom.V@mm.

Informacion proporcionada por: Aleksei Abalmasov

Here are the descriptions of problems connected with W32.Mydoom.V@mm and Cnfgldr.exe we received earlier:

Problem Summary: MyDoom Virus Problem

I have executed the file ComboFix. The exe generated a txt log file as shown below. Please provide a resolution.

ComboFix 09-03-10.03 - comp3 2009-03-12 20:46:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2037.1482 [GMT 5.5:30]
Running from: c:\documents and settings\comp3\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090311-1] *On-access scanning disabled* (Updated)
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AutoRun.inf
c:\windows\system32\Cache
c:\windows\system32\drivers\ati6hjxx.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ATI6HJXX
-------\Legacy_icf
-------\Legacy_TCPSR
-------\Service_ati6hjxx
-------\Service_tcpsr


((((((((((((((((((((((((( Files Created from 2009-02-12 to 2009-03-12 )))))))))))))))))))))))))))))))
.

2009-03-12 19:37 . 2009-03-12 19:35 297,088 --a------ C:\FxMydoom.exe
2009-03-12 19:15 . 2009-03-12 19:15 d-------- c:\program files\CCleaner
2009-03-12 19:12 . 2009-02-21 07:36 3,171,208 --a------ C:\ccsetup216.exe
2009-03-12 19:00 . 2009-03-12 19:00 d-------- c:\documents and settings\comp3\Application Data\TeamViewer
2009-03-12 18:59 . 2009-03-12 18:59 d-------- c:\documents and settings\comp3\temp
2009-03-12 17:07 . 2009-03-12 17:07 d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-12 17:06 . 2009-03-12 17:06 d-------- c:\documents and settings\comp3\Application Data\Simply Super Software
2009-03-12 17:06 . 2003-02-02 20:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2009-03-12 17:06 . 2002-03-06 01:00 75,264 --a------ c:\windows\system32\unacev2.dll
2009-03-12 16:54 . 2009-03-12 16:54 d-------- c:\program files\Alwil Software
2009-03-12 11:46 . 2009-03-12 11:46 d-------- c:\documents and settings\comp3\Application Data\Malwarebytes
2009-03-12 11:46 . 2009-03-12 11:46 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-12 10:32 . 2009-03-12 20:51 96,110 --a------ c:\windows\system32\drivers\2262f094.sys
2009-03-12 10:32 . 2009-03-12 10:32 33,280 --a------ c:\documents and settings\All Users\lhigp.dll
2009-03-11 17:46 . 2009-03-11 21:16 99,950 --a------ c:\windows\system32\drivers\87f5a810.sys
2009-03-11 17:45 . 2009-03-11 17:45 33,280 --a------ c:\windows\system32\acnjup.dll
2009-03-11 17:25 . 2009-03-11 17:25 33,280 --a------ c:\documents and settings\comp3\bnvuskwj.dll
2009-03-11 17:24 . 2009-03-11 17:24 33,280 --a------ c:\documents and settings\All Users\jkso.dll
2009-03-11 17:23 . 2009-03-11 17:42 99,950 --a------ c:\windows\system32\drivers\24f8dff7.sys
2009-03-11 15:21 . 2009-03-11 15:21 d-------- c:\program files\MSDN
2009-03-11 15:09 . 2009-03-11 15:09 d-------- c:\program files\Microsoft Device Emulator
2009-03-11 15:09 . 2009-03-11 15:09 d-------- c:\program files\Business Objects
2009-03-11 15:08 . 2009-03-11 15:08 d-------- c:\program files\Windows Mobile 5.0 SDK R2
2009-03-11 15:01 . 2009-03-11 15:01 d-------- c:\documents and settings\All Users\Application Data\PreEmptive Solutions
2009-03-11 14:56 . 2009-03-11 14:56 d-------- c:\windows\symbols
2009-03-11 14:54 . 2009-03-11 14:54 d-------- c:\program files\Microsoft SDKs
2009-03-11 14:54 . 2009-03-11 14:57 d-------- c:\program files\HTML Help Workshop
2009-03-11 14:54 . 2009-03-11 15:01 d-------- c:\program files\Common Files\Merge Modules
2009-03-11 14:54 . 2009-03-11 14:54 d-------- c:\program files\CE Remote Tools
2009-03-11 14:52 . 2009-03-11 14:52 d-------- c:\windows\system32\XPSViewer
2009-03-11 14:51 . 2009-03-11 14:51 d-------- c:\program files\Reference Assemblies
2009-03-11 14:48 . 2009-03-11 14:48 d-------- c:\program files\MSXML 6.0
2009-03-11 13:31 . 2009-03-11 13:31 d-------- c:\program files\MagicISO
2009-03-11 13:16 . 2009-03-11 14:52 d-------- c:\program files\MSBuild
2009-03-11 11:00 . 2009-03-11 11:00 247,656 --a------ c:\windows\system32\ht8x4.exe
2009-03-10 20:19 . 2009-03-10 20:40 d-------- c:\windows\SxsCaPendDel
2009-03-10 17:45 . 2009-03-12 19:48 d-------- c:\documents and settings\comp3\Application Data\nidle
2009-03-10 17:38 . 2009-03-10 17:38 d---s---- c:\documents and settings\comp3\UserData
2009-03-10 17:31 . 2009-03-10 17:31 d-------- c:\windows\IIS Temporary Compressed Files
2009-03-10 12:26 . 2009-03-10 12:26 0 -rahs---- C:\kht
2009-03-10 12:22 . 2009-03-10 12:25 1,517 -rahs---- c:\windows\system32\autorun.in
2009-03-10 12:22 . 2009-03-10 12:25 1,470 -rahs---- c:\windows\system32\autorun.i
2009-03-09 21:43 . 2009-03-11 18:29 d-------- c:\program files\Microsoft SQL Server
2009-03-09 21:41 . 2009-03-09 21:41 d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-03-09 21:32 . 2009-03-10 20:14 d-------- c:\program files\Microsoft.NET
2009-03-09 21:32 . 2009-03-09 21:32 d-------- c:\program files\Microsoft Web Designer Tools
2009-03-09 21:32 . 2009-03-11 15:09 d-------- c:\program files\Microsoft Visual Studio 9.0
2009-03-09 21:29 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-03-09 12:51 . 2009-02-12 05:54 37,183 --a------ C:\addmember.php
2009-03-05 17:51 . 2009-03-05 17:51 d-------- c:\program files\Real
2009-03-05 17:51 . 2009-03-05 17:51 d-------- c:\program files\Common Files\xing shared
2009-03-05 17:51 . 2009-03-05 17:51 d-------- c:\program files\Common Files\Real
2009-03-05 13:51 . 2009-03-05 13:51 84,992 -ra-s---- c:\windows\system32\rmtrx.dll
2009-03-04 12:15 . 2009-03-11 13:57 d--h----- C:\$AVG8.VAULT$
2009-03-03 19:40 . 2009-03-03 19:40 d-------- c:\program files\ESET
2009-03-03 19:40 . 2009-03-03 19:40 d-------- c:\documents and settings\All Users\Application Data\ESET
2009-03-03 19:18 . 2009-03-03 19:18 d-------- c:\windows\system32\drivers\Avg
2009-03-03 19:18 . 2009-03-03 19:18 d-------- c:\program files\AVG
2009-03-03 19:18 . 2009-03-03 19:25 d-------- c:\documents and settings\comp3\Application Data\AVGTOOLBAR
2009-03-03 19:18 . 2009-03-03 19:18 d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-03 19:18 . 2009-03-03 19:18 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-03 19:18 . 2009-03-03 19:18 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-03 18:41 . 2009-03-03 19:18 d-------- c:\documents and settings\Administrator
2009-03-03 18:12 . 2009-03-03 19:18 d-------- c:\documents and settings\Guest
2009-02-28 11:46 . 2009-02-28 11:47 d-------- c:\program files\Sizer
2009-02-26 19:22 . 2009-02-27 12:14 d-------- c:\documents and settings\comp3\Application Data\dvdcss
2009-02-26 12:42 . 2009-02-26 12:42 d-------- c:\program files\Apple Software Update
2009-02-26 12:42 . 2009-02-26 12:42 d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-21 16:39 . 2009-02-21 16:41 d-------- c:\documents and settings\comp3\Application Data\Ahead
2009-02-21 16:39 . 2009-02-21 19:58 69 --a------ c:\windows\NeroDigital.ini
2009-02-21 16:38 . 2009-02-21 16:38 d-------- c:\documents and settings\All Users\Application Data\Ahead
2009-02-20 18:24 . 2009-03-10 20:40 d-------- c:\program files\Google
2009-02-20 13:23 . 2009-02-20 13:23 d-------- c:\program files\Flash Movie Player
2009-02-19 19:20 . 2009-03-11 17:29 57,992 --ah----- c:\windows\system32\mlfcache.dat
2009-02-17 13:55 . 2009-02-17 13:55 d-------- c:\documents and settings\comp3\Application Data\Media Player Classic
2009-02-14 17:23 . 2009-02-26 12:43 d-------- c:\documents and settings\comp3\Application Data\Apple Computer
2009-02-13 20:33 . 2009-02-16 20:13 d-------- c:\documents and settings\comp3\Application Data\Xilisoft Corporation
2009-02-13 16:42 . 2009-02-13 16:43 d-------- c:\documents and settings\comp3\Application Data\vlc
2009-02-13 12:52 . 2009-02-13 12:52 d-------- c:\program files\YouTube Downloader
2009-02-13 10:40 . 2009-03-12 12:10 d-------- C:\My Web Sites
2009-02-13 10:39 . 2009-02-13 10:39 d-------- c:\program files\WinHTTrack

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-12 14:47 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 2
2009-03-12 11:44 --------- d-----w c:\documents and settings\comp3\Application Data\uTorrent
2009-03-11 10:03 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-11 07:46 --------- d-----w c:\program files\Microsoft Works
2009-02-26 07:13 --------- d-----w c:\program files\Safari
2009-02-20 08:01 --------- d-----w c:\program files\Macromedia
2009-02-20 08:01 --------- d-----w c:\program files\Common Files\Macromedia
2009-02-11 12:59 --------- d-----w c:\program files\uTorrent
2009-02-10 06:17 --------- d-----w c:\documents and settings\All Users\Application Data\Macrovision
2009-02-10 06:11 --------- d-----w c:\program files\Common Files\Adobe
2009-02-10 06:06 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-10 06:06 --------- d-----w c:\program files\Common Files\Macromedia Shared
2009-02-09 13:26 --------- d-----w c:\program files\VideoLAN
2009-02-09 08:25 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems
2009-02-09 06:04 --------- d-----w c:\program files\GlobalSCAPE
2009-02-09 06:04 --------- d-----w c:\documents and settings\comp3\Application Data\GlobalSCAPE
2009-02-09 06:04 --------- d-----w c:\documents and settings\All Users\Application Data\GlobalSCAPE
2009-02-09 05:18 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-09 05:17 --------- d-----w c:\program files\Opera
2009-02-09 05:17 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-02-08 06:58 --------- d-----w c:\program files\Common Files\Adobe Systems Shared
2009-02-05 07:46 --------- d-----w c:\documents and settings\comp3\Application Data\InterTrust
2009-02-05 07:41 315,392 ----a-w c:\windows\HideWin.exe
2009-02-05 07:41 --------- d-----w c:\program files\Realtek
2009-02-05 07:38 --------- d-----w c:\documents and settings\comp3\Application Data\InstallShield
2009-02-05 07:34 --------- d-----w c:\program files\Intel
2009-02-05 07:28 --------- d-----w c:\program files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Google Update"="c:\documents and settings\comp3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-10 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-11 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-11 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-11 131072]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-03 1234712]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-06 81000]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-11 c:\windows\RTHDCPL.exe]

c:\documents and settings\comp3\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Sizer.lnk - c:\program files\Sizer\sizer.exe [2002-12-08 18944]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-02-05 106560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-02 02:52 3739648 c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\comp3\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\comp3\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56795:TCP"= 56795:TCP:BuildIntel SystemSpeech
"25551:TCP"= 25551:TCP:BuildIntel PackagesGames
"47906:TCP"= 47906:TCP:BuildIntel Microsofttwain
"14747:UDP"= 14747:UDP:BuildIntel OptionsOptions
"12180:TCP"= 12180:TCP:BuildIntel MakerVideo
"35691:UDP"= 35691:UDP:BuildIntel Documentswinsxs
"30545:UDP"= 30545:UDP:BuildIntel OfficeDownloaded
"15919:UDP"= 15919:UDP:BuildIntel Documentsinf

R1 aswsp;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-12 114768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-03 97928]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 30728]
R2 aswfsblk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-12 20560]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-03 231704]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2005-10-14 199384]
R2 msftesql$MASTER;SQL Server FullText Search (MASTER);c:\program files\Microsoft SQL Server\MSSQL.5\MSSQL\Binn\msftesql.exe [2006-02-14 92880]
R2 msftesql$MYMATE;SQL Server FullText Search (MYMATE);c:\program files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\msftesql.exe [2006-02-14 92880]
R2 msftesql$SQLEXPRESS_MAS;SQL Server FullText Search (SQLEXPRESS_MAS);c:\program files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\msftesql.exe [2006-02-14 92880]
R2 MSSQL$MASTER;SQL Server (MASTER);c:\program files\Microsoft SQL Server\MSSQL.5\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
R2 MSSQL$MYMATE;SQL Server (MYMATE);c:\program files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
R2 MSSQL$SQLEXPRESS_MAS;SQL Server (SQLEXPRESS_MAS);c:\program files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
R3 slnt;Silan SC92031 PCI Fast Ethernet Adapter;c:\windows\system32\drivers\slnt.sys [2009-02-09 18004]
S2 jfmyihpecs;jfmyihpecs;c:\windows\System32\svchost.exe -k netsvcs [2004-08-04 14336]
S2 ReportServer$SQLEXPRESS;SQL Server Reporting Services (SQLEXPRESS); [x]
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER); [x]
S2 W32mon;Config Time;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
W32mon
Jnfoe
oafkez
ayxisuhag
JfmyIhpecs
.
Contents of the 'Scheduled Tasks' folder

2009-03-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-261903793-725345543-1003.job
- c:\documents and settings\comp3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-10 15:19]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-TkBellExe - realsched.exe
MSConfigStartUp-Email Protection - c:\progra~1\QUICKH~1\QUICKH~1\EMLPROUI.EXE
MSConfigStartUp-Messenger - c:\progra~1\QUICKH~1\QUICKH~1\SCANMSG.EXE
MSConfigStartUp-On-Line Protection - c:\progra~1\QUICKH~1\QUICKH~1\cateye.exe
MSConfigStartUp-ResumeQuickupDownload - c:\progra~1\QUICKH~1\QUICKH~1\acappaa.exe
MSConfigStartUp-Startup Scan - c:\progra~1\QUICKH~1\QUICKH~1\Sensor.EXE
MSConfigStartUp-Update Scheduler - c:\progra~1\QUICKH~1\QUICKH~1\UPSCHD.EXE


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bleepingcomputer.com/combofix/how-to-use-combofix
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {22BCDE5B-6F85-4EE9-8A86-DA3C2A943747} = 198.168.0.1
TCP: {7E698D0B-D550-4676-A421-B6F2526946C4} = 202.138.96.2,202.138.103.100
FF - ProfilePath - c:\documents and settings\comp3\Application Data\Mozilla\Firefox\Profiles\6blig0c1.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\comp3\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\comp3\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Opera\program\plugins\nppdf32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-12 20:50:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\msftesql$MASTER]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.5\MSSQL\Binn\msftesql.exe\" -s:MSSQL.5 -f:MASTER"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\msftesql$MYMATE]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\msftesql.exe\" -s:MSSQL.4 -f:MYMATE"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\msftesql$SQLEXPRESS_MAS]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\msftesql.exe\" -s:MSSQL.3 -f:SQLEXPRESS_MAS"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\2262f094]
"ImagePath"="\SystemRoot\System32\drivers\2262f094.sys"
--

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\W32mon]
"ServiceDll"="c:\windows\system32\rmtrx.dll"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\documents and settings\comp3\temp\TeamViewer\Version4\TeamViewer.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2009-03-12 20:56:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-12 15:26:30

Pre-Run: 19,773,566,976 bytes free
Post-Run: 19,594,235,904 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
289

Problem was successfully solved. Ticket was closed.

Problem Summary: MyDoom Virus Problem

I have executed the file ComboFix. The exe generated a txt log file as shown below. Please provide a resolution.

ComboFix 09-03-10.03 - comp3 2009-03-12 20:46:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2037.1482 [GMT 5.5:30]
Running from: c:\documents and settings\comp3\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090311-1] *On-access scanning disabled* (Updated)
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AutoRun.inf
c:\windows\system32\Cache
c:\windows\system32\drivers\ati6hjxx.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ATI6HJXX
-------\Legacy_icf
-------\Legacy_TCPSR
-------\Service_ati6hjxx
-------\Service_tcpsr


((((((((((((((((((((((((( Files Created from 2009-02-12 to 2009-03-12 )))))))))))))))))))))))))))))))
.

2009-03-12 19:37 . 2009-03-12 19:35 297,088 --a------ C:\FxMydoom.exe
2009-03-12 19:15 . 2009-03-12 19:15 d-------- c:\program files\CCleaner
2009-03-12 19:12 . 2009-02-21 07:36 3,171,208 --a------ C:\ccsetup216.exe
2009-03-12 19:00 . 2009-03-12 19:00 d-------- c:\documents and settings\comp3\Application Data\TeamViewer
2009-03-12 18:59 . 2009-03-12 18:59 d-------- c:\documents and settings\comp3\temp
2009-03-12 17:07 . 2009-03-12 17:07 d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-12 17:06 . 2009-03-12 17:06 d-------- c:\documents and settings\comp3\Application Data\Simply Super Software
2009-03-12 17:06 . 2003-02-02 20:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2009-03-12 17:06 . 2002-03-06 01:00 75,264 --a------ c:\windows\system32\unacev2.dll
2009-03-12 16:54 . 2009-03-12 16:54 d-------- c:\program files\Alwil Software
2009-03-12 11:46 . 2009-03-12 11:46 d-------- c:\documents and settings\comp3\Application Data\Malwarebytes
2009-03-12 11:46 . 2009-03-12 11:46 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-12 10:32 . 2009-03-12 20:51 96,110 --a------ c:\windows\system32\drivers\2262f094.sys
2009-03-12 10:32 . 2009-03-12 10:32 33,280 --a------ c:\documents and settings\All Users\lhigp.dll
2009-03-11 17:46 . 2009-03-11 21:16 99,950 --a------ c:\windows\system32\drivers\87f5a810.sys
2009-03-11 17:45 . 2009-03-11 17:45 33,280 --a------ c:\windows\system32\acnjup.dll
2009-03-11 17:25 . 2009-03-11 17:25 33,280 --a------ c:\documents and settings\comp3\bnvuskwj.dll
2009-03-11 17:24 . 2009-03-11 17:24 33,280 --a------ c:\documents and settings\All Users\jkso.dll
2009-03-11 17:23 . 2009-03-11 17:42 99,950 --a------ c:\windows\system32\drivers\24f8dff7.sys
2009-03-11 15:21 . 2009-03-11 15:21 d-------- c:\program files\MSDN
2009-03-11 15:09 . 2009-03-11 15:09 d-------- c:\program files\Microsoft Device Emulator
2009-03-11 15:09 . 2009-03-11 15:09 d-------- c:\program files\Business Objects
2009-03-11 15:08 . 2009-03-11 15:08 d-------- c:\program files\Windows Mobile 5.0 SDK R2
2009-03-11 15:01 . 2009-03-11 15:01 d-------- c:\documents and settings\All Users\Application Data\PreEmptive Solutions
2009-03-11 14:56 . 2009-03-11 14:56 d-------- c:\windows\symbols
2009-03-11 14:54 . 2009-03-11 14:54 d-------- c:\program files\Microsoft SDKs
2009-03-11 14:54 . 2009-03-11 14:57 d-------- c:\program files\HTML Help Workshop
2009-03-11 14:54 . 2009-03-11 15:01 d-------- c:\program files\Common Files\Merge Modules
2009-03-11 14:54 . 2009-03-11 14:54 d-------- c:\program files\CE Remote Tools
2009-03-11 14:52 . 2009-03-11 14:52 d-------- c:\windows\system32\XPSViewer
2009-03-11 14:51 . 2009-03-11 14:51 d-------- c:\program files\Reference Assemblies
2009-03-11 14:48 . 2009-03-11 14:48 d-------- c:\program files\MSXML 6.0
2009-03-11 13:31 . 2009-03-11 13:31 d-------- c:\program files\MagicISO
2009-03-11 13:16 . 2009-03-11 14:52 d-------- c:\program files\MSBuild
2009-03-11 11:00 . 2009-03-11 11:00 247,656 --a------ c:\windows\system32\ht8x4.exe
2009-03-10 20:19 . 2009-03-10 20:40 d-------- c:\windows\SxsCaPendDel
2009-03-10 17:45 . 2009-03-12 19:48 d-------- c:\documents and settings\comp3\Application Data\nidle
2009-03-10 17:38 . 2009-03-10 17:38 d---s---- c:\documents and settings\comp3\UserData
2009-03-10 17:31 . 2009-03-10 17:31 d-------- c:\windows\IIS Temporary Compressed Files
2009-03-10 12:26 . 2009-03-10 12:26 0 -rahs---- C:\kht
2009-03-10 12:22 . 2009-03-10 12:25 1,517 -rahs---- c:\windows\system32\autorun.in
2009-03-10 12:22 . 2009-03-10 12:25 1,470 -rahs---- c:\windows\system32\autorun.i
2009-03-09 21:43 . 2009-03-11 18:29 d-------- c:\program files\Microsoft SQL Server
2009-03-09 21:41 . 2009-03-09 21:41 d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-03-09 21:32 . 2009-03-10 20:14 d-------- c:\program files\Microsoft.NET
2009-03-09 21:32 . 2009-03-09 21:32 d-------- c:\program files\Microsoft Web Designer Tools
2009-03-09 21:32 . 2009-03-11 15:09 d-------- c:\program files\Microsoft Visual Studio 9.0
2009-03-09 21:29 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-03-09 12:51 . 2009-02-12 05:54 37,183 --a------ C:\addmember.php
2009-03-05 17:51 . 2009-03-05 17:51 d-------- c:\program files\Real
2009-03-05 17:51 . 2009-03-05 17:51 d-------- c:\program files\Common Files\xing shared
2009-03-05 17:51 . 2009-03-05 17:51 d-------- c:\program files\Common Files\Real
2009-03-05 13:51 . 2009-03-05 13:51 84,992 -ra-s---- c:\windows\system32\rmtrx.dll
2009-03-04 12:15 . 2009-03-11 13:57 d--h----- C:\$AVG8.VAULT$
2009-03-03 19:40 . 2009-03-03 19:40 d-------- c:\program files\ESET
2009-03-03 19:40 . 2009-03-03 19:40 d-------- c:\documents and settings\All Users\Application Data\ESET
2009-03-03 19:18 . 2009-03-03 19:18 d-------- c:\windows\system32\drivers\Avg
2009-03-03 19:18 . 2009-03-03 19:18 d-------- c:\program files\AVG
2009-03-03 19:18 . 2009-03-03 19:25 d-------- c:\documents and settings\comp3\Application Data\AVGTOOLBAR
2009-03-03 19:18 . 2009-03-03 19:18 d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-03 19:18 . 2009-03-03 19:18 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-03 19:18 . 2009-03-03 19:18 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-03 18:41 . 2009-03-03 19:18 d-------- c:\documents and settings\Administrator
2009-03-03 18:12 . 2009-03-03 19:18 d-------- c:\documents and settings\Guest
2009-02-28 11:46 . 2009-02-28 11:47 d-------- c:\program files\Sizer
2009-02-26 19:22 . 2009-02-27 12:14 d-------- c:\documents and settings\comp3\Application Data\dvdcss
2009-02-26 12:42 . 2009-02-26 12:42 d-------- c:\program files\Apple Software Update
2009-02-26 12:42 . 2009-02-26 12:42 d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-21 16:39 . 2009-02-21 16:41 d-------- c:\documents and settings\comp3\Application Data\Ahead
2009-02-21 16:39 . 2009-02-21 19:58 69 --a------ c:\windows\NeroDigital.ini
2009-02-21 16:38 . 2009-02-21 16:38 d-------- c:\documents and settings\All Users\Application Data\Ahead
2009-02-20 18:24 . 2009-03-10 20:40 d-------- c:\program files\Google
2009-02-20 13:23 . 2009-02-20 13:23 d-------- c:\program files\Flash Movie Player
2009-02-19 19:20 . 2009-03-11 17:29 57,992 --ah----- c:\windows\system32\mlfcache.dat
2009-02-17 13:55 . 2009-02-17 13:55 d-------- c:\documents and settings\comp3\Application Data\Media Player Classic
2009-02-14 17:23 . 2009-02-26 12:43 d-------- c:\documents and settings\comp3\Application Data\Apple Computer
2009-02-13 20:33 . 2009-02-16 20:13 d-------- c:\documents and settings\comp3\Application Data\Xilisoft Corporation
2009-02-13 16:42 . 2009-02-13 16:43 d-------- c:\documents and settings\comp3\Application Data\vlc
2009-02-13 12:52 . 2009-02-13 12:52 d-------- c:\program files\YouTube Downloader
2009-02-13 10:40 . 2009-03-12 12:10 d-------- C:\My Web Sites
2009-02-13 10:39 . 2009-02-13 10:39 d-------- c:\program files\WinHTTrack

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-12 14:47 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 2
2009-03-12 11:44 --------- d-----w c:\documents and settings\comp3\Application Data\uTorrent
2009-03-11 10:03 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-11 07:46 --------- d-----w c:\program files\Microsoft Works
2009-02-26 07:13 --------- d-----w c:\program files\Safari
2009-02-20 08:01 --------- d-----w c:\program files\Macromedia
2009-02-20 08:01 --------- d-----w c:\program files\Common Files\Macromedia
2009-02-11 12:59 --------- d-----w c:\program files\uTorrent
2009-02-10 06:17 --------- d-----w c:\documents and settings\All Users\Application Data\Macrovision
2009-02-10 06:11 --------- d-----w c:\program files\Common Files\Adobe
2009-02-10 06:06 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-10 06:06 --------- d-----w c:\program files\Common Files\Macromedia Shared
2009-02-09 13:26 --------- d-----w c:\program files\VideoLAN
2009-02-09 08:25 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems
2009-02-09 06:04 --------- d-----w c:\program files\GlobalSCAPE
2009-02-09 06:04 --------- d-----w c:\documents and settings\comp3\Application Data\GlobalSCAPE
2009-02-09 06:04 --------- d-----w c:\documents and settings\All Users\Application Data\GlobalSCAPE
2009-02-09 05:18 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-09 05:17 --------- d-----w c:\program files\Opera
2009-02-09 05:17 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-02-08 06:58 --------- d-----w c:\program files\Common Files\Adobe Systems Shared
2009-02-05 07:46 --------- d-----w c:\documents and settings\comp3\Application Data\InterTrust
2009-02-05 07:41 315,392 ----a-w c:\windows\HideWin.exe
2009-02-05 07:41 --------- d-----w c:\program files\Realtek
2009-02-05 07:38 --------- d-----w c:\documents and settings\comp3\Application Data\InstallShield
2009-02-05 07:34 --------- d-----w c:\program files\Intel
2009-02-05 07:28 --------- d-----w c:\program files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Google Update"="c:\documents and settings\comp3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-10 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-11 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-11 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-11 131072]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-03 1234712]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-06 81000]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-11 c:\windows\RTHDCPL.exe]

c:\documents and settings\comp3\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Sizer.lnk - c:\program files\Sizer\sizer.exe [2002-12-08 18944]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-02-05 106560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-02 02:52 3739648 c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\comp3\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\comp3\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56795:TCP"= 56795:TCP:BuildIntel SystemSpeech
"25551:TCP"= 25551:TCP:BuildIntel PackagesGames
"47906:TCP"= 47906:TCP:BuildIntel Microsofttwain
"14747:UDP"= 14747:UDP:BuildIntel OptionsOptions
"12180:TCP"= 12180:TCP:BuildIntel MakerVideo
"35691:UDP"= 35691:UDP:BuildIntel Documentswinsxs
"30545:UDP"= 30545:UDP:BuildIntel OfficeDownloaded
"15919:UDP"= 15919:UDP:BuildIntel Documentsinf

R1 aswsp;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-12 114768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-03 97928]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 30728]
R2 aswfsblk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-12 20560]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-03 231704]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2005-10-14 199384]
R2 msftesql$MASTER;SQL Server FullText Search (MASTER);c:\program files\Microsoft SQL Server\MSSQL.5\MSSQL\Binn\msftesql.exe [2006-02-14 92880]
R2 msftesql$MYMATE;SQL Server FullText Search (MYMATE);c:\program files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\msftesql.exe [2006-02-14 92880]
R2 msftesql$SQLEXPRESS_MAS;SQL Server FullText Search (SQLEXPRESS_MAS);c:\program files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\msftesql.exe [2006-02-14 92880]
R2 MSSQL$MASTER;SQL Server (MASTER);c:\program files\Microsoft SQL Server\MSSQL.5\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
R2 MSSQL$MYMATE;SQL Server (MYMATE);c:\program files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
R2 MSSQL$SQLEXPRESS_MAS;SQL Server (SQLEXPRESS_MAS);c:\program files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
R3 slnt;Silan SC92031 PCI Fast Ethernet Adapter;c:\windows\system32\drivers\slnt.sys [2009-02-09 18004]
S2 jfmyihpecs;jfmyihpecs;c:\windows\System32\svchost.exe -k netsvcs [2004-08-04 14336]
S2 ReportServer$SQLEXPRESS;SQL Server Reporting Services (SQLEXPRESS); [x]
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER); [x]
S2 W32mon;Config Time;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
W32mon
Jnfoe
oafkez
ayxisuhag
JfmyIhpecs
.
Contents of the 'Scheduled Tasks' folder

2009-03-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-261903793-725345543-1003.job
- c:\documents and settings\comp3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-10 15:19]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-TkBellExe - realsched.exe
MSConfigStartUp-Email Protection - c:\progra~1\QUICKH~1\QUICKH~1\EMLPROUI.EXE
MSConfigStartUp-Messenger - c:\progra~1\QUICKH~1\QUICKH~1\SCANMSG.EXE
MSConfigStartUp-On-Line Protection - c:\progra~1\QUICKH~1\QUICKH~1\cateye.exe
MSConfigStartUp-ResumeQuickupDownload - c:\progra~1\QUICKH~1\QUICKH~1\acappaa.exe
MSConfigStartUp-Startup Scan - c:\progra~1\QUICKH~1\QUICKH~1\Sensor.EXE
MSConfigStartUp-Update Scheduler - c:\progra~1\QUICKH~1\QUICKH~1\UPSCHD.EXE


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bleepingcomputer.com/combofix/how-to-use-combofix
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {22BCDE5B-6F85-4EE9-8A86-DA3C2A943747} = 198.168.0.1
TCP: {7E698D0B-D550-4676-A421-B6F2526946C4} = 202.138.96.2,202.138.103.100
FF - ProfilePath - c:\documents and settings\comp3\Application Data\Mozilla\Firefox\Profiles\6blig0c1.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\comp3\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\comp3\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Opera\program\plugins\nppdf32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-12 20:50:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\msftesql$MASTER]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.5\MSSQL\Binn\msftesql.exe\" -s:MSSQL.5 -f:MASTER"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\msftesql$MYMATE]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\msftesql.exe\" -s:MSSQL.4 -f:MYMATE"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\msftesql$SQLEXPRESS_MAS]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\msftesql.exe\" -s:MSSQL.3 -f:SQLEXPRESS_MAS"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\2262f094]
"ImagePath"="\SystemRoot\System32\drivers\2262f094.sys"
--

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\W32mon]
"ServiceDll"="c:\windows\system32\rmtrx.dll"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\documents and settings\comp3\temp\TeamViewer\Version4\TeamViewer.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2009-03-12 20:56:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-12 15:26:30

Pre-Run: 19,773,566,976 bytes free
Post-Run: 19,594,235,904 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
289

Problem was successfully solved. Ticket was closed.

Problem Summary: i want to clean this trojan

hi
i want to remove the trojan with this file = pic.exe
that always hiding from me and i cant delete it,also it makes a file with the name = autorun.inf
plz help me

Problem was successfully solved. Ticket was closed.

Problem Summary: I can't open my drives by double clicking them

I have a problem with my windows XP when I want to open my drives by double clicking them a command promt windows appear with title of my drive name + " :\pic.exe " and then it close immediatly. I have reinstalled my Windows 3 times but no change appeared.

Problem was successfully solved. Ticket was closed.

Problem Summary: fixmydoom.exe won't run

Tell me I do not have administrator level privledges, but I do,

Problem was successfully solved. Ticket was closed.

Problem Summary: pic.exe

can not open drive of widows

Problem was successfully solved. Ticket was closed.

Problem Summary: win32s.exe

this file was infect to my computer and flash disk and i don'n remove it. thank you...

Problem was successfully solved. Ticket was closed.

Related problem: remove cydoor

«

Principal | Socios | Tienda | Soporte | Condiciones de uso | Contactenos | Politica de Privacidad | Mapa del sitio

Copyright © 2024 Security Stronghold LLC. Todos los derechos reservados. Todo el contenido de este sitio web está protegido y pertenece a la Security Stronghold LLC.