Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help.problem With My Symantec Av After Using Combofix


  • This topic is locked This topic is locked
1 reply to this topic

#1 cram360

cram360

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 05 September 2008 - 10:02 AM

I used the combofix to remove malware in pc because everytime I click the c:/ of my pc, a window pops-up with programs to use with. I followed the procedures posted here using combofix including downloading the windows console removal tool and turning off any antivirus&firewall programs. I can open now tne C:\ of my pc but the problem is once I open it a message error pops- up which says"An error occured while loaing savrt32.dll".To anyone out there who knows how to solve this problem, pls help me. Here is my combofix log. I also attached it.

ComboFix 08-09-04.09 - Joseph 2008-09-05 21:57:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.434 [GMT 8:00]
Running from: C:\Documents and Settings\Joseph\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Joseph\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\Program Files\MyWebSearch
C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\dao350.dll

.
((((((((((((((((((((((((( Files Created from 2008-08-05 to 2008-09-05 )))))))))))))))))))))))))))))))
.

2008-09-04 23:34 . 2008-09-05 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-04 23:04 . 2008-09-05 21:52 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-04 23:04 . 2008-09-05 21:53 <DIR> d-------- C:\Documents and Settings\Joseph\Application Data\SUPERAntiSpyware.com
2008-09-04 23:04 . 2008-09-04 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-04 15:44 . 2008-09-04 20:53 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-09-04 13:38 . 2008-09-04 13:38 <DIR> d-------- C:\Documents and Settings\Joseph\dwhelper
2008-09-04 12:25 . 2004-08-04 20:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-09-04 12:01 . 2008-09-04 12:01 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-04 12:01 . 2008-09-04 12:01 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-04 12:01 . 2008-09-04 12:01 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-04 12:01 . 2008-09-04 12:01 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-04 11:53 . 2008-09-04 12:02 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-04 11:04 . 2008-04-14 08:12 397,056 --------- C:\WINDOWS\system32\s3gnb.dll
2008-09-04 11:04 . 2008-04-14 08:12 291,328 --------- C:\WINDOWS\system32\qagentrt.dll
2008-09-04 11:04 . 2008-04-14 08:12 290,304 --------- C:\WINDOWS\system32\rhttpaa.dll
2008-09-04 11:04 . 2004-08-03 22:41 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2008-09-04 11:04 . 2008-04-14 08:12 150,528 --------- C:\WINDOWS\system32\qagent.dll
2008-09-04 11:04 . 2008-04-14 08:12 144,384 --------- C:\WINDOWS\system32\onex.dll
2008-09-04 11:04 . 2008-04-14 08:12 76,800 --------- C:\WINDOWS\system32\qutil.dll
2008-09-04 11:04 . 2008-04-14 08:12 62,464 --------- C:\WINDOWS\system32\qcliprov.dll
2008-09-04 11:04 . 2008-04-14 08:12 61,952 --------- C:\WINDOWS\system32\rasqec.dll
2008-09-04 11:04 . 2008-04-14 02:56 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2008-09-04 11:04 . 2004-08-03 22:41 13,776 --------- C:\WINDOWS\system32\drivers\recagent.sys
2008-09-04 11:02 . 2008-04-14 08:11 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2008-09-04 11:02 . 2008-04-14 08:11 61,440 --------- C:\WINDOWS\system32\kmsvc.dll
2008-09-04 11:02 . 2008-04-14 08:11 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll
2008-09-04 11:02 . 2004-08-03 22:41 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2008-09-04 11:02 . 2008-04-14 08:09 6,144 --------- C:\WINDOWS\system32\kbdpash.dll
2008-09-04 11:02 . 2008-04-14 08:09 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll
2008-09-04 11:02 . 2008-04-14 08:09 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll
2008-09-04 11:02 . 2008-04-14 08:09 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll
2008-09-04 11:01 . 2008-04-14 02:45 46,592 --------- C:\WINDOWS\system32\drivers\irbus.sys
2008-09-04 11:01 . 2008-04-14 08:12 10,752 --------- C:\WINDOWS\system32\smtpapi.dll
2008-09-04 11:01 . 2008-04-14 08:12 9,728 --------- C:\WINDOWS\system32\rwnh.dll
2008-09-04 11:01 . 2008-04-14 02:43 9,728 --------- C:\WINDOWS\system32\comsdupd.exe
2008-09-04 11:01 . 2007-06-21 13:52 974 --------- C:\WINDOWS\system32\pid.inf
2008-09-04 10:59 . 2008-04-14 08:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-09-03 20:16 . 2008-09-04 10:36 <DIR> d-------- C:\Documents and Settings\Joseph\Application Data\Windows Live Writer
2008-09-03 20:06 . 2008-09-03 20:25 <DIR> d---s---- C:\Documents and Settings\Administrator
2008-09-03 18:16 . 2008-09-05 20:46 <DIR> d-------- C:\Documents and Settings\Joseph\Application Data\McAfee
2008-09-03 17:54 . 2008-09-05 20:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-09-03 17:45 . 2008-09-05 20:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-03 17:30 . 2008-09-04 09:05 <DIR> d-------- C:\Program Files\Wopti
2008-09-03 17:02 . 2008-09-04 13:08 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-09-03 12:10 . 2008-09-03 20:13 <DIR> d-------- C:\Documents and Settings\Joseph\Contacts
2008-09-03 12:09 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-09-03 12:08 . 2008-09-03 12:08 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-09-03 11:15 . 2008-09-04 10:01 <DIR> d-------- C:\Program Files\Windows Live
2008-09-03 11:15 . 2008-09-03 20:14 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-03 11:12 . 2008-09-04 08:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-01 11:31 . 2008-09-01 11:31 <DIR> d-------- C:\Documents and Settings\Joseph\Application Data\Reallusion
2008-09-01 11:30 . 2008-09-01 11:30 <DIR> d-------- C:\Program Files\Common Files\Reallusion
2008-08-30 18:17 . 2008-08-30 18:17 <DIR> d-------- C:\Program Files\Replay Converter
2008-08-30 13:14 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-08-30 13:14 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-08-30 13:14 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-08-30 12:45 . 2008-08-30 12:45 36 ---h----- C:\WINDOWS\system32\swk.ini
2008-08-30 11:50 . 2008-08-30 11:57 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-08-30 10:12 . 2008-08-23 10:00 <DIR> d-------- C:\ECG_ON_CDROM
2008-08-30 00:54 . 2008-09-05 10:51 <DIR> d-------- C:\Program Files\CramMaster
2008-08-30 00:30 . 2008-08-30 00:30 <DIR> d-------- C:\Program Files\Lippincott's Review Series
2008-08-30 00:19 . 2008-08-30 00:19 24 --a------ C:\WINDOWS\AM_D7.PRF
2008-08-30 00:18 . 2008-08-30 10:54 <DIR> d-------- C:\Program Files\QuickTime
2008-08-30 00:18 . 2008-08-30 10:29 42,607 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-08-30 00:07 . 2008-08-03 12:32 <DIR> d-------- C:\Program Files\Comprehensive Review 3e
2008-08-28 10:36 . 2008-08-28 10:36 <DIR> d-------- C:\Program Files\EA SPORTS
2008-08-27 12:47 . 2008-08-27 12:47 0 --a------ C:\WINDOWS\PhotoNow.INI
2008-08-27 12:36 . 2008-08-27 12:36 <DIR> d-------- C:\MyWorks
2008-08-27 12:34 . 2008-08-27 12:34 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-08-27 07:26 . 2008-09-03 13:48 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-08-26 23:40 . 2008-08-27 07:15 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-26 23:40 . 2008-08-26 23:40 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys.install_backup
2008-08-26 23:40 . 2008-08-26 23:40 26,184 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys.install_backup
2008-08-19 18:52 . 2008-08-26 20:52 <DIR> d-------- C:\Documents and Settings\Joseph\Application Data\Tutor
2008-08-19 18:50 . 2008-09-04 08:48 <DIR> d-------- C:\Program Files\Tutor 6
2008-08-19 12:01 . 2008-08-19 21:54 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-08-18 03:29 . 2008-09-03 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira Premium Security Suite
2008-08-17 23:40 . 2008-08-17 23:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-08-17 23:16 . 2008-08-27 07:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-13 22:04 . 2008-08-14 14:30 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-08-13 21:59 . 2008-08-13 21:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-13 19:47 . 2008-08-25 11:34 <DIR> d-------- C:\Documents and Settings\Joseph\Application Data\OpenOffice.org2
2008-08-13 15:46 . 2008-04-12 03:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 08:07 . 2008-08-13 08:07 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Teleca
2008-08-13 08:06 . 2008-08-13 08:06 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Sony Ericsson
2008-08-13 08:06 . 2008-09-03 20:26 <DIR> d-------- C:\Documents and Settings\Guest
2008-08-12 10:41 . 2008-08-12 10:41 <DIR> d-------- C:\Program Files\Mosby
2008-08-11 16:25 . 2008-09-03 21:12 150,386 --a------ C:\Documents and Settings\All Users\Application Data\firstlsp.reg.dat
2008-08-09 22:23 . 2008-08-09 22:21 614,400 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-08-08 17:28 . 2008-08-08 17:28 <DIR> d-------- C:\Documents and Settings\Joseph\Application Data\.wyzo
2008-08-08 15:38 . 2008-08-08 17:54 <DIR> d-------- C:\Program Files\Saunders QA Review
2008-08-07 19:09 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-08-07 19:09 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-05 13:59 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-09-05 13:53 --------- d-----w C:\Program Files\FlashGet
2008-09-04 14:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-04 07:25 --------- d-----w C:\Documents and Settings\Joseph\Application Data\LimeWire
2008-09-04 07:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-04 05:09 --------- d-----w C:\Program Files\Yahoo!
2008-09-04 05:08 --------- d-----w C:\Program Files\Google
2008-09-04 00:48 --------- d-----w C:\Program Files\LimeWire
2008-09-04 00:48 --------- d-----w C:\Documents and Settings\Joseph\Application Data\UltraGet
2008-08-31 08:34 --------- d-----w C:\Documents and Settings\Joseph\Application Data\UseNeXT
2008-08-30 02:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-27 04:36 --------- d-----w C:\Program Files\CyberLink
2008-08-24 12:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-08-18 15:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-08-15 03:37 --------- d-----w C:\Program Files\Saxton Q and A 5e
2008-08-13 12:23 --------- d-----w C:\Program Files\Java
2008-08-13 11:40 --------- d-----w C:\Program Files\Sony Ericsson
2008-08-11 09:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-06 13:11 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-04 08:56 81,920 ----a-w C:\WINDOWS\ALCFDRTM.EXE
2008-08-03 04:29 --------- d-----w C:\Documents and Settings\Joseph\Application Data\CyberLink
2008-07-26 04:02 --------- d-----w C:\Documents and Settings\Joseph\Application Data\Media Player Classic
2008-07-21 04:54 --------- d-----w C:\Documents and Settings\Joseph\Application Data\ZoomBrowser EX
2008-07-18 18:34 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-12 07:03 --------- d-----w C:\Program Files\Common Files\Java
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-06 05:37 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-06-25 12:59 4,653,240 ----a-w C:\Program Files\flashget196en.exe
2008-06-25 05:55 687,104 ----a-w C:\Program Files\FLV PlayerFCSetup.exe
2008-06-25 05:50 7,710,016 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2008-06-25 05:40 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-06-25 05:28 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-22 05:41 25,755,448 ----a-w C:\Program Files\wmp11-windowsxp-x86-enu.exe
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-19 14:23 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2006-06-15 12:33 233,472 ----a-w C:\Program Files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 10:43 204,895 ----a-w C:\Program Files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 06:41 77,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 05:10 426,081 ----a-w C:\Program Files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 04:19 458,752 ----a-w C:\Program Files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 10:35 139,264 ----a-w C:\Program Files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 03:10 204,800 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 03:42 106,496 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 03:22 212,992 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 03:21 167,936 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoiceUnpacker.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 125168]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 7561216]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"nwiz"="nwiz.exe" [2006-04-27 C:\WINDOWS\system32\nwiz.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 C:\WINDOWS\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 C:\WINDOWS\AGRSMMSG.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl]

C:\Documents and Settings\Joseph\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 101784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-06-13 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKLM\~\startupfolder\C:^Documents and Settings^Joseph^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
path=C:\Documents and Settings\Joseph\Start Menu\Programs\Startup\LimeWire On Startup.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
--a------ 2007-09-25 17:29 2007088 C:\Program Files\FlashGet\flashget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2008-05-27 21:58 4269296 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
--------- 2007-07-12 10:42 2491688 C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:ooVoo TCP port 443
"443:UDP"= 443:UDP:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:ooVoo UDP port 37675

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-10-25 30728]
S1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [ ]
S3 avfwim;AvFw Packet Filter Miniport;C:\WINDOWS\system32\DRIVERS\avfwim.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - kk3.bat
\Shell\explore\Command - kk3.bat
\Shell\open\Command - kk3.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63adb03e-6d8e-11dd-9240-001167558f3f}]
\Shell\AutoRun\command - E:\t.com
\Shell\explore\Command - E:\t.com
\Shell\open\Command - E:\t.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f96df4f-6e05-11dd-9241-001167558f3f}]
\Shell\AutoRun\command - E:\kk3.bat
\Shell\explore\Command - E:\kk3.bat
\Shell\open\Command - E:\kk3.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e7db038-3a7e-11dd-915d-001d9217364d}]
\Shell\AutoRun\command - E:\kk3.bat
\Shell\explore\Command -
\Shell\open\Command - E:\kk3.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8baccc2-6474-11dd-91fc-001d9217364d}]
\Shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5fb10ce-7718-11dd-9273-001d9217364d}]
\Shell\AutoRun\command - E:\kk3.bat
\Shell\explore\Command - E:\kk3.bat
\Shell\open\Command - E:\kk3.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e77b1aac-6109-11dd-91e6-001d9217364d}]
\Shell\AutoRun\command - E:\kk3.bat
\Shell\explore\Command - E:\kk3.bat
\Shell\open\Command - E:\kk3.bat

*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Joseph\Application Data\Mozilla\Firefox\Profiles\i8mmv8kz.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com.ph/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npRLCT4Player.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.
.
------- File Associations (Beta) -------
.
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-05 21:59:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2008-09-05 22:03:46
ComboFix-quarantined-files.txt 2008-09-05 14:03:35

Pre-Run: 37,503,066,112 bytes free
Post-Run: 37,580,943,360 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

291 --- E O F --- 2008-09-04 02:01:54

Attached Files



BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:05:55 AM

Posted 05 September 2008 - 10:21 AM

ComboFix logs should not to be posted outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users