Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

combo fix log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

combo fix log

Unread postby Thomy Black » February 27th, 2011, 2:12 pm

Everytime i try to open any folder or my computer explorer.exe was restarted plx help me

I runned the combo fix and this is the log



ComboFix 11-02-26.02 - Administrador 27/02/2011 14:05:03.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.895.399 [GMT -3:00]
Running from: c:\documents and settings\Administrador\Escritorio\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\msconfig.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\windows\regedit.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2011-01-27 to 2011-02-27 )))))))))))))))))))))))))))))))
.

2011-02-27 17:11 . 2011-02-27 17:11 -------- d-----w- c:\windows\system32\wbem\snmp
2011-02-27 17:11 . 2011-02-27 17:11 -------- d-----w- c:\windows\system32\oobe
2011-02-27 17:11 . 2011-02-27 17:11 -------- d-----w- c:\windows\system32\xircom
2011-02-27 17:11 . 2011-02-27 17:11 -------- d-----w- c:\windows\srchasst
2011-02-27 17:11 . 2011-02-27 17:11 -------- d-----w- c:\windows\msagent
2011-02-26 22:00 . 2011-02-26 22:00 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\Grisoft
2011-02-26 21:56 . 2007-05-30 12:10 10872 ----a-w- c:\windows\system32\drivers\AvgAsCln.sys
2011-02-26 21:56 . 2011-02-26 21:56 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Grisoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2008-09-01 04:09 441344 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-09 19:18 . 2011-01-09 19:18 15256 ----a-w- c:\documents and settings\Administrador\Datos de programa\Microsoft\IdentityCRL\ppcrlconfig.dll
2011-01-07 14:09 . 2008-04-14 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:03 . 2008-04-14 12:00 1855104 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 16:09 . 2009-05-31 19:40 90112 ----a-w- c:\windows\DUMP28a6.tmp
2010-12-22 12:34 . 2008-04-14 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:51 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:51 . 2008-09-01 04:08 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:51 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 17:25 . 2008-04-14 12:00 734720 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2008-04-14 12:00 742912 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:13 . 2008-04-14 12:00 2195200 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 15:13 . 2008-04-14 07:27 2071808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 14:29 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\archivos de programa\Logitech\Logitech Vid\Vid.exe" [2010-05-11 6061400]
"Skype"="c:\archivos de programa\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"SUPERAntiSpyware"="c:\archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-02 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"SiSPower"="SiSPower.dll" [2007-10-03 53248]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"WindowsTranslator_Espanhol"="c:\archiv~1\MICROP~1\DELTAT~1\DWinTrsl.exe" [2001-06-29 396288]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\archivos de programa\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"AdobeCS4ServiceManager"="c:\archivos de programa\Archivos comunes\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\archivos de programa\QuickTime\qttask.exe" [2009-11-11 417792]
"LogitechQuickCamRibbon"="c:\archivos de programa\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"egui"="c:\archivos de programa\ESET\ESET Smart Security\egui.exe" [2008-02-29 1443072]
"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"!AVG Anti-Spyware"="c:\archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-09-01 678400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\archivos de programa\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\archivos de programa\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"EBOOSTRSVC"=2 (0x2)
"AVP"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=
"c:\\Archivos de programa\\Skype\\Plugin Manager\\skypePM.exe"=

R2 EsetNod32Fix;Nod32 AV;c:\windows\Regedit.exe [2008-04-14 797184]
R2 gupdate1cb044a8918a1d8;Servicio de actualización de Google (gupdate1cb044a8918a1d8);c:\archivos de programa\Google\Update\GoogleUpdate.exe [2010-06-05 133104]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-06-02 2862428]
R3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\DRIVERS\s916bus.sys [2007-11-02 83496]
R3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s916mdfl.sys [2007-11-02 15016]
R3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s916mdm.sys [2007-11-02 109992]
R3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s916mgmt.sys [2007-11-02 103976]
R3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s916obex.sys [2007-11-02 100008]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S1 SASDIFSV;SASDIFSV;c:\archivos de programa\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 ekrn;Eset Service;c:\archivos de programa\ESET\ESET Smart Security\ekrn.exe [2008-02-29 472320]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - HELPSVC
.
Contents of the 'Scheduled Tasks' folder

2009-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

2010-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6bb6f3730554.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2010-06-05 01:00]

2009-10-08 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-09-08 01:44]

2009-12-12 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-11-14 01:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://tma/
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\8nm3su1e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\archivos de programa\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\archivos de programa\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\archivos de programa\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\archivos de programa\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-AdobeBridge - (no file)
SafeBoot-AVG Anti-Spyware Driver



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-27 14:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-448539723-813497703-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bf,4b,66,13,4c,52,4d,4f,b0,fa,14,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9c,c2,4b,42,26,ea,2f,46,b4,08,31,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bf,4b,66,13,4c,52,4d,4f,b0,fa,14,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"A0C0110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(480)
c:\archivos de programa\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\archivos de programa\Archivos comunes\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(2940)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\stobject.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\windows\RTHDCPL.EXE
c:\archivos de programa\Java\jre6\bin\jqs.exe
c:\windows\ATK0100\ATKOSD.exe
c:\archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\archivos de programa\Archivos comunes\Logishrd\LQCVFX\COCIManager.exe
c:\archivos de programa\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2011-02-27 14:35:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-27 17:35

Pre-Run: 92.931.489.792 bytes libres
Post-Run: 93.019.664.384 bytes libres

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - A35545C630C4E41B1ED123B2641CC7B5
Thomy Black
Active Member
 
Posts: 5
Joined: February 27th, 2011, 1:55 pm
Top
Advertisement
Register to Remove

Re: combo fix log

Unread postby Cypher » February 27th, 2011, 2:22 pm

Please familiarize yourself with the forum rules: Forum Posting Rules - Please Read

ComboFix is not a tool that is intended to be used without the direct supervision of a qualified expert. To use ComboFix on your own (especially without the Recovery Console installed) is to court disaster for your computer. Please stop all attempts at self-fixes for your system's issues as that may only confuse the issue further and cause additional problems as well.

In order for us to help you it is necessary that you provide us with a HijackThis log and an Uninstall list. Please follow the guideline at the link below to start a new topic and post your logs. Also include your ComboFix log in the same post.

This topic is now closed.
Please start a new topic by following the Guideline for posting your HijackThis log
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Top
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 242 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index