Reply to thread

Message: <blockquote data-quote="Hayao" data-source="post: 5533950" data-attributes="member: 238183">I used it. This is what I got. What shd i do now????ComboFix 09-09-14.02 - Poorna Yap 09/16/2009 21:35.1.1 - NTFSx86Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.447.137 [GMT 6:00]Running from: c:\documents and settings\Poorna Yap\Desktop\ComboFix.exeAV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}.(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\All Users\Application Data\vinorasomy._syc:\documents and settings\All Users\Documents\luvobu.vbsc:\documents and settings\All Users\Documents\ozotohiri.vbsc:\documents and settings\Poorna Yap\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnkc:\documents and settings\Poorna Yap\Application Data\osenapicyv.dllc:\documents and settings\Poorna Yap\Application Data\wiaserva.logc:\documents and settings\Poorna Yap\Application Data\ypyqy.dllc:\documents and settings\Poorna Yap\Cookies\atuhux.infc:\documents and settings\Poorna Yap\Cookies\avyjofapuh.comc:\documents and settings\Poorna Yap\Cookies\diheh.binc:\documents and settings\Poorna Yap\Cookies\luqed.binc:\documents and settings\Poorna Yap\delself.batc:\documents and settings\Poorna Yap\Desktop\AntivirusPro_2010.lnkc:\documents and settings\Poorna Yap\Local Settings\Application Data\agov.infc:\documents and settings\Poorna Yap\Local Settings\Application Data\weqocavam.banc:\documents and settings\Poorna Yap\Local Settings\Temporary Internet Files\huhek.dbc:\documents and settings\Poorna Yap\Local Settings\Temporary Internet Files\idomyzucav.batc:\documents and settings\Poorna Yap\Start Menu\Programs\AntivirusPro_2010c:\documents and settings\Poorna Yap\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnkc:\documents and settings\Poorna Yap\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnkc:\documents and settings\Poorna Yap\Start Menu\Programs\Startup\ikowin32.exec:\documents and settings\Poorna Yap\sys32_nov.exec:\program files\AntivirusPro_2010c:\program files\AntivirusPro_2010\AntivirusPro_2010.cfgc:\program files\AntivirusPro_2010\AntivirusPro_2010.exec:\program files\AntivirusPro_2010\AVEngn.dllc:\program files\AntivirusPro_2010\data\daily.cvdc:\program files\AntivirusPro_2010\htmlayout.dllc:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifestc:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcm80.dllc:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcp80.dllc:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcr80.dllc:\program files\AntivirusPro_2010\pthreadVC2.dllc:\program files\AntivirusPro_2010\Uninstall.exec:\program files\AntivirusPro_2010\wscui.cplc:\program files\Common Files\aveqekavi._dlc:\program files\Common Files\jagador.infc:\program files\Common Files\kisimihovi.vbsc:\program files\Common Files\onawopofem.dllc:\program files\Common Files\xikoty.comc:\windows\gykirys.regc:\windows\idyki.infc:\windows\Installer\52a69.msic:\windows\ivohoga.exec:\windows\olprosys.dllc:\windows\system32\_scui.cplc:\windows\system32\braviax.exec:\windows\system32\sys32_nov.exec:\windows\system32\wisdstr.exe.(((((((((((((((((((((((((   Files Created from 2009-08-16 to 2009-09-16  ))))))))))))))))))))))))))))))).2009-09-16 15:13 . 2009-09-16 15:13    --------    d-----w-    c:\documents and settings\Poorna Yap\Application Data\Malwarebytes2009-09-16 15:13 . 2009-09-10 08:54    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys2009-09-16 15:13 . 2009-09-16 15:13    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes2009-09-16 15:13 . 2009-09-10 08:53    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys2009-09-16 15:13 . 2009-09-16 15:13    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware2009-09-16 15:09 . 2009-09-16 15:09    17043    ----a-w-    c:\windows\epop.com2009-09-16 14:55 . 2009-09-16 14:55    28672    ----a-w-    c:\windows\system32\drivers\beep.sys.vir2009-09-16 14:53 . 2009-09-16 15:14    --------    d---a-w-    c:\documents and settings\All Users\Application Data\TEMP2009-09-16 14:53 . 2006-06-19 07:01    69632    ----a-w-    c:\windows\system32\ztvcabinet.dll2009-09-16 14:53 . 2006-05-25 09:52    162304    ----a-w-    c:\windows\system32\ztvunrar36.dll2009-09-16 14:53 . 2005-08-25 19:50    77312    ----a-w-    c:\windows\system32\ztvunace26.dll2009-09-16 14:53 . 2003-02-02 14:06    153088    ----a-w-    c:\windows\system32\UNRAR3.dll2009-09-16 14:53 . 2002-03-05 19:00    75264    ----a-w-    c:\windows\system32\unacev2.dll2009-09-16 14:53 . 2009-09-16 14:53    --------    d-----w-    c:\program files\Trojan Remover2009-09-16 14:53 . 2009-09-16 14:53    --------    d-----w-    c:\documents and settings\Poorna Yap\Application Data\Simply Super Software2009-09-16 14:53 . 2009-09-16 14:53    --------    d-----w-    c:\documents and settings\All Users\Application Data\Simply Super Software2009-09-16 14:49 . 2009-09-16 14:49    --------    d-----w-    c:\program files\Trend Micro2009-09-16 11:26 . 2009-09-16 11:26    28672    -c--a-w-    c:\windows\system32\dllcache\figaro.sys.vir2009-09-16 06:54 . 2009-09-16 06:56    177968    ----a-w-    c:\windows\system32\wisdstr.exe.vir2009-09-16 06:54 . 2009-09-16 11:26    10752    ----a-w-    c:\windows\system32\braviax.exe.vir2009-09-16 06:51 . 2009-09-16 06:51    --------    d-----w-    c:\windows\Sun2009-09-13 13:05 . 2009-09-13 13:05    --------    d-----w-    c:\windows\I3862009-09-13 13:05 . 2005-01-16 17:47    988400    ----a-w-    c:\windows\SinhalaQFE.exe2009-09-13 13:01 . 2009-09-16 10:55    --------    d-----w-    c:\documents and settings\Poorna Yap\Application Data\IObit2009ffice\Office12\GrooveMonitor.exe" [2006-10-26 31016]"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 161328]"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-08-26 111928]"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-09-15 1069960]"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-10-03 16269312]"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-10-03 2879488]c:\documents and settings\Poorna Yap\Start Menu\Programs\Startup\Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-8-19 344064]c:\documents and settings\All Users\Start Menu\Programs\Startup\SinhalaKit.lnk - c:\program files\SinhalaTamil Kit\SinhalaKit.exe [2009-9-12 98304]SinhalaTamil Kit.lnk - c:\program files\SinhalaTamil Kit\TamilKit.exe [2009-9-12 94208][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"ForceClassicControlPanel"= 1 (0x1)[HKEY_LOCAL_MACHINE\software\microsoft\security center]"UpdatesDisableNotify"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Program Files\\Vuze\\Azureus.exe"="c:\\Program Files\\Java\\jre1.6.0_03\\bin\\java.exe"="c:\\Program Files\\Java\\jdk1.6.0_03\\bin\\java.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3389:TCP"= 3389:TCP<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite4" alt=":mad:" title="Mad    :mad:" loading="lazy" data-shortname=":mad:" />xpsp2res.dll,-22009R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [7/17/2009 1:03 PM 603904]S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [8/6/2004 2:48 PM 169192]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcsUxTuneUp.Contents of the 'Scheduled Tasks' folder2009-09-16 c:\windows\Tasks\1-Click Maintenance.job- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 10:28]2009-09-16 c:\windows\Tasks\AWC AutoSweep.job- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-09-16 09:35]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.commStart Page = hxxp://www.google.comTCP: {F5F7E0C0-D32C-4B73-9189-9B33032AAA70} = 203.115.0.46,203.115.0.47FF - ProfilePath - c:\documents and settings\Poorna Yap\Application Data\Mozilla\Firefox\Profiles\ndy55q8c.default\FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=FF - prefs.js: network.proxy.type - 4---- FIREFOX POLICIES ----FF - user.js: network.http.max-persistent-connections-per-server - 4FF - user.js: nglayout.initialpaint.delay - 600FF - user.js: content.notify.interval - 600000FF - user.js: content.max.tokenizing.time - 1800000FF - user.js: content.switch.threshold - 600000.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, <a href="http://www.gmer.net" target="_blank">http://www.gmer.net</a>Rootkit scan 2009-09-16 21:40Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ...  scanning hidden autostart entries ... scanning hidden files ...  scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(848)c:\windows\system32\Ati2evxx.dll.Completion time: 2009-09-16 21:41ComboFix-quarantined-files.txt  2009-09-16 15:41Pre-Run: 5,627,256,832 bytes freePost-Run: 5,694,898,176 bytes freeWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetectC:\wubildr.mbr = "Ubuntu"280</blockquote>

Verification: Payakata winadi keeyak tibeda?

Top Bottom