Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/Patched.GB


  • This topic is locked This topic is locked
6 replies to this topic

#1 lenvan

lenvan

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 10 January 2011 - 08:06 PM

AVG reports "C:\windows\explorer.exe virus identified Win32/patched.GB objects white listed (critical system file should not be removed)". Another program was initially installed called "system tool2011", which was warning of fake virus, I managed to remove this program but AVG keeps giving warning of multiple threats concerning the win32/patched.GB attempting to load with C:\windows\explorer.exe.
How do I remove this virus?
DDS log
DDS (Ver_10-12-12.02) - NTFSx86
Run by Len at 10:46:34.21 on Tue 11/01/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.1023.255 [GMT 10:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\ASUS\TurboV Remote\TurboVRemote.exe
C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe
C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WPM_Monitor\WPMMonitor.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Len\My Documents\Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uWindow Title = AAPT Limited
uStart Page = about:blank
mWindow Title = AAPT Limited
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime
mRun: [Sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [CapFax] c:\program files\classic phonetools\CapFax.EXE
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [Nero MediaHome 4] "c:\program files\nero\nero mediahome 4\NeroMediaHome.exe" /AUTORUN
mRun: [AmIcoSinglun] c:\program files\amicosinglun\AmIcoSinglun.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NWEReboot]
mRun: [TurboVRemote] "c:\program files\asus\turbov remote\TurboVRemote.exe"
mRun: [TurboV Help] "c:\program files\asus\turbov evo\TurboVHelp.exe"
mRun: [TurboV EVO] "c:\program files\asus\turbov evo\TurboV_EVO.exe" -b
StartupFolder: c:\docume~1\len\startm~1\programs\startup\wpmmon~1.lnk - c:\program files\wpm_monitor\WPMMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aticat~1.lnk - c:\program files\ati technologies\ati.ace\CLI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\len\applic~1\mozilla\firefox\profiles\a86e1l9i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cd0a45f&v=6.010.023.001&i=23&tp=ab&iy=&ychte=au&lng=en-US&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\len\application data\mozilla\firefox\profiles\a86e1l9i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\len\application data\mozilla\firefox\profiles\a86e1l9i.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\len\application data\mozilla\firefox\profiles\a86e1l9i.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: AVG Security Toolbar em:version=6.010.023.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 spywarestop;spywarestop;c:\windows\system32\drivers\spywarestop.sys [2008-3-11 19696]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.05\AsSysCtrlService.exe [2010-12-27 109056]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-23 6128208]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-10 135664]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [2006-7-31 580992]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-12-26 517448]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2010-12-22 23456]
S3 m1usb;BENZING M1 USB I/O Driver;c:\windows\system32\drivers\m1usb.sys [2007-1-19 18816]
S3 SunkFilt6;Alcor Micro Corp - 6360; [x]
S3 SunkFilt62;Alcor Micro Corp - 6362;\??\c:\windows\system32\drivers\sunkfilt62.sys --> c:\windows\system32\drivers\sunkfilt62.sys [?]

=============== Created Last 30 ================

2011-01-10 23:52:19 -------- d-----w- c:\windows\system32\NtmsData
2011-01-10 10:35:01 -------- d-----w- c:\docume~1\len\applic~1\Malwarebytes
2011-01-10 09:59:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-10 09:59:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-01-10 09:59:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-10 09:59:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-10 09:33:25 -------- d-----w- c:\docume~1\len\applic~1\PriceGong
2011-01-08 05:37:54 11832 ----a-w- c:\windows\system32\drivers\AsInsHelp64.sys
2011-01-08 05:37:54 10216 ----a-w- c:\windows\system32\drivers\AsInsHelp32.sys
2011-01-08 05:08:10 -------- d-----w- c:\program files\Conduit
2011-01-08 05:08:10 -------- d-----w- c:\docume~1\len\locals~1\applic~1\Conduit
2011-01-08 05:08:08 -------- d-----w- c:\docume~1\len\locals~1\applic~1\uTorrentBar
2011-01-08 05:08:03 -------- d-----w- c:\program files\ConduitEngine
2011-01-08 05:08:03 -------- d-----w- c:\docume~1\len\locals~1\applic~1\ConduitEngine
2011-01-08 05:07:57 -------- d-----w- c:\program files\uTorrentBar
2011-01-08 05:07:40 -------- d-----w- c:\program files\uTorrent
2011-01-08 05:07:02 -------- d-----w- c:\docume~1\len\applic~1\uTorrent
2011-01-07 03:19:13 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2011-01-07 03:19:13 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2011-01-07 03:19:13 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2011-01-07 03:19:13 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2011-01-07 03:19:13 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2011-01-07 03:19:13 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2011-01-07 03:19:12 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2010-12-30 10:12:34 -------- d-----w- c:\program files\MSXML 4.0
2010-12-27 07:20:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\ASUS OC Profiles
2010-12-27 06:03:28 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2010-12-27 06:03:28 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2010-12-27 02:40:28 -------- d-----w- c:\docume~1\len\applic~1\AVG
2010-12-26 01:10:05 -------- d-----w- c:\docume~1\len\locals~1\applic~1\AVG Security Toolbar
2010-12-26 00:51:39 -------- d-----w- c:\docume~1\len\applic~1\AVG10
2010-12-26 00:50:15 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2010-12-26 00:50:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2010-12-26 00:48:52 -------- d-----w- c:\windows\system32\drivers\AVG
2010-12-26 00:48:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2010-12-26 00:40:25 -------- d--h--w- C:\$AVG
2010-12-26 00:37:34 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-12-24 00:43:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\AmUStor
2010-12-24 00:34:29 6097 ----a-w- c:\windows\system32\drivers\sonyhcb.sys
2010-12-24 00:34:29 53248 ----a-w- c:\windows\system32\SONYHCY.DLL
2010-12-24 00:34:29 38739 ----a-w- c:\windows\system32\drivers\sonyhcc.sys
2010-12-24 00:34:29 3654 ----a-w- c:\windows\system32\drivers\Sonyhcp.dll
2010-12-24 00:34:29 299923 ----a-w- c:\windows\system32\drivers\sonyhcs.sys
2010-12-24 00:34:29 102220 ----a-w- c:\windows\system32\drivers\sonypvs1.sys
2010-12-24 00:33:54 24576 ----a-w- c:\windows\system32\AsIO.dll
2010-12-24 00:33:54 11296 ----a-w- c:\windows\system32\drivers\AsIO.sys
2010-12-24 00:33:53 -------- d-----w- c:\program files\ASUS
2010-12-24 00:31:28 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2010-12-24 00:31:28 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2010-12-24 00:30:38 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-12-24 00:30:12 -------- d-----w- C:\Intel
2010-12-24 00:23:55 0 ----a-w- c:\windows\ativpsrm.bin
2010-12-24 00:11:42 -------- d-----w- c:\program files\AmIcoSingLun
2010-12-23 23:31:55 -------- d-----w- c:\docume~1\len\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-12-23 23:04:53 -------- d-----w- c:\documents and settings\all users\Uniblue
2010-12-23 23:02:15 -------- d-----w- C:\ATI
2010-12-23 22:40:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\Emotum
2010-12-22 05:51:37 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-12-22 05:51:37 -------- d-----w- c:\docume~1\len\locals~1\applic~1\eSupport.com
2010-12-20 04:20:24 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-16 06:15:25 45568 -c----w- c:\windows\system32\dllcache\wab.exe

==================== Find3M ====================

2010-12-21 21:46:39 98304 ----a-w- c:\windows\DUMP5e0e.tmp
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:34:12 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34:11 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34:11 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34:11 17408 ------w- c:\windows\system32\corpol.dll
2010-11-03 12:25:53 389120 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 10:47:33.28 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:44 AM

Posted 10 January 2011 - 09:29 PM

Hello lenvan ,

Posted Image

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. IF YOU USE AVG IT MUST BE UNINSTALLED OR THIS WILL NOT RUN.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

If you have trouble running it the first time, then rename ComboFix.exe to lenvan.exe and try again.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 lenvan

lenvan
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 11 January 2011 - 05:04 PM

Thanks tea for the reply, my concern is that if I disable and/or uninstall my malware and AVG virus protection as you suggest, the virus that appears to be on my PC and currently appears to be prevented from fully accessing my files by AVG will be able to do so? Please advise?
Len

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:44 AM

Posted 12 January 2011 - 07:38 PM

Hi Len,

Well, that's what ComboFix will remove, if it's there. Also, ComboFix will take you offline for its run, so there will be no access to the internet for anything to harm you. :)

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 lenvan

lenvan
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 13 January 2011 - 12:17 AM

Thanks tea, done as you recommended and the combofix program appears to have restored 2 of my files that were infected. I run the combofix program twice, the second time to allow it to install the 'recovery console' which was not installed during the first run. Below is the log of the first run, note that it states the recovery console is not installed but it has been installed on the second run.
Is there anything I can do to prevent this happening again, my AVG (free copy) was fully up to date but it seemed powerless to stop the virus from loading in the first place?
Cheers
Len

ComboFix 11-01-11.03 - Len 13/01/2011 14:21:09.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.1023.542 [GMT 10:00]
Running from: c:\documents and settings\Len\My Documents\Downloads\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Len\Application Data\PriceGong
c:\documents and settings\Len\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Len\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Len\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Len\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Len\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Len\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Len\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Len\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Len\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Len\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Len\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Len\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Len\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Len\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Len\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Len\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Len\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Len\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Len\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Len\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Len\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Len\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Len\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Len\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Len\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Len\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Len\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Len\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Len\System
c:\documents and settings\Len\System\win_qs8.jqx
C:\NORTON~1.EXE
c:\windows\desktop
c:\windows\system32\Thumbs.db

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\explorer.exe

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe

.
((((((((((((((((((((((((( Files Created from 2010-12-13 to 2011-01-13 )))))))))))))))))))))))))))))))
.

2011-01-13 00:20 . 2011-01-13 00:20 388096 ----a-r- c:\documents and settings\Len\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2011-01-13 00:20 . 2011-01-13 00:20 -------- d-----w- c:\program files\TrendMicro
2011-01-10 23:52 . 2011-01-10 23:53 -------- d-----w- c:\windows\system32\NtmsData
2011-01-10 10:35 . 2011-01-10 10:35 -------- d-----w- c:\documents and settings\Len\Application Data\Malwarebytes
2011-01-10 09:59 . 2011-01-10 09:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-10 09:59 . 2011-01-13 04:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-10 00:26 . 2011-01-10 01:50 -------- d-----w- c:\documents and settings\Administrator
2011-01-08 05:37 . 2008-01-04 03:34 11832 ----a-w- c:\windows\system32\drivers\AsInsHelp64.sys
2011-01-08 05:37 . 2008-01-04 03:34 10216 ----a-w- c:\windows\system32\drivers\AsInsHelp32.sys
2011-01-08 05:08 . 2011-01-10 09:33 -------- d-----w- c:\documents and settings\Len\Local Settings\Application Data\Conduit
2011-01-08 05:08 . 2011-01-08 05:08 -------- d-----w- c:\program files\Conduit
2011-01-08 05:08 . 2011-01-10 09:33 -------- d-----w- c:\documents and settings\Len\Local Settings\Application Data\uTorrentBar
2011-01-08 05:07 . 2011-01-08 05:07 -------- d-----w- c:\program files\uTorrent
2011-01-08 05:07 . 2011-01-09 10:07 -------- d-----w- c:\documents and settings\Len\Application Data\uTorrent
2011-01-07 03:19 . 2011-01-07 03:19 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-01-07 03:19 . 2003-11-10 08:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-01-07 03:19 . 2003-11-10 08:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-01-07 03:19 . 2003-11-10 08:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-01-07 03:19 . 2003-11-10 08:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-01-07 03:19 . 2003-11-10 08:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-01-07 03:19 . 2011-01-07 03:19 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2010-12-30 10:12 . 2010-12-30 10:12 -------- d-----w- c:\program files\MSXML 4.0
2010-12-27 07:20 . 2010-12-27 07:20 -------- d-----w- c:\documents and settings\All Users\Application Data\ASUS OC Profiles
2010-12-27 06:03 . 2008-04-13 18:40 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2010-12-27 06:03 . 2008-04-13 18:40 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2010-12-27 02:32 . 2011-01-13 04:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-12-26 00:51 . 2010-12-26 00:51 -------- d-----w- c:\documents and settings\Len\Application Data\AVG10
2010-12-26 00:50 . 2010-12-26 00:50 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-12-26 00:48 . 2011-01-13 04:08 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-12-26 00:37 . 2010-12-26 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-12-24 00:43 . 2010-12-24 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\AmUStor
2010-12-24 00:34 . 2002-10-15 12:41 102220 ----a-w- c:\windows\system32\drivers\sonypvs1.sys
2010-12-24 00:34 . 2001-11-04 23:23 299923 ----a-w- c:\windows\system32\drivers\sonyhcs.sys
2010-12-24 00:34 . 2001-11-04 23:23 38739 ----a-w- c:\windows\system32\drivers\sonyhcc.sys
2010-12-24 00:34 . 2001-11-04 23:23 6097 ----a-w- c:\windows\system32\drivers\sonyhcb.sys
2010-12-24 00:34 . 2001-07-03 10:39 3654 ----a-w- c:\windows\system32\drivers\Sonyhcp.dll
2010-12-24 00:34 . 2001-07-03 10:33 53248 ----a-w- c:\windows\system32\SONYHCY.DLL
2010-12-24 00:33 . 2010-12-27 07:17 24576 ----a-w- c:\windows\system32\AsIO.dll
2010-12-24 00:33 . 2010-12-27 07:17 11296 ----a-w- c:\windows\system32\drivers\AsIO.sys
2010-12-24 00:33 . 2011-01-08 05:37 -------- d-----w- c:\program files\ASUS
2010-12-24 00:31 . 2010-01-12 03:35 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2010-12-24 00:31 . 2010-01-11 19:35 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2010-12-24 00:30 . 2009-02-05 00:53 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-12-24 00:30 . 2010-12-24 00:30 -------- d-----w- C:\Intel
2010-12-24 00:23 . 2010-12-24 00:23 0 ----a-w- c:\windows\ativpsrm.bin
2010-12-24 00:11 . 2010-12-24 00:43 -------- d-----w- c:\program files\AmIcoSingLun
2010-12-23 23:31 . 2010-12-23 23:31 -------- d-----w- c:\documents and settings\Len\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-12-23 23:26 . 2010-12-23 23:26 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-12-23 23:04 . 2010-12-23 23:04 -------- d-----w- c:\documents and settings\All Users\Uniblue
2010-12-23 23:02 . 2010-12-23 23:02 -------- d-----w- C:\ATI
2010-12-23 22:40 . 2010-12-23 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Emotum
2010-12-22 05:51 . 2010-12-22 05:51 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-12-22 05:51 . 2010-12-22 05:51 -------- d-----w- c:\documents and settings\Len\Local Settings\Application Data\eSupport.com
2010-12-20 04:20 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-16 06:15 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 21:46 . 2007-01-18 11:42 98304 ----a-w- c:\windows\DUMP5e0e.tmp
2010-11-18 18:12 . 2007-01-18 01:55 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2002-12-31 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:34 . 2002-12-31 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34 . 2002-12-31 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34 . 2002-12-31 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34 . 2002-12-31 12:00 17408 ------w- c:\windows\system32\corpol.dll
2010-11-03 12:25 . 2002-12-31 12:00 389120 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2002-12-31 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2002-12-31 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2002-12-31 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 02:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 02:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-17 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-05 61440]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2004-08-06 135168]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"CapFax"="c:\program files\Classic PhoneTools\CapFax.EXE" [2001-12-10 20739]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"Nero MediaHome 4"="c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2009-06-23 4891944]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2009-09-01 233472]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-14 1040384]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"TurboVRemote"="c:\program files\ASUS\TurboV Remote\TurboVRemote.exe" [2009-07-17 952320]
"TurboV Help"="c:\program files\ASUS\TurboV EVO\TurboVHelp.exe" [2010-07-07 1089664]
"TurboV EVO"="c:\program files\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-07-07 9936000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]

c:\documents and settings\Len\Start Menu\Programs\Startup\
WPM Monitor.LNK - c:\program files\WPM_Monitor\WPMMonitor.exe [2008-5-31 388608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-8-6 61440]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero MediaHome 4\\NMMediaServerService.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [27/12/2010 5:18 PM 109056]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/08/2010 3:53 PM 135664]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [31/07/2006 2:44 PM 580992]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [22/12/2010 3:51 PM 23456]
S3 m1usb;BENZING M1 USB I/O Driver;c:\windows\system32\drivers\m1usb.sys [19/01/2007 11:50 AM 18816]
S3 SunkFilt6;Alcor Micro Corp - 6360; [x]
S3 SunkFilt62;Alcor Micro Corp - 6362;\??\c:\windows\System32\Drivers\sunkfilt62.sys --> c:\windows\System32\Drivers\sunkfilt62.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2011-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-10 05:53]

2011-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-10 05:53]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = about:blank
mWindow Title = AAPT Limited
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Len\Application Data\Mozilla\Firefox\Profiles\a86e1l9i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cd0a45f&v=6.010.023.001&i=23&tp=ab&iy=&ychte=au&lng=en-US&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-NWEReboot - (no file)
AddRemove-OVT Scanner - c:\windows\omniuns.exe USB\Vid_05a9&PID_1550 OVT Scanner



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-13 14:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3232)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchTrayHook.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Nero\Nero MediaHome 4\NMMediaServerService.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Microsoft Office\Office10\msoffice.exe
.
**************************************************************************
.
Completion time: 2011-01-13 14:31:35 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-13 04:31

Pre-Run: 64,582,066,176 bytes free
Post-Run: 64,658,702,336 bytes free

- - End Of File - - D4F0A0B38319871F15E870417B6614C7

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:44 AM

Posted 13 January 2011 - 12:37 AM

Hi Len,

Excellent. :thumbup2: If you haven't already, reinstall your AVG and have a run with it. It should be clean now. How is it running ?

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:44 AM

Posted 19 January 2011 - 08:22 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users