GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Help Me rid of the 100k virus..

View previous topic View next topic Go down

Help Me rid of the 100k virus..

Post by doinitright6 on Fri Jul 29, 2011 10:52 pm

I am completely ignorant as to remove virusses.. AVG is still running, I can't shut it down, in the icon tray, i can't close it out.. strange.. and this thing is getting my angry, how can I remove it? please help!!!!

doinitright6
Beginner
Beginner

Status :
Online
Offline

Posts : 4
Joined : 2011-07-29
OS : windows xp
Points : 19578
# Likes : 0

View user profile

Back to top Go down

Re: Help Me rid of the 100k virus..

Post by Sneakyone on Sat Jul 30, 2011 6:14 am

Hi,

Please download aswMBR from [You must be registered and logged in to see this link.]


  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below




Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are [You must be registered and logged in to see this link.]


  • Once the scan finishes click Save log to save the log to your Desktop


  • Copy and paste the contents of aswMBR.txt back here for review


I'm livin' life in the fast lane.


Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit
Points : 56044
# Likes : 0

View user profile

Back to top Go down

Re: Help Me rid of the 100k virus..

Post by doinitright6 on Sat Jul 30, 2011 5:19 pm

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-07-30 13:18:21
-----------------------------
13:18:21.122 OS Version: Windows 5.1.2600 Service Pack 3
13:18:21.122 Number of processors: 1 586 0xD06
13:18:21.122 ComputerName: T42-AA8EFE7979D UserName: T42 User
13:18:21.782 Initialize success
13:18:28.252 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:18:28.252 Disk 0 Vendor: HTS541040G9AT00 MB2IA5BJ Size: 34274MB BusType: 3
13:18:30.275 Disk 0 MBR read successfully
13:18:30.275 Disk 0 MBR scan
13:18:30.275 Disk 0 Windows XP default MBR code
13:18:30.275 Disk 0 scanning sectors +70187040
13:18:30.345 Disk 0 scanning C:\WINDOWS\system32\drivers
13:18:36.073 File: C:\WINDOWS\system32\drivers\fips.sys **SUSPICIOUS**
13:18:40.720 Service scanning
13:18:41.791 Modules scanning
13:18:50.013 Disk 0 trace - called modules:
13:18:50.023 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x88a89aa0]<<
13:18:50.023 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89820ab8]
13:18:50.023 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> [0x89466920]
13:18:50.344 \Driver\00002388[0x88c35500] -> IRP_MJ_CREATE -> 0x88a89aa0
13:18:50.354 Scan finished successfully
13:19:16.822 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\T42 User\Desktop\MBR.dat"
13:19:16.822 The log file has been saved successfully to "C:\Documents and Settings\T42 User\Desktop\aswMBRdoinitright6.txt"


doinitright6
Beginner
Beginner

Status :
Online
Offline

Posts : 4
Joined : 2011-07-29
OS : windows xp
Points : 19578
# Likes : 0

View user profile

Back to top Go down

Re: Help Me rid of the 100k virus..

Post by Sneakyone on Sun Jul 31, 2011 4:01 am

Hi,

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.


Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit
Points : 56044
# Likes : 0

View user profile

Back to top Go down

Re: Help Me rid of the 100k virus..

Post by doinitright6 on Sun Jul 31, 2011 5:33 am

ComboFix 11-07-31.01 - T42 User 07/31/2011 1:08.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.975 [GMT -4:00]
Running from: c:\documents and settings\T42 User\My Documents\Downloads\commy.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\T42 User\Application Data\PriceGong
c:\documents and settings\T42 User\Application Data\PriceGong\Data\1.xml
c:\documents and settings\T42 User\Application Data\PriceGong\Data\a.xml
c:\documents and settings\T42 User\Application Data\PriceGong\Data\b.xml
c:\documents and settings\T42 User\Application Data\PriceGong\Data\c.xml
c:\documents and settings\T42 User\Application Data\PriceGong\Data\d.xml
c:\documents and settings\T42 User\Application Data\PriceGong\Data\e.xml
c:\documents and settings\T42 User\Application Data\PriceGong\Data\f.xml
c:\documents and settings\T42 User\Application Data\PriceGong\Data\g.xml
c:\documents and settings\T42 User\Application Data\PriceGong\Data\h.xml
c:\documents and settings\T42 User\Application Data\PriceGong\Data\i.xml
c:\documents and settings\T42 User\Application Data\PriceGong\Data\J.xml
c:\documents and settings\T42 User\Application Data\PriceGong\Data\k.xml
c:\documents and settings\T42 User\Application Data\PriceGong\Data\l.xml
c:\documents and settings\T42 User\Application Data\PriceGong\Data\m.xml
c:\documents and settings\T42 User\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\T42 User\Application Data\PriceGong\Data\n.xml
c:\documents and settings\T42 User\Application Data\PriceGong\Data\o.xml
c:\documents and settings\T42 User\Application Data\PriceGong\Data\p.xml
c:\documents and settings\T42 User\Application Data\PriceGong\Data\q.xml
c:\documents and settings\T42 User\Application Data\PriceGong\Data\r.xml
c:\documents and settings\T42 User\Application Data\PriceGong\Data\s.xml
c:\documents and settings\T42 User\Application Data\PriceGong\Data\t.xml
c:\documents and settings\T42 User\Application Data\PriceGong\Data\u.xml
c:\documents and settings\T42 User\Application Data\PriceGong\Data\v.xml
c:\documents and settings\T42 User\Application Data\PriceGong\Data\w.xml
c:\documents and settings\T42 User\Application Data\PriceGong\Data\x.xml
c:\documents and settings\T42 User\Application Data\PriceGong\Data\y.xml
c:\documents and settings\T42 User\Application Data\PriceGong\Data\z.xml
c:\documents and settings\T42 User\GoToAssistDownloadHelper.exe
c:\documents and settings\T42 User\WINDOWS
c:\program files\Mighty Magoo
c:\program files\Mighty Magoo\ars.cfg
c:\program files\Mighty Magoo\icon.ico
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\windows\$NtUninstallKB20311$\1603576911
c:\windows\$NtUninstallKB20311$\918390293\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
c:\windows\$NtUninstallKB20311$\918390293\click.tlb
c:\windows\$NtUninstallKB20311$\918390293\L\rmhzbiua
c:\windows\$NtUninstallKB20311$\918390293\loader.tlb
c:\windows\$NtUninstallKB20311$\918390293\U\@00000001
c:\windows\$NtUninstallKB20311$\918390293\U\@000000c0
c:\windows\$NtUninstallKB20311$\918390293\U\@000000cb
c:\windows\$NtUninstallKB20311$\918390293\U\@000000cf
c:\windows\$NtUninstallKB20311$\918390293\U\@80000000
c:\windows\$NtUninstallKB20311$\918390293\U\@800000c0
c:\windows\$NtUninstallKB20311$\918390293\U\@800000cb
c:\windows\$NtUninstallKB20311$\918390293\U\@800000cf
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\system32\Thumbs.db
c:\windows\$NtUninstallKB20311$ . . . . Failed to delete
.
Infected copy of c:\windows\system32\wuauclt.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\wuauclt.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-31 )))))))))))))))))))))))))))))))
.
.
2011-07-29 22:48 . 2011-07-29 22:48 -------- d--h--w- c:\windows\PIF
2011-07-29 22:44 . 2011-07-29 22:44 -------- d-----w- c:\documents and settings\T42 User\Application Data\Malwarebytes
2011-07-29 22:44 . 2011-07-29 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-29 22:10 . 2011-07-29 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-07-29 22:10 . 2011-07-29 22:10 -------- d-----w- c:\program files\Common Files\iS3
2011-07-29 17:03 . 2005-04-04 03:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-07-29 17:03 . 2005-04-04 03:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-07-29 17:03 . 2005-04-04 03:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-07-29 17:03 . 2011-07-29 17:03 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-07-29 17:03 . 2005-04-04 03:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-07-29 17:03 . 2011-07-29 17:03 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-07-29 16:17 . 2011-07-29 17:01 -------- d-----w- c:\program files\SimTheme Park
2011-07-29 02:01 . 2011-07-29 17:02 -------- d-----w- c:\program files\GrandBilliards
2011-07-29 00:11 . 2011-07-29 00:11 -------- d-----w- c:\documents and settings\T42 User\Application Data\Unity
2011-07-29 00:09 . 2011-07-29 00:09 -------- d-----w- c:\documents and settings\T42 User\Local Settings\Application Data\Unity
2011-07-28 20:32 . 2002-11-11 20:00 118832 ----a-w- c:\windows\system32\SHW32.DLL
2011-07-20 16:31 . 2011-07-20 16:35 -------- d-----w- c:\program files\Advanced Sound Recorder
2011-07-20 16:28 . 2011-07-20 16:29 -------- d-----w- C:\My Recordings
2011-07-20 16:27 . 2001-03-13 13:49 140288 ----a-w- c:\windows\system32\comdlg32.ocx
2011-07-20 16:27 . 2011-07-20 16:35 -------- d-----w- c:\program files\FREE Hi-Q Recorder
2011-07-20 16:27 . 2002-01-05 13:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2011-07-10 14:18 . 2011-07-10 14:18 -------- d-----w- c:\documents and settings\T42 User\Application Data\Sincell
2011-07-10 14:17 . 2011-07-10 14:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Sincell
2011-07-10 14:17 . 2011-07-10 14:17 -------- d-----w- c:\program files\Sincell
2011-07-08 11:51 . 2011-07-08 11:51 53248 ----a-r- c:\documents and settings\T42 User\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-07-08 11:51 . 2011-07-08 11:51 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-07-08 11:51 . 2008-11-07 22:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-07-08 11:50 . 2011-04-30 11:59 12184 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2011-07-08 11:49 . 2011-07-08 11:50 -------- d-----w- c:\program files\Logitech
2011-07-08 11:49 . 2011-07-08 11:51 -------- d-----w- c:\program files\Common Files\Logishrd
2011-07-08 11:47 . 2011-07-08 11:52 -------- d-----w- c:\documents and settings\T42 User\Application Data\Logitech
2011-07-08 11:47 . 2011-07-08 11:48 -------- d-----w- c:\documents and settings\T42 User\Application Data\Logishrd
2011-07-08 01:34 . 2011-07-29 14:28 -------- d-----w- c:\documents and settings\All Users\Dl_cats
2011-07-08 01:30 . 2011-07-08 01:31 -------- d-----w- c:\program files\Dell Toolbar
2011-07-08 01:30 . 2011-07-08 01:30 -------- d-----w- c:\program files\Dell PC Fax
2011-07-08 01:30 . 2011-07-08 01:30 -------- d-----w- c:\program files\Dell Printable Web
2011-07-07 15:34 . 2011-07-07 15:46 -------- d-----w- c:\documents and settings\T42 User\Application Data\Free Audio Editor
2011-07-07 15:34 . 2005-05-18 15:52 1212416 ----a-w- c:\windows\system32\NCTAudioInformation2.dll
2011-07-07 15:34 . 2005-05-17 16:37 1986560 ----a-w- c:\windows\system32\NCTAudioFile2.dll
2011-07-07 15:34 . 2005-04-25 17:01 458752 ----a-w- c:\windows\system32\NCTAudioRecord2.dll
2011-07-07 15:34 . 2005-04-25 17:01 458752 ----a-w- c:\windows\system32\NCTAudioPlayer2.dll
2011-07-07 15:34 . 2005-04-15 16:08 880640 ----a-w- c:\windows\system32\NCTAudioEditor2.dll
2011-07-07 15:34 . 2005-04-04 21:21 602112 ----a-w- c:\windows\system32\NCTAudioTransform2.dll
2011-07-07 15:34 . 2005-03-28 19:54 479232 ----a-w- c:\windows\system32\NCTAudioVisualization2.dll
2011-07-07 15:34 . 2005-03-28 19:52 417792 ----a-w- c:\windows\system32\NCTTextToAudio2.dll
2011-07-07 15:34 . 2005-02-24 15:51 348160 ----a-w- c:\windows\system32\NCTWMAFile2.dll
2011-07-07 15:34 . 2004-11-04 17:31 835584 ----a-w- c:\windows\system32\NCTAudioCDGrabber2.dll
2011-07-07 02:37 . 2011-07-07 02:37 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2011-07-06 13:04 . 2011-07-06 13:04 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2011-07-05 15:57 . 2011-07-05 15:57 -------- d-----w- c:\documents and settings\T42 User\AppData
2011-07-05 15:57 . 2011-07-05 15:57 -------- d-----w- c:\documents and settings\T42 User\Application Data\imeshbandmltbpi
2011-07-05 15:55 . 2011-07-07 14:01 -------- d-----w- c:\documents and settings\T42 User\Application Data\mediabarim
2011-07-05 15:55 . 2011-07-08 12:20 -------- d-----w- c:\documents and settings\T42 User\Local Settings\Application Data\iMesh
2011-07-05 15:54 . 2011-07-17 14:15 -------- d-----w- c:\program files\iMesh Applications
2011-07-03 17:30 . 2011-07-03 17:30 -------- d-----w- c:\documents and settings\T42 User\Application Data\GRETECH
2011-07-03 17:29 . 2011-07-03 17:29 -------- d-----w- c:\program files\GRETECH
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-08 14:55 . 2011-06-19 15:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2011-06-08 14:54 . 2011-06-19 15:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2011-06-08 14:53 . 2011-06-20 12:28 10915840 ----a-w- c:\windows\system32\libmfxhw32.dll
2011-06-08 14:53 . 2011-06-20 12:28 10833920 ----a-w- c:\windows\system32\libmfxsw32.dll
2011-06-02 14:02 . 2008-04-14 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-04 08:52 . 2010-06-09 02:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 06:25 . 2010-06-05 06:41 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2010-06-05 03:14 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
2011-05-30 13:35 89008 ----a-w- c:\progra~1\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2011-06-01 17:17 1236360 ----a-w- c:\progra~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{28387537-e3f9-4ed7-860c-11e69af4a8a0}"= "c:\progra~1\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll" [2011-05-30 89008]
.
[HKEY_CLASSES_ROOT\clsid\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2010-06-04 822384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2007-02-07 344064]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2005-04-20 110592]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2005-04-20 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2005-04-20 396288]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-20 208896]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-06-24 126976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-06-24 561152]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"dleamon.exe"="c:\program files\Dell V310-V510 Series\dleamon.exe" [2010-08-09 770728]
"EzPrint"="c:\program files\Dell V310-V510 Series\ezprint.exe" [2010-08-09 139944]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1386776]
.
c:\documents and settings\T42 User\Start Menu\Programs\Startup\
Socialbox.lnk - c:\program files\Socialbox\Socialbox.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-06-17 07:33 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus Organizer EasyClip.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk
backup=c:\windows\pss\Lotus Organizer EasyClip.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus QuickStart.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Lotus QuickStart.lnk
backup=c:\windows\pss\Lotus QuickStart.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus SmartCenter.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Lotus SmartCenter.lnk
backup=c:\windows\pss\Lotus SmartCenter.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus SuiteStart.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Lotus SuiteStart.lnk
backup=c:\windows\pss\Lotus SuiteStart.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\iMesh Applications\\MediaBar\\Datamngr\\ToolBar\\dtUser.exe"=
"c:\\WINDOWS\\system32\\dleacoms.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Program Files\\The Weather Channel FW\\Desktop\\DesktopWeather.exe"=
"c:\\Documents and Settings\\T42 User\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\T42 User\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Documents and Settings\\T42 User\\My Documents\\Downloads\\STOPzilla_Setup.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
"c:\\Program Files\\PhotoScape\\PhotoScape.exe"=
"c:\\Documents and Settings\\T42 User\\Desktop\\aswMBR.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 3:48 AM 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 3:49 AM 297168]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [6/5/2010 3:33 AM 16384]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [7/8/2011 7:50 AM 12184]
R2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [4/8/2010 5:46 PM 117288]
R2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [4/8/2010 5:46 PM 117288]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 9:42 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 9:42 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 9:42 PM 27216]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [4/18/2011 5:39 PM 7398752]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe -service --> c:\windows\system32\dleacoms.exe -service [?]
S2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dleaserv.exe [7/7/2011 9:32 PM 193192]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/20/2011 12:10 AM 136176]
S2 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [4/8/2010 5:46 PM 154152]
S3 cpuz130;cpuz130;\??\c:\docume~1\T42USE~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\T42USE~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/20/2011 12:10 AM 136176]
S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys --> c:\windows\system32\drivers\hpfxfax.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/3/2010 5:05 AM 1389400]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12/3/2010 5:05 AM 15264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2010-08-13 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2010-06-05 08:38]
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-20 04:10]
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-20 04:10]
.
2011-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-688789844-1343024091-1003Core.job
- c:\documents and settings\T42 User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-24 22:46]
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-688789844-1343024091-1003UA.job
- c:\documents and settings\T42 User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-24 22:46]
.
.
------- Supplementary Scan -------
.

uInternet Connection Wizard,ShellNext = iexplore
TCP: DhcpNameServer = 192.168.10.1
DPF: {2FD395CB-BD93-4BA9-AA4B-D725754E20D1} -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
WebBrowser-{DD662A0C-12FE-4B38-BA53-247F7EC82F46} - (no file)
HKLM-Run-PAC7302_Monitor - c:\windows\PixArt\PAC7302\Monitor.exe
Notify-TPSvc - TPSvc.dll
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
AddRemove-Wubi - f:\ubuntu\uninstall-wubi.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2011-07-31 01:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,be,9d,5e,cc,40,b8,bf,49,b8,26,b3,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,be,9d,5e,cc,40,b8,bf,49,b8,26,b3,\
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\windows\system32\RunDll32.exe
c:\windows\system32\rundll32.exe
c:\progra~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2011-07-31 01:19:12 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-31 05:19
.
Pre-Run: 19,870,576,640 bytes free
Post-Run: 20,487,135,232 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 34C9F88C5C47A8BEE1410E26C90656C6

doinitright6
Beginner
Beginner

Status :
Online
Offline

Posts : 4
Joined : 2011-07-29
OS : windows xp
Points : 19578
# Likes : 0

View user profile

Back to top Go down

Re: Help Me rid of the 100k virus..

Post by Sneakyone on Mon Aug 01, 2011 5:43 am

Hi,

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


I'm livin' life in the fast lane.


Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit
Points : 56044
# Likes : 0

View user profile

Back to top Go down

Re: Help Me rid of the 100k virus..

Post by doinitright6 on Mon Aug 01, 2011 11:22 am

Good Morning, before I do that... I had problems temporarily disabling AVG11, prior to running the combofix, couldn't even uninstall the darn thing. So I ran combofix anyway and when it was all done and said it removed this or that, and restored this or that, I posted the results like you asked. Well upon reboots of the system and 24 hours of testing, it seems everything is fixed and the 100K virus is removed, I reinstalled AVG11 repair from the net, and that is running alright too now. **do you recommend i continue with the Malaware download you just posted?????**, Thanks again for all the help you all do.

doinitright6
Beginner
Beginner

Status :
Online
Offline

Posts : 4
Joined : 2011-07-29
OS : windows xp
Points : 19578
# Likes : 0

View user profile

Back to top Go down

Re: Help Me rid of the 100k virus..

Post by Sneakyone on Tue Aug 02, 2011 4:08 am

Hi,

I'm confident ComboFix removed and fixed most if not all of the infected, but in my opinion it would be best to go ahead and proceed with the checks and fixes.


I'm livin' life in the fast lane.


Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit
Points : 56044
# Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum