Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Generic13.ATPH removal...

Started by ikickdogs , Jul 11 2009 09:42 PM

  • Please log in to reply

#1
ikickdogs
Posted 11 July 2009 - 09:42 PM

ikickdogs

    New Member

  • Member
  • Pip
  • 1 posts
Had Security System virus...used AVG 8.5 to remove it, or so I thought...scans showed Generic13.atph as well as Win32 and other viruses/spyware...I'm not too sure.
I used combofix and it seems to work; however, I'm not sure if it did the trick completely...Any help would be appreciated...




Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Starware347
c:\documents and settings\All Users\Application Data\Starware347\buttons\FindIt.bmp
c:\documents and settings\All Users\Application Data\Starware347\buttons\FindItHot.bmp
c:\documents and settings\All Users\Application Data\Starware347\buttons\findithotxp.png
c:\documents and settings\All Users\Application Data\Starware347\buttons\finditxp.png
c:\documents and settings\All Users\Application Data\Starware347\buttons\Highlight.bmp
c:\documents and settings\All Users\Application Data\Starware347\buttons\HighlightHot.bmp
c:\documents and settings\All Users\Application Data\Starware347\buttons\highlighthotxp.png
c:\documents and settings\All Users\Application Data\Starware347\buttons\highlightxp.png
c:\documents and settings\All Users\Application Data\Starware347\buttons\jokesearch.bmp
c:\documents and settings\All Users\Application Data\Starware347\buttons\pranks.bmp
c:\documents and settings\All Users\Application Data\Starware347\buttons\starware_toolbar_icon.bmp
c:\documents and settings\All Users\Application Data\Starware347\contexts\error.xml
c:\documents and settings\All Users\Application Data\Starware347\contexts\related.xml
c:\documents and settings\All Users\Application Data\Starware347\contexts\travel.xml
c:\documents and settings\Owner\Favorites\Online Security Test.url
c:\recycler\NPROTECT
c:\recycler\S-1-5-21-3174833745-3462817390-458618091-1003
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\Downloaded Program Files\CpnMgr.dll
c:\windows\Install.txt
c:\windows\system32\drivers\UACkrvkbgkxvmpxxslhr.sys
c:\windows\system32\Install.txt
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\sdra64.exe
c:\windows\system32\tpsaxyd.exe
c:\windows\system32\UACbyuiqxdcimmtkltlt.dll
c:\windows\system32\UACdjlqrdhtmuijwnmqs.dat
c:\windows\system32\UACgcdefqhooruypdubr.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACiumlwxnivvibkbwqp.dll
c:\windows\system32\UACmrgqwiyiyoopptwlo.db
c:\windows\system32\UACrmrunvqltepwevssd.dll
c:\windows\system32\UACsxwbibjktrwnmagjs.dll
c:\windows\system32\uactmp.db
c:\windows\system32\wiawow32.sys
c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_6TO4
-------\Legacy_MSNCACHE
-------\Legacy_PCMSTUB
-------\Legacy_SOPIDKC
-------\Service_6to4
-------\Service_pcmstub


((((((((((((((((((((((((( Files Created from 2009-06-12 to 2009-07-12 )))))))))))))))))))))))))))))))
.

2009-07-03 14:20 . 2009-06-24 21:15 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-07-03 14:20 . 2009-07-03 14:19 2054424 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-03 14:20 . 2009-07-03 14:19 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-07-03 14:20 . 2009-06-24 21:15 906520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgemc.exe
2009-07-03 14:20 . 2009-06-24 21:15 3402008 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-03 14:20 . 2009-06-24 21:15 1204504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll
2009-07-03 14:20 . 2009-06-24 21:15 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll
2009-07-03 14:20 . 2009-06-24 21:15 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-07-03 14:20 . 2009-06-24 21:15 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-07-03 14:19 . 2009-06-24 21:13 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-07-03 14:19 . 2009-06-24 21:13 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-12 01:34 . 2009-02-10 03:25 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-03 14:19 . 2009-02-10 03:25 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-24 21:15 . 2009-02-10 03:25 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-24 21:15 . 2009-02-10 03:25 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-08 03:08 . 2009-02-10 03:25 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 15:32 . 2007-01-22 00:27 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:46 . 2006-05-07 00:24 666624 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:46 . 2007-01-22 00:25 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2006-05-07 00:24 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2007-01-22 00:29 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2008-12-20 16:34 . 2007-01-23 05:00 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-20 16:34 . 2007-01-23 05:00 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-20 16:34 . 2007-01-24 04:22 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-20 16:34 . 2007-01-24 04:22 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-20 16:34 . 2007-01-23 05:00 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-24 1948440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-07 54936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-24 21:15 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk
backup=c:\windows\pss\officejet 6100.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/9/2009 11:25 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/9/2009 11:25 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2/9/2009 11:25 PM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/9/2009 11:25 PM 298776]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [2/2/2009 8:54 PM 36224]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [1/21/2007 8:40 PM 69692]
S3 FA31X;NETGEAR FA311/FA312 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\FA31XND5.SYS [1/31/2009 9:24 PM 16007]
.
Contents of the 'Scheduled Tasks' folder

2009-07-12 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2007-04-08 13:04]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3524
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - http://edits.mywebse...?p=ZUxdm399YYUS
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dnt2hq1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-11 23:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-929327701-3546639514-108031270-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:10,27,1c,08,b3,18,e4,2b,3a,1d,e3,7e,6f,1b,7b,96,c1,ae,1d,47,d3,a3,b9,
43,3e,bb,14,52,dc,d1,4d,95,75,ca,c6,3f,60,f7,65,8e,42,e6,a9,ea,25,83,09,e0,\
"??"=hex:39,78,07,68,49,0d,3b,32,f4,27,d3,f3,5c,36,15,25
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(512)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2009-07-12 23:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-12 03:28

Pre-Run: 129,464,496,128 bytes free
Post-Run: 132,782,321,664 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

210 --- E O F --- 2009-06-30 13:53
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP