Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

WIN32/PePatch virus

Status
Not open for further replies.
aastratech

aastratech

Technical User
Joined
Aug 15, 2006
Messages
136
Location
GB
Hi,

I have a virus WIN32/PePatch detected by my AVG software but it keeps coming back .
The symptoms are my pc is running slow and the web browser closes after around 15 mins and i have to reconnect.
Any ideas how to kill this virus.

thanks in advance !!
 
Sort by date Sort by votes
Download the 3 programs below

eusing free registry cleaner

avg anti spyware

ccleaner

Run ccleaner first, then avg anti spyware and delete anything it finds. disable system restore and then run the registry cleaner. Restart in normal mode and download hijackthis from the link below.


Open it up, choose do a system scan and save a logfile and post the logfile on here. Do not attempt to fix anything on hijackthis unless you know what you are doing as not everything it shows is bad.

There is a point in wisdom and knowledge that when you reach it, you exceed what is considered possible - Jason Schoon
 
Upvote 0 Downvote
hope this helps;

Logfile of HijackThis v1.99.1
Scan saved at 16:04:40, on 22/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Ericsson\BMS\Server\bmsService.exe
C:\Program Files\Ericsson\BMS\Server\_jvm\bin\javaw.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Ericsson\CLink\MD30COMM.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\RVS\WCOM\SYSTEM\RVSINST.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\Common

Files\EricssonShare\DMI\ServiceProvider\bin\Win32sl.exe
C:\Program Files\Ericsson\CLink\CLINK.EXE
C:\Program Files\RVS\WCOM\SYSTEM\RVSCC.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE
C:\Program Files\Common Files\EricssonShare\DMI\CIManager\CiMgrLdr.exe
C:\Program Files\Common Files\EricssonShare\DMI\CIManager\CIMgr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterConfig.exe
C:\Program Files\BitTorrent_DNA\dna.exe
c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\mRouterRuntime.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\WINDOWS\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyServer = 172.28.128.30:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-

0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -

C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot -

Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -

C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-

5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-

0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0

\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -

C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE

/Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3

\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network

Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network

Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -

servicehelper
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe

bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program

Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony

Ericsson\Mobile4\Application Launcher\Application Launcher.exe"

/startoptions
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

/STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software

Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-

Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel

AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Norton Ghost 2003

\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program

Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Spybot - Search &

Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [mRouterConfig] "c:\Program Files\Intuwave

Ltd\Shared\mRouterRunTime\mRouterConfig.exe"
O4 - HKCU\..\Run: [Sky Alerts] "C:\Program Files\Sky Alerts\skinker.exe"
O4 - HKCU\..\Run: [DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program

Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet -

res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet -

res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Search - ?p=ZNxmk696YYGB
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-

C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E

-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan

Control) - O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN

Manager) -


,1
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -

C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel)

-


50412,1
O16 - DPF: {6EE191E2-27A7-4036-AA79-D9AA6C98C5E2} -
md/ecc%5Finstall/default.cab
O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} (Microsoft RDP Client

Control (redist)) -

O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client

Components) - O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient

Class) -

O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client

Control (redist)) -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} -
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost

Class) - O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host

Control) -


6,1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =

SONNET.SONERIC.COM
O17 - HKLM\Software\..\Telephony: DomainName = SONNET.SONERIC.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =

SONNET.SONERIC.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList =

SONNET.SONERIC.COM,SONERIC.COM
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =

SONNET.SONERIC.COM
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList =

SONNET.SONERIC.COM,SONERIC.COM
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList =

SONNET.SONERIC.COM,SONERIC.COM
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program

Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation -

C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: BusinessPhone Management Suite (BMSService) - Ericsson

Austria GmbH - C:\Program Files\Ericsson\BMS\Server\bmsService.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM Inc. - (no file)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION -

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Ericsson ClockSync (ClockSync) - Ericsson Enterprise AB -

C:\Program Files\Common Files\EricssonShare\ClokSync.exe
O23 - Service: CTI Link - Ericsson, Inc. - C:\Program

Files\Ericsson\CLink\CLINK.EXE
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd.

- C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Ericsson BackStage Server - - c:\program

files\ericsson\backstageserver80\bsserver80.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Norton Ghost

2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: Intel CI Manager - Unknown owner - C:\Program Files\Common

Files\EricssonShare\DMI\CIManager\CiMgrLdr.exe
O23 - Service: Ericsson IP Service (IP Service) - Ericsson Enterprise AB -

C:\DNA_C\SHARE\BIN\ipservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Ericsson LDS (LDS) - Ericsson Enterprise AB -

C:\DNA_C\SHARE\BIN\lds.exe
O23 - Service: Ericsson LFS (LFS) - Ericsson Enterprise AB -

C:\DNA_C\SHARE\BIN\lfs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network

Associates, Inc. - C:\Program Files\Network Associates\Common

Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network

Associates, Inc. - C:\Program Files\Network

Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network

Associates, Inc. - C:\Program Files\Network

Associates\VirusScan\VsTskMgr.exe
O23 - Service: MD30 Communications Server - Ericsson, Inc. - C:\Program

Files\Ericsson\CLink\MD30COMM.EXE
O23 - Service: Ericsson PBX Service (PBXService) - Ericsson Enterprise AB

- C:\DNA_C\OWS\BIN\PBXService.exe
O23 - Service: RVS CommCenter (RvsCC) - Living Byte Software GmbH, Munich

- C:\Program Files\RVS\WCOM\SYSTEM\RVSCC.EXE
O23 - Service: RvscomSv - Living Byte Software GmbH, Munich - C:\Program

Files\RVS\WCOM\SYSTEM\RVSCOMSV.EXE
O23 - Service: RVS Installer (RVSINST) - Living Byte Software GmbH, Munich

- C:\Program Files\RVS\WCOM\SYSTEM\RVSINST.EXE
O23 - Service: Ericsson SCS (SCS) - Ericsson Enterprise AB -

C:\DNA_C\SHARE\BIN\scs.exe
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program

Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)
O23 - Service: Win32sl - Intel - C:\Program Files\Common

Files\EricssonShare\DMI\ServiceProvider\bin\Win32sl.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program

Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

iambob
  • Locked
  • Question Question
Avast Anti-Virus is.. a virus?!
Replies
5
Views
860
Oorde
Oorde
andyv2011
  • Locked
  • Question Question
Looking at Virus Actions
Replies
0
Views
356
andyv2011
andyv2011
Tiffc0922
  • Locked
  • Question Question
Virus / Malware Scans on Local PCs
Replies
5
Views
638
goombawaho
goombawaho
kharrison70
  • Locked
  • Question Question
Meskisift Visaal Studie Virus?
Replies
6
Views
627
goombawaho
goombawaho
javierdlm001
  • Locked
  • Question Question
"Win32.Downloader.gen" found as Malware by Spybot
Replies
3
Views
463
2ffat
2ffat

Part and Inventory Search

Sponsor

Back
Top