Jump to content

i cant acess antivirus sites


Recommended Posts

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Quit all running programs.

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

------->Your topic will be closed if you haven't replied within 3 days!<--------

Link to post
Share on other sites

Before we proceed further, please uninstall or disable uTorrent and any other peer-to-peer filesharing app.

Continued use of filesharing or ill-advised downloads will surely re-infect your system.

Please also uninstall these:

DAEMON Tools Toolbar

Java™ 6 Update 32

uTorrentControl2 Toolbar

Yontoo 1.10.02

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

It's also against the forums policy concerning P2P programs:

http://forums.malwar...showtopic=97700

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Run disk-cleanup:

http://www.theelderg...nup_utility.htm

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I want you to run ComboFix but before you do.......

Please back up the registry:

http://www.geekstogo...ry-using-erunt/

Please create a new system restore point also.

If after running ComboFix you can't connect to the internet, please navigate to

the C:\WINDOWS\ERDNT folder and run ERDNT.exe > this will restore the registry > reboot and see how it is.

If that doesn't work....use that system restore point and that will correct the problem.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix 12-10-04.02 - lietotajs 012.10.04. 19:29:49.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1251.7.1033.18.990.526 [GMT 3:00]

Running from: c:\documents and settings\lietotajs\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\autorun.inf

C:\desktop.ini

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\WombatUpdater

c:\documents and settings\All Users\Application Data\WombatUpdater\Uninstall.exe

c:\documents and settings\All Users\Application Data\WombatUpdater\WombatUpdater.exe

c:\documents and settings\lietotajs\WINDOWS

C:\Folder.htt

c:\windows\IsUn0419.exe

c:\windows\system32\avgfwdx.dll

c:\windows\system32\muzapp.exe

c:\windows\system32\rundll32.exe.tmp

c:\windows\system32\sqlite3.dll

c:\windows\system32\Thumbs.db

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

D:\Autorun.inf

D:\vexb.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_ABP470N5

-------\Service_abp470n5

-------\Service_amsint32

.

.

((((((((((((((((((((((((( Files Created from 2012-09-04 to 2012-10-04 )))))))))))))))))))))))))))))))

.

.

2012-10-04 16:45 . 2012-10-04 16:45 103140 --sh--r- C:\wjlbdl.pif

2012-10-04 16:16 . 2012-10-04 16:26 103140 ----a-w- C:\ckmyo.exe

2012-10-04 15:50 . 2012-10-04 15:50 -------- d-----w- c:\program files\ERUNT

2012-10-04 14:25 . 2012-10-04 14:25 -------- d-----w- c:\documents and settings\All Users\Kaspersky Lab Setup Files

2012-10-04 13:58 . 2012-10-04 14:00 -------- d-----w- c:\documents and settings\lietotajs\Local Settings\Application Data\Ashampoo

2012-10-04 13:57 . 2012-10-04 13:57 -------- d-----w- c:\program files\Ashampoo

2012-10-04 13:05 . 2012-10-04 13:05 -------- d-----w- c:\program files\Windows Sidebar

2012-10-04 13:05 . 2012-10-04 14:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2012-10-03 16:53 . 2011-11-18 13:36 150856 ----a-w- c:\windows\system32\mfevtps.exe

2012-10-03 16:53 . 2012-10-03 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2012-10-03 15:33 . 2012-10-03 15:33 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater

2012-10-03 15:28 . 2012-10-04 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer

2012-10-03 05:40 . 2012-10-03 05:40 -------- d-----w- c:\program files\Common Files\Java

2012-10-03 05:39 . 2012-10-03 05:39 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-10-02 17:16 . 2012-10-02 17:16 89856 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys

2012-10-02 17:16 . 2012-10-02 17:16 861696 ----a-w- c:\windows\system32\drivers\mod7700.sys

2012-10-02 17:16 . 2012-10-02 17:16 73984 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys

2012-10-02 17:16 . 2012-10-02 17:16 66688 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys

2012-10-02 17:16 . 2012-10-02 17:16 28672 ----a-w- c:\windows\system32\drivers\usbccid.sys

2012-10-02 17:16 . 2012-10-02 17:16 26624 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys

2012-10-02 17:16 . 2012-10-02 17:16 19200 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys

2012-10-02 17:16 . 2012-10-02 17:16 25856 ----a-w- c:\windows\system32\drivers\ewdcsc.sys

2012-10-02 17:16 . 2012-10-02 17:16 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys

2012-10-02 17:16 . 2012-10-02 17:16 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys

2012-10-02 17:16 . 2012-10-02 17:16 239104 ----a-w- c:\windows\system32\drivers\ewusbnet.sys

2012-10-02 17:16 . 2012-10-02 17:16 195200 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys

2012-10-02 08:32 . 2012-10-02 08:32 -------- d-----w- c:\documents and settings\lietotajs\Local Settings\Application Data\PCHealth

2012-10-02 00:09 . 2012-10-02 00:09 -------- d-----w- c:\documents and settings\lietotajs\Application Data\AVG2013

2012-10-02 00:08 . 2012-10-02 00:08 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AVG2013

2012-10-02 00:06 . 2012-10-02 00:06 -------- d-----w- c:\documents and settings\lietotajs\Application Data\TuneUp Software

2012-10-02 00:06 . 2012-10-02 00:06 -------- d-----w- c:\documents and settings\lietotajs\Local Settings\Application Data\AVG Secure Search

2012-10-02 00:05 . 2012-10-02 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search

2012-10-02 00:05 . 2012-10-02 00:05 -------- d-----w- c:\documents and settings\lietotajs\Application Data\AVG Secure Search

2012-10-02 00:05 . 2012-10-02 00:05 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2012-10-02 00:05 . 2012-10-02 00:05 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2012-10-02 00:03 . 2012-10-02 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013

2012-10-02 00:03 . 2012-10-02 00:03 -------- d-----w- C:\$AVG

2012-10-01 23:55 . 2012-10-02 00:18 -------- d-----w- c:\documents and settings\lietotajs\Local Settings\Application Data\Avg2013

2012-10-01 23:55 . 2012-10-01 23:55 -------- d-----w- c:\documents and settings\lietotajs\Local Settings\Application Data\MFAData

2012-10-01 21:52 . 2012-10-01 21:52 -------- d-----w- c:\documents and settings\lietotajs\Local Settings\Application Data\PassMark

2012-10-01 21:51 . 2012-10-01 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PassMark

2012-09-30 07:42 . 2012-09-30 07:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-09-30 07:42 . 2012-09-07 14:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-30 07:05 . 2012-09-30 07:11 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-09-24 16:23 . 2012-09-24 16:23 -------- d-----w- c:\program files\CPUID

2012-09-22 23:05 . 2012-09-22 23:05 -------- d-----w- c:\windows\Performance

2012-09-22 23:04 . 2012-09-22 23:04 -------- d-----w- c:\documents and settings\lietotajs\Local Settings\Application Data\Microsoft Corporation

2012-09-22 23:03 . 2012-09-22 23:03 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor

2012-09-22 21:35 . 2012-09-22 21:49 -------- d-----w- c:\documents and settings\lietotajs\Application Data\Wise Registry Cleaner

2012-09-22 21:34 . 2012-09-22 21:34 -------- d-----w- c:\program files\Wise

2012-09-22 14:59 . 2012-10-03 13:45 -------- d-----w- c:\program files\1-Click PC Fix v4

2012-09-22 14:26 . 2012-10-02 02:44 -------- d-----w- c:\documents and settings\lietotajs\Application Data\Sweetpacks

2012-09-22 14:25 . 2012-10-02 02:44 -------- d-----w- c:\program files\SweetPCFix

2012-09-22 13:22 . 2012-09-22 13:30 -------- d-----w- c:\windows\UXBackup

2012-09-22 13:19 . 2012-09-22 13:19 -------- d-----w- c:\documents and settings\lietotajs\Application Data\SUPERAntiSpyware.com

2012-09-22 13:18 . 2012-09-22 13:19 -------- d-----w- c:\program files\UX Pack

2012-09-22 13:18 . 2006-12-03 14:15 69632 ----a-w- c:\windows\system32\moveex.exe

2012-09-22 13:03 . 2012-10-04 13:21 -------- d-----w- c:\program files\SweetIM

2012-09-17 15:58 . 2012-09-17 15:58 51936 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2012-09-15 17:27 . 2012-09-15 17:27 -------- d-----w- c:\documents and settings\lietotajs\Application Data\8floor

2012-09-15 17:27 . 2012-09-15 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\8floor

2012-09-14 11:51 . 2012-09-14 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\HipSoft

2012-09-14 11:50 . 2012-09-14 11:50 -------- d-----w- c:\program files\Build a Lot 5 Elizabethan Era

2012-09-14 10:05 . 2005-05-26 12:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll

2012-09-14 09:52 . 2012-09-14 10:05 -------- d--h--w- c:\windows\msdownld.tmp

2012-09-14 09:52 . 2012-09-14 09:52 -------- d-----w- c:\windows\Logs

2012-09-14 09:30 . 2012-09-14 09:33 -------- d-----w- c:\program files\Postal2

2012-09-14 09:25 . 2012-09-14 09:25 -------- d-----w- c:\program files\FishBone Games

2012-09-14 09:24 . 2012-09-14 09:24 -------- d-----w- C:\Downloads

2012-09-14 02:34 . 2012-09-14 02:34 89440 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2012-09-13 21:30 . 2012-09-13 21:30 -------- d-----w- c:\documents and settings\lietotajs\Application Data\NevoSoft Games

2012-09-13 21:27 . 2012-09-15 02:18 -------- d-----w- c:\program files\Farm Craft 2 - Global Vegetable Crisis

2012-09-13 18:49 . 2012-09-13 18:49 -------- d-----w- c:\program files\Croteam

2012-09-13 18:34 . 2012-09-13 18:34 -------- d-----w- c:\documents and settings\All Users\Application Data\rionix

2012-09-13 16:52 . 2012-09-13 16:52 -------- d-----w- c:\documents and settings\lietotajs\Application Data\Green Clover Games

2012-09-13 16:52 . 2012-09-13 16:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Green Clover Games

2012-09-13 15:25 . 2012-09-13 15:54 -------- d-----w- c:\documents and settings\All Users\Application Data\DreamFarm

2012-09-13 15:25 . 2012-09-13 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper

2012-09-13 15:23 . 2012-09-13 16:14 -------- d-----w- c:\program files\DoubleGames.com

2012-09-13 15:23 . 2012-09-13 15:23 -------- d-----w- c:\program files\Alawar

2012-09-13 12:55 . 2012-09-13 12:55 -------- d-----w- c:\documents and settings\lietotajs\Application Data\playmink

2012-09-12 08:47 . 2012-09-12 08:47 164704 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2012-09-12 08:47 . 2012-09-12 08:47 151648 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2012-09-12 06:31 . 2012-09-28 02:22 -------- d-----w- c:\program files\Cheat Engine 6.2

2012-09-12 00:27 . 2012-09-12 00:28 -------- d-----w- C:\Westwood

2012-09-12 00:26 . 1997-04-08 17:08 299520 ----a-w- c:\windows\uninst.exe

2012-09-11 21:02 . 2012-09-11 21:02 -------- d-s---w- c:\documents and settings\lietotajs\UserData

2012-09-11 21:02 . 2012-09-11 21:02 -------- d-----w- c:\documents and settings\lietotajs\Local Settings\Application Data\Threat Expert

2012-09-11 20:05 . 2012-09-11 20:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2012-09-11 17:06 . 2012-09-11 17:06 -------- d-----w- c:\program files\PC Tools

2012-09-11 15:58 . 2012-09-11 18:07 -------- d-----w- c:\program files\Common Files\PC Tools

2012-09-11 15:58 . 2012-06-22 12:34 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2012-09-11 15:48 . 2012-09-11 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2012-09-11 15:48 . 2012-09-11 15:48 -------- d-----w- c:\documents and settings\lietotajs\Application Data\TestApp

2012-09-08 19:12 . 2012-09-14 09:31 -------- d-----w- C:\Games

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-04 16:46 . 2012-10-04 16:46 103140 --sh--r- C:\qast.pif

2012-10-03 05:39 . 2012-06-06 08:10 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-10-03 05:38 . 2012-06-06 08:10 821736 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-10-03 05:38 . 2011-10-19 23:05 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-10-02 17:16 . 2012-06-04 16:04 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll

2012-10-02 17:16 . 2012-06-04 16:04 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll

2012-09-03 18:37 . 2012-09-03 18:37 1409 ----a-w- c:\windows\QTFont.for

2012-09-03 06:26 . 2012-09-03 06:26 98304 ----a-w- c:\windows\system32\CmdLineExt.dll

2012-08-30 20:29 . 2011-09-18 20:19 81920 ----a-w- c:\windows\system32\ieencode.dll

2012-08-30 20:29 . 2008-04-14 12:00 667136 ----a-w- c:\windows\system32\wininet.dll

2012-08-30 20:29 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx

2012-08-28 13:00 . 2008-04-14 12:00 369664 ----a-w- c:\windows\system32\html.iec

2012-08-13 13:40 . 2012-08-13 13:40 176096 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys

2012-08-10 01:52 . 2012-08-10 01:52 19808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys

2012-08-10 01:52 . 2012-08-10 01:52 35168 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2012-08-09 10:56 . 2012-08-09 10:56 178656 ----a-w- c:\windows\system32\drivers\avglogx.sys

2012-07-10 12:02 . 2012-07-10 12:02 504008 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-10 12:02 . 2011-09-08 18:46 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-04-14 16:56 . 2011-09-08 18:45 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-04-14 . 37BEC2CF1B14E1D69357564983AD1EBA . 1432064 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe

[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\UXBackup\explorer.exe

.

[-] 2008-04-14 . 605326486B5BBD7CEBA1F0A4DE16F73A . 229376 . . [5.1.2600.5512] . . c:\windows\regedit.exe

[7] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe

[7] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\UXBackup\regedit.exe

.

[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\iexplore.exe

[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\UXBackup\iexplore.exe

.

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

"uTorrent"="D:\uTorrent.exe" [2012-10-04 368432]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSPower"="SiSPower.dll" [2005-07-25 49152]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 117616]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 1009016]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Utility Tray.lnk - c:\windows\system32\sistray.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 1 (0x1)

"DisableRegistryTools"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\Nokia\\Nokia PC Suite 7\\OneTouchAccess.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\WINDOWS\\system32\\wuauclt.exe"=

"c:\\Program Files\\PC Connectivity Solution\\NclInstaller.exe"=

"c:\\Program Files\\Nokia\\Nokia PC Suite 7\\CommunicationCentre.exe"=

"c:\\Program Files\\Nokia\\Nokia PC Suite 7\\PCSuite.exe"=

"c:\\program files\\avira\\antivir desktop\\avhlp.exe"=

"c:\\Program Files\\PC Connectivity Solution\\Transports\\NclUSBSrv.exe"=

"c:\\Program Files\\Avira\\AntiVir Desktop\\avgnt.exe"=

"c:\\Program Files\\DAEMON Tools Lite\\daemon.exe"=

"c:\\Program Files\\PC Connectivity Solution\\Transports\\NclRSSrv.exe"=

"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"=

"c:\\WINDOWS\\system32\\netsh.exe"=

"c:\\Documents and Settings\\lietotajs\\Local Settings\\Application Data\\FastestTube\\unins000.exe"=

"c:\\Documents and Settings\\lietotajs\\My Documents\\The Simpsons\\The Simpsons\\Simpsons.exe"=

"c:\\Program Files\\PC Connectivity Solution\\ServiceLayer.exe"=

"c:\\Program Files\\Audacity\\audacity.exe"=

"c:\\WINDOWS\\system32\\SNDVOL32.EXE"=

"c:\\Program Files\\PC Connectivity Solution\\Transports\\NclIrSrv.exe"=

"c:\\Program Files\\PC Connectivity Solution\\Transports\\NclMSBTSrv.exe"=

"c:\\Program Files\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\Governor of Poker 2 Premium Edition\\unins000.exe"=

"c:\\WINDOWS\\system32\\taskmgr.exe"=

"c:\\Program Files\\MyRealGames.com\\Talismans of Atlantis\\Atlantis.exe"=

"c:\\Program Files\\FreeGamePick.com\\Mayan Maze\\MayanMaze.exe"=

"c:\\Program Files\\CheMaxRus\\yapacksetup.exe"=

"c:\\Program Files\\Project64 1.6\\Project64.exe"=

"c:\\Documents and Settings\\lietotajs\\Desktop\\emulatori\\parastais kompis\\VirtuaNES.exe"=

"c:\\Documents and Settings\\lietotajs\\Desktop\\emulatori\\plaistation1\\ePSXe.exe"=

"c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe"=

"c:\\Program Files\\Common Files\\Adobe\\Updater6\\Adobe_Updater.exe"=

"c:\\Program Files\\Cheatbook Database 2005\\base2005.exe"=

"c:\\Program Files\\Audacity\\unins000.exe"=

"c:\\Documents and Settings\\lietotajs\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=

"c:\\Program Files\\Governor of Poker 2 Premium Edition\\GovernorofPoker2_PE.exe"=

"c:\\WINDOWS\\system32\\WgaTray.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\Tele2 Mobile Partner\\OnlineUpdate\\ouc.exe"=

"c:\\Program Files\\LMT Internet\\LMT Internet.exe"=

"c:\\Program Files\\MyRealGames.com\\Jigsaw Deluxe\\unins000.exe"=

"c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\iKernel.exe"= c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\Engine\\6\\INTEL3~1\\IKernel.exe

"c:\\Documents and Settings\\All Users\\Application Data\\LMT Internet\\OnlineUpdate\\ouc.exe"=

"c:\\Program Files\\LMT Internet\\UpdateDog\\ouc.exe"=

"c:\\Program Files\\emperor_dune\\Emperor.exe"=

"c:\\Program Files\\Common Files\\InstallShield\\Engine\\6\\Intel 32\\IKernel.exe"=

"c:\\Documents and Settings\\lietotajs\\Application Data\\Real\\Update\\UpgradeHelper\\RealPlayer\\9.11\\rnupgagent.exe"=

"c:\\Program Files\\LMT Internet\\XStartScreen.exe"=

"c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_3_300_262_Plugin.exe"=

"c:\\Program Files\\emperor_dune\\game.exe"=

"c:\\WINDOWS\\system32\\taskman.exe"=

"c:\\Documents and Settings\\lietotajs\\Desktop\\NO$GBA.EXE"=

"c:\\Program Files\\MyRealGames.com\\Family Puzzle\\game.exe"=

"c:\\Documents and Settings\\lietotajs\\Desktop\\emulatori\\Fusion364\\Fusion.exe"=

"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=

"c:\\Documents and Settings\\lietotajs\\Desktop\\emulatori\\KEmulator_lite_098\\KEmulator_lite_098\\KEmulator_lite_098\\jre\\bin\\javaw.exe"=

"c:\\WINDOWS\\system32\\narrator.exe"=

"c:\\Documents and Settings\\lietotajs\\My Documents\\dziesmas\\TMNT_[tfile.ru]\\down\\droid\\New Folder (2)\\CheMax_for_Consoles_v2.5-spaces_ru.exe"=

"c:\\Program Files\\CheckPoint\\Install\\Launcher.exe"=

"c:\\Documents and Settings\\lietotajs\\Desktop\\TaskManagerFix.exe"=

"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=

"c:\\Documents and Settings\\lietotajs\\Local Settings\\Application Data\\Google\\Update\\1.3.21.123\\GoogleCrashHandler.exe"=

"c:\\Program Files\\UX Pack\\uxlaunch.exe"=

"c:\\PROGRA~1\\UXPACK~1\\TRUETR~1\\TrueTransparency.exe"=

"c:\\Documents and Settings\\lietotajs\\Desktop\\laaalaaa\\mbam-setup-1.62.0.1300.exe"=

"c:\\Program Files\\SUPERAntiSpyware\\SASCORE.EXE"=

"c:\\Documents and Settings\\lietotajs\\Desktop\\laaalaaa\\AdvanceMap 1.92\\AdvanceMap.exe"=

"c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"=

"c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\LogTransport2.exe"=

"d:\\uTorrent.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe"=

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012.09.17. 18:58 51936]

R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012.08.09. 13:56 178656]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012.08.10. 4:52 35168]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2011.09.18. 21:25 721904]

R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012.08.13. 16:40 176096]

R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012.08.10. 4:52 19808]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012.09.12. 11:47 151648]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012.09.12. 11:47 164704]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012.10.02. 3:05 27496]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [2012.07.11. 21:54 186240]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012.09.30. 10:51 399432]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012.10.03. 19:53 150856]

R2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009.07.13. 1:07 21096]

R2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [2009.07.13. 1:07 25448]

R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012.10.02. 3:05 722528]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2012.01.12. 19:52 30944]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2012.10.02. 20:16 239104]

R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012.10.02. 20:16 73984]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

S0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS --> c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [?]

S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\Drivers\ShlDrv51.sys --> c:\windows\system32\Drivers\ShlDrv51.sys [?]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]

S2 avgfws;AVG Firewall;"c:\program files\AVG\AVG2013\avgfws.exe" --> c:\program files\AVG\AVG2013\avgfws.exe [?]

S2 avgwd;AVG WatchDog;"c:\program files\AVG\AVG2013\avgwdsvc.exe" --> c:\program files\AVG\AVG2013\avgwdsvc.exe [?]

S2 LMT Internet. RunOuc;LMT Internet. OUC;c:\program files\LMT Internet\UpdateDog\ouc.exe [2012.10.02. 20:16 725344]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012.09.30. 10:42 676936]

S2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\DRIVERS\PavProc.sys --> c:\windows\system32\DRIVERS\PavProc.sys [?]

S2 Tele2 Mobile Partner. RunOuc;Tele2 Mobile Partner. OUC;c:\program files\Tele2 Mobile Partner\UpdateDog\ouc.exe --> c:\program files\Tele2 Mobile Partner\UpdateDog\ouc.exe [?]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2012.01.12. 19:52 30944]

S3 cpuz135;cpuz135;\??\c:\docume~1\LIETOT~1\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\LIETOT~1\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys [?]

S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012.10.02. 20:16 102784]

S3 FsUsbExDisk;FsUsbExDisk;\??\c:\windows\system32\FsUsbExDisk.SYS --> c:\windows\system32\FsUsbExDisk.SYS [?]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012.09.30. 10:42 22856]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011.10.05. 21:18 137600]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011.10.05. 21:18 8576]

S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2012.05.07. 9:49 98432]

S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2012.05.07. 9:49 14848]

S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2012.05.07. 9:49 123648]

S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

S4 AVGIDSAgent;AVGIDSAgent;"c:\program files\AVG\AVG2013\avgidsagent.exe" --> c:\program files\AVG\AVG2013\avgidsagent.exe [?]

S4 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe [2011.03.14. 18:27 349536]

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://t1.search.com/

mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={E324571C-04B5-11E2-904B-001E101F3534}

uInternet Connection Wizard,ShellNext = iexplore

TCP: Interfaces\{C22BC99B-EA56-4169-94E3-88063D48F021}: NameServer = 212.93.97.145 212.93.96.2

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll

FF - ProfilePath - c:\documents and settings\lietotajs\Application Data\Mozilla\Firefox\Profiles\3n2pbr0z.default\

FF - prefs.js: Keyword.Enabled - true

FF - prefs.js: browser.startup.homepage - hxxp://t1.search.com/

FF - prefs.js: browser.search.selectedEngine - Search.com

FF - prefs.js: keyword.URL - hxxp://t1.search.com/search?q=

FF - user.js: extensions.zonealarm.autoRvrt - false

FF - user.js: extensions.zonealarm_i.hmpg - true

FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN114351045043019-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=ecfbd6a5000000000000001e101f305e

FF - user.js: extensions.zonealarm.dfltSrch - true

FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: security.csp.enable - false

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL

AddRemove-PerformanceTest 7_is1 - c:\program files\PerformanceTest\unins000.exe

AddRemove-PokerStars - c:\program files\PokerStars\PokerStarsUninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-10-04 19:44

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amsint32]

"ImagePath"="\??\c:\windows\system32\drivers\jnnnqo.sys"

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]

"ImagePath"="\??\c:\docume~1\LIETOT~1\LOCALS~1\Temp\ASFWHide"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1032)

c:\windows\system32\cscui.dll

.

- - - - - - - > 'explorer.exe'(3044)

c:\windows\system32\msi.dll

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\NETSHELL.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\SCardSvr.exe

c:\documents and settings\All Users\Application Data\LMT Internet\OnlineUpdate\ouc.exe

c:\program files\Adobe\Reader 9.0\Reader\LogTransport2.exe

.

**************************************************************************

.

Completion time: 2012-10-04 19:52:00 - machine was rebooted

ComboFix-quarantined-files.txt 2012-10-04 16:51

.

Pre-Run: 4 311 777 280 bytes free

Post-Run: 4 488 830 976 bytes free

.

- - End Of File - - 45F22648278690ABF78F78859611F5B5

Link to post
Share on other sites

How many anti-virus programs do you have installed???

I see these in your attach.txt log:

AVG 2013

Avira AntiVir Personal - Free Antivirus

ZoneAlarm Free Antivirus + Firewall

and all of these in your ComboFix log:

AVG2013

Kaspersky Lab

Norton

McAfee

PC Tools

You can only have one anti-virus program installed > more causes all kinds of problems.

Please pick one and uninstall the rest.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please find this file and upload to VirusTotal for a free scan, let me know the results (just copy back the url)

http://www.virustotal.com/

c:\windows\explorer.exe

Let me know.....MrC

Link to post
Share on other sites

Using ComboFix......

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

File::

C:\wjlbdl.pif

C:\ckmyo.exe

ClearJavaCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

Link to post
Share on other sites

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

[RUN][sUSP PATH] HKLM\[...]\Run : RRT-Auto (C:\Documents and Settings\lietotajs\Desktop\RRT.exe auto) -> FOUND

[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{C22BC99B-EA56-4169-94E3-88063D48F021} : NameServer (212.93.97.145 212.93.96.2) -> FOUND

[HJPOL] HKCU\[...]\System : DisableTaskMgr (1) -> FOUND

[HJPOL] HKCU\[...]\System : DisableRegistryTools (1) -> FOUND

[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ] HKCU\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND

[HJ] HKLM\[...]\Security Center : FIREWALLDISABLENOTIFY (1) -> FOUND

[HJ] HKLM\[...]\Security Center : UPDATESDISABLENOTIFY (1) -> FOUND

Now click Delete on the right hand column under Options

-------------

Next click on the DNS tab and put a check next to these and uncheck the rest. (if found)

[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{C22BC99B-EA56-4169-94E3-88063D48F021} : NameServer (212.93.97.145 212.93.96.2) -> FOUND

Now click Fix DNS on the right hand column under Options

-------------

Next click on the Processes tab and put a check next to these and uncheck the rest. (if found)

[sUSP PATH] UnsignedThemesSvc.exe -- C:\WINDOWS\UnsignedThemesSvc.exe -> KILLED [TermProc]

Now click Delete on the right hand column under Options

Reboot and let me know.....MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.