Jump to content


Photo
- - - - -

i cant acess antivirus sites


  • This topic is locked This topic is locked
42 replies to this topic

#1 aigars

aigars

    New Member

  • Members
  • Pip
  • 22 posts

Posted 04 October 2012 - 09:05 AM

help i cant acess antivirus sites like kasperski and others also if i download any antivirus it vount work
can my malaware bytes pro can fix tis?

Attached Files



#2 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,137 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 04 October 2012 - 09:33 AM

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Quit all running programs.

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

------->Your topic will be closed if you haven't replied within 3 days!<--------

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3 aigars

aigars

    New Member

  • Members
  • Pip
  • 22 posts

Posted 04 October 2012 - 10:10 AM

ok i scaned an attached

Attached Files



#4 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,137 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 04 October 2012 - 10:36 AM

Before we proceed further, please uninstall or disable uTorrent and any other peer-to-peer filesharing app.
Continued use of filesharing or ill-advised downloads will surely re-infect your system.

Please also uninstall these:

DAEMON Tools Toolbar
Java™ 6 Update 32
uTorrentControl2 Toolbar
Yontoo 1.10.02


Risks of File-Sharing Technology.

P2P file sharing: Know the risks

It's also against the forums policy concerning P2P programs:
http://forums.malwar...showtopic=97700

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Run disk-cleanup:
http://www.theelderg...nup_utility.htm

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I want you to run ComboFix but before you do.......

Please back up the registry:
http://www.geekstogo...ry-using-erunt/

Please create a new system restore point also.

If after running ComboFix you can't connect to the internet, please navigate to
the C:\WINDOWS\ERDNT folder and run ERDNT.exe > this will restore the registry > reboot and see how it is.
If that doesn't work....use that system restore point and that will correct the problem.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#5 aigars

aigars

    New Member

  • Members
  • Pip
  • 22 posts

Posted 04 October 2012 - 11:57 AM

ok i runed combo fix. i have file in local disc c ckmyo.exe when delete it comes back malaware bytes says it is virus

Attached Files



#6 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,137 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 04 October 2012 - 12:20 PM

ComboFix 12-10-04.02 - lietotajs 012.10.04. 19:29:49.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1033.18.990.526 [GMT 3:00]
Running from: c:\documents and settings\lietotajs\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
C:\desktop.ini
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\WombatUpdater
c:\documents and settings\All Users\Application Data\WombatUpdater\Uninstall.exe
c:\documents and settings\All Users\Application Data\WombatUpdater\WombatUpdater.exe
c:\documents and settings\lietotajs\WINDOWS
C:\Folder.htt
c:\windows\IsUn0419.exe
c:\windows\system32\avgfwdx.dll
c:\windows\system32\muzapp.exe
c:\windows\system32\rundll32.exe.tmp
c:\windows\system32\sqlite3.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
D:\Autorun.inf
D:\vexb.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ABP470N5
-------\Service_abp470n5
-------\Service_amsint32
.
.
((((((((((((((((((((((((( Files Created from 2012-09-04 to 2012-10-04 )))))))))))))))))))))))))))))))
.
.
2012-10-04 16:45 . 2012-10-04 16:45 103140 --sh--r- C:\wjlbdl.pif
2012-10-04 16:16 . 2012-10-04 16:26 103140 ----a-w- C:\ckmyo.exe
2012-10-04 15:50 . 2012-10-04 15:50 -------- d-----w- c:\program files\ERUNT
2012-10-04 14:25 . 2012-10-04 14:25 -------- d-----w- c:\documents and settings\All Users\Kaspersky Lab Setup Files
2012-10-04 13:58 . 2012-10-04 14:00 -------- d-----w- c:\documents and settings\lietotajs\Local Settings\Application Data\Ashampoo
2012-10-04 13:57 . 2012-10-04 13:57 -------- d-----w- c:\program files\Ashampoo
2012-10-04 13:05 . 2012-10-04 13:05 -------- d-----w- c:\program files\Windows Sidebar
2012-10-04 13:05 . 2012-10-04 14:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2012-10-03 16:53 . 2011-11-18 13:36 150856 ----a-w- c:\windows\system32\mfevtps.exe
2012-10-03 16:53 . 2012-10-03 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2012-10-03 15:33 . 2012-10-03 15:33 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater
2012-10-03 15:28 . 2012-10-04 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2012-10-03 05:40 . 2012-10-03 05:40 -------- d-----w- c:\program files\Common Files\Java
2012-10-03 05:39 . 2012-10-03 05:39 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-02 17:16 . 2012-10-02 17:16 89856 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2012-10-02 17:16 . 2012-10-02 17:16 861696 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-10-02 17:16 . 2012-10-02 17:16 73984 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2012-10-02 17:16 . 2012-10-02 17:16 66688 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2012-10-02 17:16 . 2012-10-02 17:16 28672 ----a-w- c:\windows\system32\drivers\usbccid.sys
2012-10-02 17:16 . 2012-10-02 17:16 26624 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2012-10-02 17:16 . 2012-10-02 17:16 19200 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2012-10-02 17:16 . 2012-10-02 17:16 25856 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-10-02 17:16 . 2012-10-02 17:16 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-10-02 17:16 . 2012-10-02 17:16 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2012-10-02 17:16 . 2012-10-02 17:16 239104 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-10-02 17:16 . 2012-10-02 17:16 195200 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-10-02 08:32 . 2012-10-02 08:32 -------- d-----w- c:\documents and settings\lietotajs\Local Settings\Application Data\PCHealth
2012-10-02 00:09 . 2012-10-02 00:09 -------- d-----w- c:\documents and settings\lietotajs\Application Data\AVG2013
2012-10-02 00:08 . 2012-10-02 00:08 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AVG2013
2012-10-02 00:06 . 2012-10-02 00:06 -------- d-----w- c:\documents and settings\lietotajs\Application Data\TuneUp Software
2012-10-02 00:06 . 2012-10-02 00:06 -------- d-----w- c:\documents and settings\lietotajs\Local Settings\Application Data\AVG Secure Search
2012-10-02 00:05 . 2012-10-02 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2012-10-02 00:05 . 2012-10-02 00:05 -------- d-----w- c:\documents and settings\lietotajs\Application Data\AVG Secure Search
2012-10-02 00:05 . 2012-10-02 00:05 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-10-02 00:05 . 2012-10-02 00:05 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-10-02 00:03 . 2012-10-02 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013
2012-10-02 00:03 . 2012-10-02 00:03 -------- d-----w- C:\$AVG
2012-10-01 23:55 . 2012-10-02 00:18 -------- d-----w- c:\documents and settings\lietotajs\Local Settings\Application Data\Avg2013
2012-10-01 23:55 . 2012-10-01 23:55 -------- d-----w- c:\documents and settings\lietotajs\Local Settings\Application Data\MFAData
2012-10-01 21:52 . 2012-10-01 21:52 -------- d-----w- c:\documents and settings\lietotajs\Local Settings\Application Data\PassMark
2012-10-01 21:51 . 2012-10-01 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PassMark
2012-09-30 07:42 . 2012-09-30 07:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-30 07:42 . 2012-09-07 14:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-30 07:05 . 2012-09-30 07:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-24 16:23 . 2012-09-24 16:23 -------- d-----w- c:\program files\CPUID
2012-09-22 23:05 . 2012-09-22 23:05 -------- d-----w- c:\windows\Performance
2012-09-22 23:04 . 2012-09-22 23:04 -------- d-----w- c:\documents and settings\lietotajs\Local Settings\Application Data\Microsoft Corporation
2012-09-22 23:03 . 2012-09-22 23:03 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2012-09-22 21:35 . 2012-09-22 21:49 -------- d-----w- c:\documents and settings\lietotajs\Application Data\Wise Registry Cleaner
2012-09-22 21:34 . 2012-09-22 21:34 -------- d-----w- c:\program files\Wise
2012-09-22 14:59 . 2012-10-03 13:45 -------- d-----w- c:\program files\1-Click PC Fix v4
2012-09-22 14:26 . 2012-10-02 02:44 -------- d-----w- c:\documents and settings\lietotajs\Application Data\Sweetpacks
2012-09-22 14:25 . 2012-10-02 02:44 -------- d-----w- c:\program files\SweetPCFix
2012-09-22 13:22 . 2012-09-22 13:30 -------- d-----w- c:\windows\UXBackup
2012-09-22 13:19 . 2012-09-22 13:19 -------- d-----w- c:\documents and settings\lietotajs\Application Data\SUPERAntiSpyware.com
2012-09-22 13:18 . 2012-09-22 13:19 -------- d-----w- c:\program files\UX Pack
2012-09-22 13:18 . 2006-12-03 14:15 69632 ----a-w- c:\windows\system32\moveex.exe
2012-09-22 13:03 . 2012-10-04 13:21 -------- d-----w- c:\program files\SweetIM
2012-09-17 15:58 . 2012-09-17 15:58 51936 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-09-15 17:27 . 2012-09-15 17:27 -------- d-----w- c:\documents and settings\lietotajs\Application Data\8floor
2012-09-15 17:27 . 2012-09-15 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\8floor
2012-09-14 11:51 . 2012-09-14 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\HipSoft
2012-09-14 11:50 . 2012-09-14 11:50 -------- d-----w- c:\program files\Build a Lot 5 Elizabethan Era
2012-09-14 10:05 . 2005-05-26 12:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2012-09-14 09:52 . 2012-09-14 10:05 -------- d--h--w- c:\windows\msdownld.tmp
2012-09-14 09:52 . 2012-09-14 09:52 -------- d-----w- c:\windows\Logs
2012-09-14 09:30 . 2012-09-14 09:33 -------- d-----w- c:\program files\Postal2
2012-09-14 09:25 . 2012-09-14 09:25 -------- d-----w- c:\program files\FishBone Games
2012-09-14 09:24 . 2012-09-14 09:24 -------- d-----w- C:\Downloads
2012-09-14 02:34 . 2012-09-14 02:34 89440 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-09-13 21:30 . 2012-09-13 21:30 -------- d-----w- c:\documents and settings\lietotajs\Application Data\NevoSoft Games
2012-09-13 21:27 . 2012-09-15 02:18 -------- d-----w- c:\program files\Farm Craft 2 - Global Vegetable Crisis
2012-09-13 18:49 . 2012-09-13 18:49 -------- d-----w- c:\program files\Croteam
2012-09-13 18:34 . 2012-09-13 18:34 -------- d-----w- c:\documents and settings\All Users\Application Data\rionix
2012-09-13 16:52 . 2012-09-13 16:52 -------- d-----w- c:\documents and settings\lietotajs\Application Data\Green Clover Games
2012-09-13 16:52 . 2012-09-13 16:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Green Clover Games
2012-09-13 15:25 . 2012-09-13 15:54 -------- d-----w- c:\documents and settings\All Users\Application Data\DreamFarm
2012-09-13 15:25 . 2012-09-13 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2012-09-13 15:23 . 2012-09-13 16:14 -------- d-----w- c:\program files\DoubleGames.com
2012-09-13 15:23 . 2012-09-13 15:23 -------- d-----w- c:\program files\Alawar
2012-09-13 12:55 . 2012-09-13 12:55 -------- d-----w- c:\documents and settings\lietotajs\Application Data\playmink
2012-09-12 08:47 . 2012-09-12 08:47 164704 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-12 08:47 . 2012-09-12 08:47 151648 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-09-12 06:31 . 2012-09-28 02:22 -------- d-----w- c:\program files\Cheat Engine 6.2
2012-09-12 00:27 . 2012-09-12 00:28 -------- d-----w- C:\Westwood
2012-09-12 00:26 . 1997-04-08 17:08 299520 ----a-w- c:\windows\uninst.exe
2012-09-11 21:02 . 2012-09-11 21:02 -------- d-s---w- c:\documents and settings\lietotajs\UserData
2012-09-11 21:02 . 2012-09-11 21:02 -------- d-----w- c:\documents and settings\lietotajs\Local Settings\Application Data\Threat Expert
2012-09-11 20:05 . 2012-09-11 20:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-09-11 17:06 . 2012-09-11 17:06 -------- d-----w- c:\program files\PC Tools
2012-09-11 15:58 . 2012-09-11 18:07 -------- d-----w- c:\program files\Common Files\PC Tools
2012-09-11 15:58 . 2012-06-22 12:34 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-09-11 15:48 . 2012-09-11 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-09-11 15:48 . 2012-09-11 15:48 -------- d-----w- c:\documents and settings\lietotajs\Application Data\TestApp
2012-09-08 19:12 . 2012-09-14 09:31 -------- d-----w- C:\Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-04 16:46 . 2012-10-04 16:46 103140 --sh--r- C:\qast.pif
2012-10-03 05:39 . 2012-06-06 08:10 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-03 05:38 . 2012-06-06 08:10 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-10-03 05:38 . 2011-10-19 23:05 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-02 17:16 . 2012-06-04 16:04 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2012-10-02 17:16 . 2012-06-04 16:04 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-09-03 18:37 . 2012-09-03 18:37 1409 ----a-w- c:\windows\QTFont.for
2012-09-03 06:26 . 2012-09-03 06:26 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-08-30 20:29 . 2011-09-18 20:19 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-08-30 20:29 . 2008-04-14 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2012-08-30 20:29 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-08-28 13:00 . 2008-04-14 12:00 369664 ----a-w- c:\windows\system32\html.iec
2012-08-13 13:40 . 2012-08-13 13:40 176096 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-08-10 01:52 . 2012-08-10 01:52 19808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-08-10 01:52 . 2012-08-10 01:52 35168 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-08-09 10:56 . 2012-08-09 10:56 178656 ----a-w- c:\windows\system32\drivers\avglogx.sys
2012-07-10 12:02 . 2012-07-10 12:02 504008 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-10 12:02 . 2011-09-08 18:46 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-04-14 16:56 . 2011-09-08 18:45 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . 37BEC2CF1B14E1D69357564983AD1EBA . 1432064 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\UXBackup\explorer.exe
.
[-] 2008-04-14 . 605326486B5BBD7CEBA1F0A4DE16F73A . 229376 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[7] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe
[7] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\UXBackup\regedit.exe
.
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\UXBackup\iexplore.exe
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"uTorrent"="D:\uTorrent.exe" [2012-10-04 368432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2005-07-25 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 117616]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 1009016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Utility Tray.lnk - c:\windows\system32\sistray.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Nokia\\Nokia PC Suite 7\\OneTouchAccess.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\PC Connectivity Solution\\NclInstaller.exe"=
"c:\\Program Files\\Nokia\\Nokia PC Suite 7\\CommunicationCentre.exe"=
"c:\\Program Files\\Nokia\\Nokia PC Suite 7\\PCSuite.exe"=
"c:\\program files\\avira\\antivir desktop\\avhlp.exe"=
"c:\\Program Files\\PC Connectivity Solution\\Transports\\NclUSBSrv.exe"=
"c:\\Program Files\\Avira\\AntiVir Desktop\\avgnt.exe"=
"c:\\Program Files\\DAEMON Tools Lite\\daemon.exe"=
"c:\\Program Files\\PC Connectivity Solution\\Transports\\NclRSSrv.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\Documents and Settings\\lietotajs\\Local Settings\\Application Data\\FastestTube\\unins000.exe"=
"c:\\Documents and Settings\\lietotajs\\My Documents\\The Simpsons\\The Simpsons\\Simpsons.exe"=
"c:\\Program Files\\PC Connectivity Solution\\ServiceLayer.exe"=
"c:\\Program Files\\Audacity\\audacity.exe"=
"c:\\WINDOWS\\system32\\SNDVOL32.EXE"=
"c:\\Program Files\\PC Connectivity Solution\\Transports\\NclIrSrv.exe"=
"c:\\Program Files\\PC Connectivity Solution\\Transports\\NclMSBTSrv.exe"=
"c:\\Program Files\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Governor of Poker 2 Premium Edition\\unins000.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Program Files\\MyRealGames.com\\Talismans of Atlantis\\Atlantis.exe"=
"c:\\Program Files\\FreeGamePick.com\\Mayan Maze\\MayanMaze.exe"=
"c:\\Program Files\\CheMaxRus\\yapacksetup.exe"=
"c:\\Program Files\\Project64 1.6\\Project64.exe"=
"c:\\Documents and Settings\\lietotajs\\Desktop\\emulatori\\parastais kompis\\VirtuaNES.exe"=
"c:\\Documents and Settings\\lietotajs\\Desktop\\emulatori\\plaistation1\\ePSXe.exe"=
"c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Updater6\\Adobe_Updater.exe"=
"c:\\Program Files\\Cheatbook Database 2005\\base2005.exe"=
"c:\\Program Files\\Audacity\\unins000.exe"=
"c:\\Documents and Settings\\lietotajs\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Governor of Poker 2 Premium Edition\\GovernorofPoker2_PE.exe"=
"c:\\WINDOWS\\system32\\WgaTray.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Tele2 Mobile Partner\\OnlineUpdate\\ouc.exe"=
"c:\\Program Files\\LMT Internet\\LMT Internet.exe"=
"c:\\Program Files\\MyRealGames.com\\Jigsaw Deluxe\\unins000.exe"=
"c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\iKernel.exe"= c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\Engine\\6\\INTEL3~1\\IKernel.exe
"c:\\Documents and Settings\\All Users\\Application Data\\LMT Internet\\OnlineUpdate\\ouc.exe"=
"c:\\Program Files\\LMT Internet\\UpdateDog\\ouc.exe"=
"c:\\Program Files\\emperor_dune\\Emperor.exe"=
"c:\\Program Files\\Common Files\\InstallShield\\Engine\\6\\Intel 32\\IKernel.exe"=
"c:\\Documents and Settings\\lietotajs\\Application Data\\Real\\Update\\UpgradeHelper\\RealPlayer\\9.11\\rnupgagent.exe"=
"c:\\Program Files\\LMT Internet\\XStartScreen.exe"=
"c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_3_300_262_Plugin.exe"=
"c:\\Program Files\\emperor_dune\\game.exe"=
"c:\\WINDOWS\\system32\\taskman.exe"=
"c:\\Documents and Settings\\lietotajs\\Desktop\\NO$GBA.EXE"=
"c:\\Program Files\\MyRealGames.com\\Family Puzzle\\game.exe"=
"c:\\Documents and Settings\\lietotajs\\Desktop\\emulatori\\Fusion364\\Fusion.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=
"c:\\Documents and Settings\\lietotajs\\Desktop\\emulatori\\KEmulator_lite_098\\KEmulator_lite_098\\KEmulator_lite_098\\jre\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\narrator.exe"=
"c:\\Documents and Settings\\lietotajs\\My Documents\\dziesmas\\TMNT_[tfile.ru]\\down\\droid\\New Folder (2)\\CheMax_for_Consoles_v2.5-spaces_ru.exe"=
"c:\\Program Files\\CheckPoint\\Install\\Launcher.exe"=
"c:\\Documents and Settings\\lietotajs\\Desktop\\TaskManagerFix.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Documents and Settings\\lietotajs\\Local Settings\\Application Data\\Google\\Update\\1.3.21.123\\GoogleCrashHandler.exe"=
"c:\\Program Files\\UX Pack\\uxlaunch.exe"=
"c:\\PROGRA~1\\UXPACK~1\\TRUETR~1\\TrueTransparency.exe"=
"c:\\Documents and Settings\\lietotajs\\Desktop\\laaalaaa\\mbam-setup-1.62.0.1300.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SASCORE.EXE"=
"c:\\Documents and Settings\\lietotajs\\Desktop\\laaalaaa\\AdvanceMap 1.92\\AdvanceMap.exe"=
"c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"=
"c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\LogTransport2.exe"=
"d:\\uTorrent.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012.09.17. 18:58 51936]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012.08.09. 13:56 178656]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012.08.10. 4:52 35168]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2011.09.18. 21:25 721904]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012.08.13. 16:40 176096]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012.08.10. 4:52 19808]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012.09.12. 11:47 151648]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012.09.12. 11:47 164704]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012.10.02. 3:05 27496]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [2012.07.11. 21:54 186240]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012.09.30. 10:51 399432]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012.10.03. 19:53 150856]
R2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009.07.13. 1:07 21096]
R2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [2009.07.13. 1:07 25448]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012.10.02. 3:05 722528]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2012.01.12. 19:52 30944]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2012.10.02. 20:16 239104]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012.10.02. 20:16 73984]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS --> c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [?]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\Drivers\ShlDrv51.sys --> c:\windows\system32\Drivers\ShlDrv51.sys [?]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
S2 avgfws;AVG Firewall;"c:\program files\AVG\AVG2013\avgfws.exe" --> c:\program files\AVG\AVG2013\avgfws.exe [?]
S2 avgwd;AVG WatchDog;"c:\program files\AVG\AVG2013\avgwdsvc.exe" --> c:\program files\AVG\AVG2013\avgwdsvc.exe [?]
S2 LMT Internet. RunOuc;LMT Internet. OUC;c:\program files\LMT Internet\UpdateDog\ouc.exe [2012.10.02. 20:16 725344]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012.09.30. 10:42 676936]
S2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\DRIVERS\PavProc.sys --> c:\windows\system32\DRIVERS\PavProc.sys [?]
S2 Tele2 Mobile Partner. RunOuc;Tele2 Mobile Partner. OUC;c:\program files\Tele2 Mobile Partner\UpdateDog\ouc.exe --> c:\program files\Tele2 Mobile Partner\UpdateDog\ouc.exe [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2012.01.12. 19:52 30944]
S3 cpuz135;cpuz135;\??\c:\docume~1\LIETOT~1\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\LIETOT~1\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012.10.02. 20:16 102784]
S3 FsUsbExDisk;FsUsbExDisk;\??\c:\windows\system32\FsUsbExDisk.SYS --> c:\windows\system32\FsUsbExDisk.SYS [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012.09.30. 10:42 22856]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011.10.05. 21:18 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011.10.05. 21:18 8576]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2012.05.07. 9:49 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2012.05.07. 9:49 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2012.05.07. 9:49 123648]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S4 AVGIDSAgent;AVGIDSAgent;"c:\program files\AVG\AVG2013\avgidsagent.exe" --> c:\program files\AVG\AVG2013\avgidsagent.exe [?]
S4 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe [2011.03.14. 18:27 349536]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://t1.search.com/
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={E324571C-04B5-11E2-904B-001E101F3534}
uInternet Connection Wizard,ShellNext = iexplore
TCP: Interfaces\{C22BC99B-EA56-4169-94E3-88063D48F021}: NameServer = 212.93.97.145 212.93.96.2
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\lietotajs\Application Data\Mozilla\Firefox\Profiles\3n2pbr0z.default\
FF - prefs.js: Keyword.Enabled - true
FF - prefs.js: browser.startup.homepage - hxxp://t1.search.com/
FF - prefs.js: browser.search.selectedEngine - Search.com
FF - prefs.js: keyword.URL - hxxp://t1.search.com/search?q=
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN114351045043019-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=ecfbd6a5000000000000001e101f305e
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
AddRemove-PerformanceTest 7_is1 - c:\program files\PerformanceTest\unins000.exe
AddRemove-PokerStars - c:\program files\PokerStars\PokerStarsUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-04 19:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amsint32]
"ImagePath"="\??\c:\windows\system32\drivers\jnnnqo.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\c:\docume~1\LIETOT~1\LOCALS~1\Temp\ASFWHide"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1032)
c:\windows\system32\cscui.dll
.
- - - - - - - > 'explorer.exe'(3044)
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\documents and settings\All Users\Application Data\LMT Internet\OnlineUpdate\ouc.exe
c:\program files\Adobe\Reader 9.0\Reader\LogTransport2.exe
.
**************************************************************************
.
Completion time: 2012-10-04 19:52:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-04 16:51
.
Pre-Run: 4 311 777 280 bytes free
Post-Run: 4 488 830 976 bytes free
.
- - End Of File - - 45F22648278690ABF78F78859611F5B5

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#7 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,137 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 04 October 2012 - 12:37 PM

How many anti-virus programs do you have installed???

I see these in your attach.txt log:

AVG 2013
Avira AntiVir Personal - Free Antivirus
ZoneAlarm Free Antivirus + Firewall


and all of these in your ComboFix log:

AVG2013
Kaspersky Lab
Norton
McAfee
PC Tools


You can only have one anti-virus program installed > more causes all kinds of problems.
Please pick one and uninstall the rest.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please find this file and upload to VirusTotal for a free scan, let me know the results (just copy back the url)
http://www.virustotal.com/

c:\windows\explorer.exe

Let me know.....MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#8 aigars

aigars

    New Member

  • Members
  • Pip
  • 22 posts

Posted 04 October 2012 - 12:48 PM

i cant acess http://www.virustotal.com/

#9 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,137 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 04 October 2012 - 12:57 PM

Can you copy the file and then zip it up and attach it.

How To Attach a Log > Go To Step #1


MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#10 aigars

aigars

    New Member

  • Members
  • Pip
  • 22 posts

Posted 04 October 2012 - 01:09 PM

ok

Attached Files



#11 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,137 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 04 October 2012 - 01:34 PM

Using ComboFix......
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
4. If ComboFix wants to update.....please allow it to.

File::
C:\wjlbdl.pif
C:\ckmyo.exe

ClearJavaCache::


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......
Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#12 aigars

aigars

    New Member

  • Members
  • Pip
  • 22 posts

Posted 04 October 2012 - 02:48 PM

ok i did that

Attached Files



#13 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,137 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 04 October 2012 - 05:20 PM

Is there any difference?? MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#14 aigars

aigars

    New Member

  • Members
  • Pip
  • 22 posts

Posted 04 October 2012 - 06:21 PM

it only deleted come of viruses i stil cant acess my antivirus and taskmanager,regedit is disabled

#15 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,137 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 04 October 2012 - 06:22 PM

Run a new scan with RogueKiller and post the new log, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#16 aigars

aigars

    New Member

  • Members
  • Pip
  • 22 posts

Posted 04 October 2012 - 06:29 PM

.

#17 aigars

aigars

    New Member

  • Members
  • Pip
  • 22 posts

Posted 04 October 2012 - 06:31 PM

.

Attached Files



#18 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,137 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 04 October 2012 - 06:55 PM

Run RogueKiller again and click Scan
When the scan completes > click on the Registry tab
Put a check next to all of these and uncheck the rest: (if found)

[RUN][SUSP PATH] HKLM\[...]\Run : RRT-Auto (C:\Documents and Settings\lietotajs\Desktop\RRT.exe auto) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{C22BC99B-EA56-4169-94E3-88063D48F021} : NameServer (212.93.97.145 212.93.96.2) -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (1) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (1) -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKCU\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : FIREWALLDISABLENOTIFY (1) -> FOUND
[HJ] HKLM\[...]\Security Center : UPDATESDISABLENOTIFY (1) -> FOUND


Now click Delete on the right hand column under Options
-------------
Next click on the DNS tab and put a check next to these and uncheck the rest. (if found)

[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{C22BC99B-EA56-4169-94E3-88063D48F021} : NameServer (212.93.97.145 212.93.96.2) -> FOUND


Now click Fix DNS on the right hand column under Options
-------------
Next click on the Processes tab and put a check next to these and uncheck the rest. (if found)

[SUSP PATH] UnsignedThemesSvc.exe -- C:\WINDOWS\UnsignedThemesSvc.exe -> KILLED [TermProc]


Now click Delete on the right hand column under Options

Reboot and let me know.....MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#19 aigars

aigars

    New Member

  • Members
  • Pip
  • 22 posts

Posted 04 October 2012 - 07:30 PM

it is same i now think that it is not fixable :D

#20 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,137 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 04 October 2012 - 07:44 PM

That's it? You don't want to do anything else? MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users