Have downloaded Malware but virus is blocking access to it

Solved
By gill12
Feb 26, 2011
Topic Status:
Not open for further replies.
  1. gill12

    gill12 Newcomer, in training Topic Starter Posts: 44

    I Installed Avira av. Should I stick with this or rei-nstall McAfee? McAffee didn't protect my computer from all those viruses.
    Updated Java and deleted old stuff.

    This is the OTL log.

    All processes killed
    ========== OTL ==========
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    HKU\S-1-5-21-842925246-1450960922-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-842925246-1450960922-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\HUAWEI 3G Data Card MTS deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-842925246-1450960922-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-842925246-1450960922-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Search Protection deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08E730A4-FB02-45BD-A900-01E4AD8016F6}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08E730A4-FB02-45BD-A900-01E4AD8016F6}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    File/Folder C:\WINDOWS\System32\*.tmp not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->FireFox cache emptied: 3458729 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 65748 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Owner
    ->Temp folder emptied: 211309 bytes
    ->Temporary Internet Files folder emptied: 441029 bytes
    ->Java cache emptied: 1957 bytes
    ->FireFox cache emptied: 70541201 bytes
    ->Flash cache emptied: 6146 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 49635 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 159757 bytes

    Total Files Cleaned = 72.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    User: Owner
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 03112011_005251

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
  2. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Avira is perfectly fine.
    Go on....
  3. gill12

    gill12 Newcomer, in training Topic Starter Posts: 44

    Security Check Log


    Results of screen317's Security Check version 0.99.7
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Avira AntiVir Personal - Free Antivirus
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 13
    Out of date Java installed!
    Adobe Flash Player 10.0.32.18
    Adobe Reader 8.2.5
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.13)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    ``````````End of Log````````````
  4. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Update Firefox to the latest 3.6.15 version.

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
  5. gill12

    gill12 Newcomer, in training Topic Starter Posts: 44

    Hi, this is the eset log. i have update firefox and adobe.

    C:\System Volume Information\_restore{34130FAD-3971-4D5D-B5A4-25B10BB91037}\RP908\A0560881.exe a variant of Win32/Adware.CiDHelp application
  6. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    The above finding is located in one of your restore point, which we're about to reset.


    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
  7. gill12

    gill12 Newcomer, in training Topic Starter Posts: 44

    Hi,

    posting log for OTL

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 82400 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 582082 bytes

    User: Owner
    ->Temp folder emptied: 73909406 bytes
    ->Temporary Internet Files folder emptied: 928438 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 42616842 bytes
    ->Flash cache emptied: 4714 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 180707 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 113.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    User: Owner
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.22.3 log created on 03162011_202450

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
  8. gill12

    gill12 Newcomer, in training Topic Starter Posts: 44

    Hi,

    posting log for OTL

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 82400 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 582082 bytes

    User: Owner
    ->Temp folder emptied: 73909406 bytes
    ->Temporary Internet Files folder emptied: 928438 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 42616842 bytes
    ->Flash cache emptied: 4714 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 180707 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 113.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    User: Owner
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.22.3 log created on 03162011_202450

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
  9. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Whenever ready....
  10. gill12

    gill12 Newcomer, in training Topic Starter Posts: 44

    Hi,
    computer has been working fine, except the past few week it kept being slowed down by 'scripts running' but that seems to have stopped now.
    Also, kept getting windows security message saying computer was not protected: Avira was switching on and off. I have manually updated Avira and that message has gone. Have also run Malware and downloaded the other things you said. Everything seems fine now.
  11. gill12

    gill12 Newcomer, in training Topic Starter Posts: 44

    I meant the past few days.
     
  12. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Cool [​IMG]
    Good luck and stay safe :)
  13. gill12

    gill12 Newcomer, in training Topic Starter Posts: 44

    Thanks very much, I really appreciate your help.

    I am posting an Avira log because I got another Trojan today. Does it end? I get loads of spam mails so maybe that's the source. I am going to study your link on 'how did i get infected'.




    Avira AntiVir Personal
    Report file date: 17 March 2011 10:45

    Scanning for 2497697 virus strains and unwanted programs.

    The program is running as an unrestricted full version.
    Online services are available:

    Licensee : Avira AntiVir Personal - FREE Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows XP
    Windows version : (Service Pack 3) [5.1.2600]
    Boot mode : Normally booted
    Username : SYSTEM
    Computer name : OWNER-D61B4598E

    Version information:
    BUILD.DAT : 10.0.0.635 31822 Bytes 07/03/2011 12:15:00
    AVSCAN.EXE : 10.0.3.5 435368 Bytes 10/01/2011 14:23:31
    AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2010 12:57:04
    LUKE.DLL : 10.0.3.2 104296 Bytes 10/01/2011 14:23:40
    LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 23:40:49
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 09:05:36
    VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 14:23:50
    VBASE002.VDF : 7.11.3.0 1950720 Bytes 09/02/2011 00:08:03
    VBASE003.VDF : 7.11.3.1 2048 Bytes 09/02/2011 00:08:03
    VBASE004.VDF : 7.11.3.2 2048 Bytes 09/02/2011 00:08:03
    VBASE005.VDF : 7.11.3.3 2048 Bytes 09/02/2011 00:08:03
    VBASE006.VDF : 7.11.3.4 2048 Bytes 09/02/2011 00:08:03
    VBASE007.VDF : 7.11.3.5 2048 Bytes 09/02/2011 00:08:03
    VBASE008.VDF : 7.11.3.6 2048 Bytes 09/02/2011 00:08:03
    VBASE009.VDF : 7.11.3.7 2048 Bytes 09/02/2011 00:08:04
    VBASE010.VDF : 7.11.3.8 2048 Bytes 09/02/2011 00:08:04
    VBASE011.VDF : 7.11.3.9 2048 Bytes 09/02/2011 00:08:04
    VBASE012.VDF : 7.11.3.10 2048 Bytes 09/02/2011 00:08:04
    VBASE013.VDF : 7.11.3.59 157184 Bytes 14/02/2011 00:08:05
    VBASE014.VDF : 7.11.3.97 120320 Bytes 16/02/2011 00:08:05
    VBASE015.VDF : 7.11.3.148 128000 Bytes 19/02/2011 00:08:05
    VBASE016.VDF : 7.11.3.183 140288 Bytes 22/02/2011 00:08:06
    VBASE017.VDF : 7.11.3.216 124416 Bytes 24/02/2011 00:08:06
    VBASE018.VDF : 7.11.3.251 159232 Bytes 28/02/2011 00:08:06
    VBASE019.VDF : 7.11.4.33 148992 Bytes 02/03/2011 00:08:07
    VBASE020.VDF : 7.11.4.73 150016 Bytes 06/03/2011 00:08:07
    VBASE021.VDF : 7.11.4.108 122880 Bytes 08/03/2011 00:08:07
    VBASE022.VDF : 7.11.4.150 133120 Bytes 10/03/2011 00:08:08
    VBASE023.VDF : 7.11.4.183 122368 Bytes 14/03/2011 21:27:08
    VBASE024.VDF : 7.11.4.228 123392 Bytes 16/03/2011 21:27:10
    VBASE025.VDF : 7.11.4.229 2048 Bytes 16/03/2011 21:27:10
    VBASE026.VDF : 7.11.4.230 2048 Bytes 16/03/2011 21:27:10
    VBASE027.VDF : 7.11.4.231 2048 Bytes 16/03/2011 21:27:10
    VBASE028.VDF : 7.11.4.232 2048 Bytes 16/03/2011 21:27:11
    VBASE029.VDF : 7.11.4.233 2048 Bytes 16/03/2011 21:27:11
    VBASE030.VDF : 7.11.4.234 2048 Bytes 16/03/2011 21:27:11
    VBASE031.VDF : 7.11.4.235 2048 Bytes 16/03/2011 21:27:11
    Engineversion : 8.2.4.186
    AEVDF.DLL : 8.1.2.1 106868 Bytes 10/01/2011 14:23:26
    AESCRIPT.DLL : 8.1.3.56 1261945 Bytes 11/03/2011 00:08:16
    AESCN.DLL : 8.1.7.2 127349 Bytes 10/01/2011 14:23:26
    AESBX.DLL : 8.1.3.2 254324 Bytes 10/01/2011 14:23:26
    AERDL.DLL : 8.1.9.8 639346 Bytes 16/03/2011 21:27:22
    AEPACK.DLL : 8.2.4.12 520567 Bytes 16/03/2011 21:27:20
    AEOFFICE.DLL : 8.1.1.17 205177 Bytes 11/03/2011 00:08:15
    AEHEUR.DLL : 8.1.2.86 3350903 Bytes 16/03/2011 21:27:18
    AEHELP.DLL : 8.1.16.1 246134 Bytes 11/03/2011 00:08:11
    AEGEN.DLL : 8.1.5.2 397683 Bytes 11/03/2011 00:08:11
    AEEMU.DLL : 8.1.3.0 393589 Bytes 10/01/2011 14:23:18
    AECORE.DLL : 8.1.19.2 196983 Bytes 11/03/2011 00:08:10
    AEBB.DLL : 8.1.1.0 53618 Bytes 10/01/2011 14:23:18
    AVWINLL.DLL : 10.0.0.0 19304 Bytes 10/01/2011 14:23:32
    AVPREF.DLL : 10.0.0.0 44904 Bytes 10/01/2011 14:23:30
    AVREP.DLL : 10.0.0.8 62209 Bytes 17/06/2010 14:27:13
    AVREG.DLL : 10.0.3.2 53096 Bytes 10/01/2011 14:23:31
    AVSCPLR.DLL : 10.0.3.2 84328 Bytes 10/01/2011 14:23:31
    AVARKT.DLL : 10.0.22.6 231784 Bytes 10/01/2011 14:23:27
    AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 10/01/2011 14:23:28
    SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 14:27:22
    AVSMTP.DLL : 10.0.0.17 63848 Bytes 10/01/2011 14:23:31
    NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 14:27:21
    RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 13:10:20
    RCTEXT.DLL : 10.0.58.0 97128 Bytes 10/01/2011 14:23:52

    Configuration settings for the scan:
    Jobname.............................: avguard_async_scan
    Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_4dec4102\guard_slideup.avp
    Logging.............................: low
    Primary action......................: interactive
    Secondary action....................: quarantine
    Scan master boot sector.............: on
    Scan boot sector....................: off
    Process scan........................: on
    Scan registry.......................: off
    Search for rootkits.................: off
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: high

    Start of the scan: 17 March 2011 10:45

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'NclRSSrv.exe' - '1' Module(s) have been scanned
    Scan process 'NclUSBSrv.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avshadow.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sua.exe' - '1' Module(s) have been scanned
    Scan process 'PSIA.exe' - '1' Module(s) have been scanned
    Scan process 'PSI_TRAY.exe' - '1' Module(s) have been scanned
    Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'PresentationFontCache.exe' - '1' Module(s) have been scanned
    Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned
    Scan process 'iPodService.exe' - '1' Module(s) have been scanned
    Scan process 'YahooAUService.exe' - '1' Module(s) have been scanned
    Scan process 'TosBtSrv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
    Scan process 'jqs.exe' - '1' Module(s) have been scanned
    Scan process 'FsUsbExService.Exe' - '1' Module(s) have been scanned
    Scan process 'DVDRAMSV.exe' - '1' Module(s) have been scanned
    Scan process 'dgdersvc.exe' - '1' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'RAMASST.exe' - '1' Module(s) have been scanned
    Scan process 'KiesTrayAgent.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
    Scan process 'OneTouchMon.exe' - '1' Module(s) have been scanned
    Scan process 'psqltray.exe' - '1' Module(s) have been scanned
    Scan process 'realsched.exe' - '1' Module(s) have been scanned
    Scan process 'lxbkbmon.exe' - '1' Module(s) have been scanned
    Scan process 'lxbkbmgr.exe' - '1' Module(s) have been scanned
    Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
    Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
    Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
    Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
    Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned

    Starting the file scan:

    Begin scan in 'C:\WINDOWS\system32\msible.dll'
    C:\WINDOWS\system32\msible.dll
    [DETECTION] Is the TR/Agent.horo.5 Trojan

    Beginning disinfection:
    C:\WINDOWS\system32\msible.dll
    [DETECTION] Is the TR/Agent.horo.5 Trojan
    [NOTE] The registration entry <HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\LibraryPath> was removed successfully.
    [NOTE] The file was moved to the quarantine directory under the name '575b6666.qua'.


    End of the scan: 17 March 2011 10:46
    Used time: 00:02 Minute(s)

    The scan has been done completely.

    0 Scanned directories
    59 Files were scanned
    1 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    1 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    58 Files not concerned
    0 Archives were scanned
    0 Warnings
    1 Notes


    The scan results will be transferred to the Guard.
  14. gill12

    gill12 Newcomer, in training Topic Starter Posts: 44

    Hi, me again.

    I can't access the internet now on that computer: my windows wireless configuration file has gone and am unable to set up a wireless connection. Probably something to do with that last Trojan and the quarantined file? HELP
  15. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Please download MiniToolBox and run it.

    Checkmark following boxes:
    • Report IE Proxy Settings
    • List content of Hosts
    • List IP configuration
    Click Go and post the result.
  16. gill12

    gill12 Newcomer, in training Topic Starter Posts: 44

    MiniToolBox by Farbar
    Ran by Owner at 2011-03-17 23:12:07
    Microsoft Windows XP Service Pack 3 (X86)

    ***************************************************************************


    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.

    ========================= End of IE Proxy Settings ========================
    =============== Hosts content: ============================================

    127.0.0.1 localhost

    =============== End of Hosts ==============================================

    ================= IP Configuration: ======================================= Initialization Function InitHelperDll in IPMONTR.DLL failed to start with error code 11003


    # ----------------------------------
    # Interface IP Configuration
    # ----------------------------------
    pushd interface ip


    # Interface IP Configuration for "Local Area Connection"

    set address name="Local Area Connection" source=dhcp
    set dns name="Local Area Connection" source=dhcp register=PRIMARY
    set wins name="Local Area Connection" source=dhcp

    # Interface IP Configuration for "Wireless Network Connection"

    set address name="Wireless Network Connection" source=dhcp
    set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
    set wins name="Wireless Network Connection" source=dhcp


    popd
    # End of interface IP configuration




    Windows IP Configuration



    Host Name . . . . . . . . . . . . : owner-d61b4598e

    Primary Dns Suffix . . . . . . . :

    Node Type . . . . . . . . . . . . : Unknown

    IP Routing Enabled. . . . . . . . : No

    WINS Proxy Enabled. . . . . . . . : No



    Ethernet adapter Local Area Connection:



    Media State . . . . . . . . . . . : Media disconnected

    Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection

    Physical Address. . . . . . . . . : 00-0E-7B-37-1C-97



    Ethernet adapter Wireless Network Connection:



    Connection-specific DNS Suffix . : Home

    Description . . . . . . . . . . . : Intel(R) PRO/Wireless 3945ABG Network Connection

    Physical Address. . . . . . . . . : 00-13-02-CC-CF-4D

    Dhcp Enabled. . . . . . . . . . . : Yes

    Autoconfiguration Enabled . . . . : Yes

    IP Address. . . . . . . . . . . . : 0.0.0.0

    Subnet Mask . . . . . . . . . . . : 0.0.0.0

    Default Gateway . . . . . . . . . :

    DHCP Server . . . . . . . . . . . : 0.0.0.0

    DNS Servers . . . . . . . . . . . : 0.0.0.0

    Server: UnKnown
    Address: (null)

    Unable to initialize Windows Sockets interface, error code 0.

    Server: UnKnown
    Address: (null)

    Unable to initialize Windows Sockets interface, error code 0.

    Unable to initialize Windows Sockets interface, error code 0.

    ===========================================================================
    Interface List
    0x1 ........................... MS TCP Loopback interface
    0x2 ...00 0e 7b 37 1c 97 ...... Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
    0x40003 ...00 13 02 cc cf 4d ...... Intel(R) PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
    ===========================================================================
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    ===========================================================================
    Persistent Routes:
    None

    ================= End of IP Configuration =================================
  17. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Yeah, your connection settings are totally messed up.

    Can you check, if you can connect, if you hardwire your computer to the router, using ethernet cable?
    Any other computers on the same router? No problems there?
  18. gill12

    gill12 Newcomer, in training Topic Starter Posts: 44

    It doesn't work with the cable either. My other computer can access internet on the same wireless system.

    On the bad computer I cannot access any of the wireless options, although a a local, free service is showing up but with poor connectivity.
    Windows says 'cannot configure this wireless connection. If you have enabled another program to to manage wireless connection, use that software. '[
  19. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Try some basic steps...

    Make sure, your computer is set to obtain IP address automatically.
    1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
    2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
    3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
    4. For a wired network connection, right-click Local Area Connection, and then select Properties.
    For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
    5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol (TCP/IP), make sure it is checked, and then click Properties
    6. Click Obtain an IP Address Automatically, and then click OK.

    If that doesn't work...
    Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
    Reconnect everything.
    Restart computer.

    If that doesn't work, bypass router, and connect computer straight to the modem.

    If that doesn't work...
    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client"
    net start "dns client"


    Restart computer.

    If that doesn't work...
    Go Start>Run (Start search in Vista and 7), type in:
    cmd
    Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

    At Command Prompt, type in:
    netsh int ip reset reset.log
    Hit Enter.
    Type in:
    netsh winsock reset catalog
    Hit Enter.

    Restart computer.


    If that doesn't work...
    Download, install, and run WinSockFix: http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml (doesn't work in Vista and 7)
    Restart computer, and check again.

    If that doesn't work...
    Download Dial-A-Fix (DAF) (doesn't work in Vista and 7):
    http://wiki.lunarsoft.net/wiki/Dial-a-fix#Mirrors.2Fdownload_locations.2C_and_articles

    Have XP CD available in case DAF needs a file. Likely not!

    Check all boxes on the screen (clear any restrictions if it shows any)
    Then click GO!

    When the entire page is finished click the HammerHead at bottom to go to the second DAF page.

    Here, one at a time, do the below:

    Reinstall BITS
    Reinstall Windows Firewall
    Repair Permissions
    Reset networking

    Watch for any File not found or other errors and make note as this may lead to the fix!

    Restart computer.
  20. gill12

    gill12 Newcomer, in training Topic Starter Posts: 44

    i will do this now, but just wondered if reinstating the quarantined file from this morning might fix things (except the virus).
  21. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    No, that file looks suspicious.
    It may be simply a coincidence between Avast finding a trojan and your lost connection.
    We'll see.
  22. gill12

    gill12 Newcomer, in training Topic Starter Posts: 44

    At ipconfig /registerdns, the message said failed: RPC server unavailable.
    Shall I carry on at cmd
  23. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Yeah, whatever doesn't work, skip it and go to next step.
  24. gill12

    gill12 Newcomer, in training Topic Starter Posts: 44

    All fixed with WinsockFix. Back in business.
    Thank you, thank you, thank you.
  25. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Wonderful :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.