Solved Have downloaded Malware but virus is blocking access to it

[gill12]

I Installed Avira av. Should I stick with this or rei-nstall McAfee? McAffee didn't protect my computer from all those viruses.
Updated Java and deleted old stuff.

This is the OTL log.

All processes killed
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-842925246-1450960922-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_USERS\S-1-5-21-842925246-1450960922-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\HUAWEI 3G Data Card MTS deleted successfully.
Registry value HKEY_USERS\S-1-5-21-842925246-1450960922-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM deleted successfully.
Registry value HKEY_USERS\S-1-5-21-842925246-1450960922-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Search Protection deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08E730A4-FB02-45BD-A900-01E4AD8016F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08E730A4-FB02-45BD-A900-01E4AD8016F6}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 3458729 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 211309 bytes
->Temporary Internet Files folder emptied: 441029 bytes
->Java cache emptied: 1957 bytes
->FireFox cache emptied: 70541201 bytes
->Flash cache emptied: 6146 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49635 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 159757 bytes

Total Files Cleaned = 72.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03112011_005251

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

[Broni]

Avira is perfectly fine.
Go on....

 

[gill12]

Security Check Log


Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 13
Out of date Java installed!
Adobe Flash Player 10.0.32.18
Adobe Reader 8.2.5
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.13)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

 

[Broni]

Update Firefox to the latest 3.6.15 version.

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

 

[gill12]

Hi, this is the eset log. i have update firefox and adobe.

C:\System Volume Information\_restore{34130FAD-3971-4D5D-B5A4-25B10BB91037}\RP908\A0560881.exe a variant of Win32/Adware.CiDHelp application

 

[Broni]

The above finding is located in one of your restore point, which we're about to reset.


Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

 

[gill12]

Hi,

posting log for OTL

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 82400 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 582082 bytes

User: Owner
->Temp folder emptied: 73909406 bytes
->Temporary Internet Files folder emptied: 928438 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42616842 bytes
->Flash cache emptied: 4714 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 180707 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 113.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.22.3 log created on 03162011_202450

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

[gill12]

Hi,

posting log for OTL

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 82400 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 582082 bytes

User: Owner
->Temp folder emptied: 73909406 bytes
->Temporary Internet Files folder emptied: 928438 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42616842 bytes
->Flash cache emptied: 4714 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 180707 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 113.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.22.3 log created on 03162011_202450

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

[Broni]

12. Please, let me know, how your computer is doing.

Whenever ready....

 

[gill12]

Hi,
computer has been working fine, except the past few week it kept being slowed down by 'scripts running' but that seems to have stopped now.
Also, kept getting windows security message saying computer was not protected: Avira was switching on and off. I have manually updated Avira and that message has gone. Have also run Malware and downloaded the other things you said. Everything seems fine now.

 

[gill12]

I meant the past few days.

 

[Broni]

Cool

Good luck and stay safe

 

[gill12]

Thanks very much, I really appreciate your help.

I am posting an Avira log because I got another Trojan today. Does it end? I get loads of spam mails so maybe that's the source. I am going to study your link on 'how did i get infected'.




Avira AntiVir Personal
Report file date: 17 March 2011 10:45

Scanning for 2497697 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : OWNER-D61B4598E

Version information:
BUILD.DAT : 10.0.0.635 31822 Bytes 07/03/2011 12:15:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 10/01/2011 14:23:31
AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2010 12:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 10/01/2011 14:23:40
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 23:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 09:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 14:23:50
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09/02/2011 00:08:03
VBASE003.VDF : 7.11.3.1 2048 Bytes 09/02/2011 00:08:03
VBASE004.VDF : 7.11.3.2 2048 Bytes 09/02/2011 00:08:03
VBASE005.VDF : 7.11.3.3 2048 Bytes 09/02/2011 00:08:03
VBASE006.VDF : 7.11.3.4 2048 Bytes 09/02/2011 00:08:03
VBASE007.VDF : 7.11.3.5 2048 Bytes 09/02/2011 00:08:03
VBASE008.VDF : 7.11.3.6 2048 Bytes 09/02/2011 00:08:03
VBASE009.VDF : 7.11.3.7 2048 Bytes 09/02/2011 00:08:04
VBASE010.VDF : 7.11.3.8 2048 Bytes 09/02/2011 00:08:04
VBASE011.VDF : 7.11.3.9 2048 Bytes 09/02/2011 00:08:04
VBASE012.VDF : 7.11.3.10 2048 Bytes 09/02/2011 00:08:04
VBASE013.VDF : 7.11.3.59 157184 Bytes 14/02/2011 00:08:05
VBASE014.VDF : 7.11.3.97 120320 Bytes 16/02/2011 00:08:05
VBASE015.VDF : 7.11.3.148 128000 Bytes 19/02/2011 00:08:05
VBASE016.VDF : 7.11.3.183 140288 Bytes 22/02/2011 00:08:06
VBASE017.VDF : 7.11.3.216 124416 Bytes 24/02/2011 00:08:06
VBASE018.VDF : 7.11.3.251 159232 Bytes 28/02/2011 00:08:06
VBASE019.VDF : 7.11.4.33 148992 Bytes 02/03/2011 00:08:07
VBASE020.VDF : 7.11.4.73 150016 Bytes 06/03/2011 00:08:07
VBASE021.VDF : 7.11.4.108 122880 Bytes 08/03/2011 00:08:07
VBASE022.VDF : 7.11.4.150 133120 Bytes 10/03/2011 00:08:08
VBASE023.VDF : 7.11.4.183 122368 Bytes 14/03/2011 21:27:08
VBASE024.VDF : 7.11.4.228 123392 Bytes 16/03/2011 21:27:10
VBASE025.VDF : 7.11.4.229 2048 Bytes 16/03/2011 21:27:10
VBASE026.VDF : 7.11.4.230 2048 Bytes 16/03/2011 21:27:10
VBASE027.VDF : 7.11.4.231 2048 Bytes 16/03/2011 21:27:10
VBASE028.VDF : 7.11.4.232 2048 Bytes 16/03/2011 21:27:11
VBASE029.VDF : 7.11.4.233 2048 Bytes 16/03/2011 21:27:11
VBASE030.VDF : 7.11.4.234 2048 Bytes 16/03/2011 21:27:11
VBASE031.VDF : 7.11.4.235 2048 Bytes 16/03/2011 21:27:11
Engineversion : 8.2.4.186
AEVDF.DLL : 8.1.2.1 106868 Bytes 10/01/2011 14:23:26
AESCRIPT.DLL : 8.1.3.56 1261945 Bytes 11/03/2011 00:08:16
AESCN.DLL : 8.1.7.2 127349 Bytes 10/01/2011 14:23:26
AESBX.DLL : 8.1.3.2 254324 Bytes 10/01/2011 14:23:26
AERDL.DLL : 8.1.9.8 639346 Bytes 16/03/2011 21:27:22
AEPACK.DLL : 8.2.4.12 520567 Bytes 16/03/2011 21:27:20
AEOFFICE.DLL : 8.1.1.17 205177 Bytes 11/03/2011 00:08:15
AEHEUR.DLL : 8.1.2.86 3350903 Bytes 16/03/2011 21:27:18
AEHELP.DLL : 8.1.16.1 246134 Bytes 11/03/2011 00:08:11
AEGEN.DLL : 8.1.5.2 397683 Bytes 11/03/2011 00:08:11
AEEMU.DLL : 8.1.3.0 393589 Bytes 10/01/2011 14:23:18
AECORE.DLL : 8.1.19.2 196983 Bytes 11/03/2011 00:08:10
AEBB.DLL : 8.1.1.0 53618 Bytes 10/01/2011 14:23:18
AVWINLL.DLL : 10.0.0.0 19304 Bytes 10/01/2011 14:23:32
AVPREF.DLL : 10.0.0.0 44904 Bytes 10/01/2011 14:23:30
AVREP.DLL : 10.0.0.8 62209 Bytes 17/06/2010 14:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 10/01/2011 14:23:31
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 10/01/2011 14:23:31
AVARKT.DLL : 10.0.22.6 231784 Bytes 10/01/2011 14:23:27
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 10/01/2011 14:23:28
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 14:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 10/01/2011 14:23:31
NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 14:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 13:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 10/01/2011 14:23:52

Configuration settings for the scan:
Jobname.............................: avguard_async_scan
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_4dec4102\guard_slideup.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: high

Start of the scan: 17 March 2011 10:45

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'NclRSSrv.exe' - '1' Module(s) have been scanned
Scan process 'NclUSBSrv.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sua.exe' - '1' Module(s) have been scanned
Scan process 'PSIA.exe' - '1' Module(s) have been scanned
Scan process 'PSI_TRAY.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'PresentationFontCache.exe' - '1' Module(s) have been scanned
Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '1' Module(s) have been scanned
Scan process 'TosBtSrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'FsUsbExService.Exe' - '1' Module(s) have been scanned
Scan process 'DVDRAMSV.exe' - '1' Module(s) have been scanned
Scan process 'dgdersvc.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'RAMASST.exe' - '1' Module(s) have been scanned
Scan process 'KiesTrayAgent.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'OneTouchMon.exe' - '1' Module(s) have been scanned
Scan process 'psqltray.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'lxbkbmon.exe' - '1' Module(s) have been scanned
Scan process 'lxbkbmgr.exe' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\WINDOWS\system32\msible.dll'
C:\WINDOWS\system32\msible.dll
[DETECTION] Is the TR/Agent.horo.5 Trojan

Beginning disinfection:
C:\WINDOWS\system32\msible.dll
[DETECTION] Is the TR/Agent.horo.5 Trojan
[NOTE] The registration entry <HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\LibraryPath> was removed successfully.
[NOTE] The file was moved to the quarantine directory under the name '575b6666.qua'.


End of the scan: 17 March 2011 10:46
Used time: 00:02 Minute(s)

The scan has been done completely.

0 Scanned directories
59 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
58 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes


The scan results will be transferred to the Guard.

 

[gill12]

Hi, me again.

I can't access the internet now on that computer: my windows wireless configuration file has gone and am unable to set up a wireless connection. Probably something to do with that last Trojan and the quarantined file? HELP

 

[Broni]

Please download MiniToolBox and run it.

Checkmark following boxes:

• Report IE Proxy Settings
• List content of Hosts
• List IP configuration

Click Go and post the result.

 

[gill12]

MiniToolBox by Farbar
Ran by Owner at 2011-03-17 23:12:07
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= End of IE Proxy Settings ========================
=============== Hosts content: ============================================

127.0.0.1 localhost

=============== End of Hosts ==============================================

================= IP Configuration: ======================================= Initialization Function InitHelperDll in IPMONTR.DLL failed to start with error code 11003


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : owner-d61b4598e

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-0E-7B-37-1C-97



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : Home

Description . . . . . . . . . . . : Intel(R) PRO/Wireless 3945ABG Network Connection

Physical Address. . . . . . . . . : 00-13-02-CC-CF-4D

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 0.0.0.0

Subnet Mask . . . . . . . . . . . : 0.0.0.0

Default Gateway . . . . . . . . . :

DHCP Server . . . . . . . . . . . : 0.0.0.0

DNS Servers . . . . . . . . . . . : 0.0.0.0

Server: UnKnown
Address: (null)

Unable to initialize Windows Sockets interface, error code 0.

Server: UnKnown
Address: (null)

Unable to initialize Windows Sockets interface, error code 0.

Unable to initialize Windows Sockets interface, error code 0.

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0e 7b 37 1c 97 ...... Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
0x40003 ...00 13 02 cc cf 4d ...... Intel(R) PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
===========================================================================
Persistent Routes:
None

================= End of IP Configuration =================================

 

[Broni]

Yeah, your connection settings are totally messed up.

Can you check, if you can connect, if you hardwire your computer to the router, using ethernet cable?
Any other computers on the same router? No problems there?

 

[gill12]

It doesn't work with the cable either. My other computer can access internet on the same wireless system.

On the bad computer I cannot access any of the wireless options, although a a local, free service is showing up but with poor connectivity.
Windows says 'cannot configure this wireless connection. If you have enabled another program to to manage wireless connection, use that software. '[

 

[Broni]

Try some basic steps...

Make sure, your computer is set to obtain IP address automatically.
1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
4. For a wired network connection, right-click Local Area Connection, and then select Properties.
For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol (TCP/IP), make sure it is checked, and then click Properties
6. Click Obtain an IP Address Automatically, and then click OK.

If that doesn't work...
Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
Reconnect everything.
Restart computer.

If that doesn't work, bypass router, and connect computer straight to the modem.

If that doesn't work...
Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Restart computer.

If that doesn't work...
Go Start>Run (Start search in Vista and 7), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.

Restart computer.


If that doesn't work...
Download, install, and run WinSockFix: http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml (doesn't work in Vista and 7)
Restart computer, and check again.

If that doesn't work...
Download Dial-A-Fix (DAF) (doesn't work in Vista and 7):
http://wiki.lunarsoft.net/wiki/Dial-a-fix#Mirrors.2Fdownload_locations.2C_and_articles

Have XP CD available in case DAF needs a file. Likely not!

Check all boxes on the screen (clear any restrictions if it shows any)
Then click GO!

When the entire page is finished click the HammerHead at bottom to go to the second DAF page.

Here, one at a time, do the below:

Reinstall BITS
Reinstall Windows Firewall
Repair Permissions
Reset networking

Watch for any File not found or other errors and make note as this may lead to the fix!

Restart computer.

 

[gill12]

i will do this now, but just wondered if reinstating the quarantined file from this morning might fix things (except the virus).

 

[Broni]

No, that file looks suspicious.
It may be simply a coincidence between Avast finding a trojan and your lost connection.
We'll see.

 

[gill12]

At ipconfig /registerdns, the message said failed: RPC server unavailable.
Shall I carry on at cmd

 

[Broni]

Yeah, whatever doesn't work, skip it and go to next step.

 

[gill12]

All fixed with WinsockFix. Back in business.
Thank you, thank you, thank you.

 

[Broni]

Wonderful