Jump to content

Something is blocking access to microsoft.com and malwarebytes.org


Recommended Posts

Hello beeeans! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Please uninstall this application: µTorrent

Step 2

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Thank you. Here is what you asked for:

ComboFix 12-08-08.01 - Morris Brown 08/08/2012 20:45:09.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.511.49 [GMT 1:00]

Running from: c:\documents and settings\Morris Brown\Desktop\hg.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\18145076

c:\documents and settings\Morris Brown\Application Data\Microsoft\~DFK6c2a8cbe.tmp

c:\documents and settings\Morris Brown\Application Data\Microsoft\1eaadjc.dll

c:\documents and settings\Morris Brown\Application Data\Microsoft\bass.dll

c:\documents and settings\Morris Brown\Application Data\Microsoft\kfgresk.dll

c:\documents and settings\Morris Brown\Application Data\Microsoft\mjcriu.dll

c:\documents and settings\Morris Brown\Application Data\Microsoft\peaadje.dll

c:\documents and settings\Morris Brown\Application Data\Microsoft\qwadjb.dll

c:\documents and settings\Morris Brown\Application Data\Microsoft\rsaadjd.dll

c:\documents and settings\Morris Brown\Local Settings\Application Data\cxbonlgs.log

c:\documents and settings\Morris Brown\Local Settings\Application Data\dhtsofmj.log

c:\documents and settings\Morris Brown\Local Settings\Application Data\fdkmbeqm.log

c:\documents and settings\Morris Brown\Local Settings\Application Data\hiojrqal\plgvcqjy.exe

c:\documents and settings\Morris Brown\Local Settings\Application Data\jodcgnqk.log

c:\documents and settings\Morris Brown\Local Settings\Application Data\mrvnjpkp.log

c:\documents and settings\Morris Brown\Local Settings\Application Data\qrsoupev.log

c:\documents and settings\Morris Brown\Local Settings\Application Data\riacqmis.log

c:\documents and settings\Morris Brown\Local Settings\Application Data\seesqqyg.log

c:\documents and settings\Morris Brown\Local Settings\Application Data\vbnjaiun.log

c:\documents and settings\Morris Brown\My Documents\~WRL0410.tmp

c:\documents and settings\Morris Brown\My Documents\~WRL1950.tmp

c:\documents and settings\Morris Brown\My Documents\~WRL2968.tmp

c:\documents and settings\Morris Brown\My Documents\~WRL3456.tmp

c:\windows\EventSystem.log

c:\windows\help\wmplayer.bak

c:\windows\system32\dllcache\wmpvis.dll

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\system32\Thumbs.db

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_MICORSOFT_WINDOWS_SERVICE

-------\Service_Micorsoft Windows Service

.

.

((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 )))))))))))))))))))))))))))))))

.

.

2012-08-08 19:21 . 2012-08-08 19:21 -------- d-----w- c:\windows\system32\wbem\Repository

2012-08-07 21:50 . 2012-08-08 00:10 24064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-07-31 23:16 . 2012-07-31 23:16 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2012-07-29 16:18 . 2012-08-08 20:14 -------- d-----w- c:\documents and settings\Morris Brown\Local Settings\Application Data\hiojrqal

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-05 11:17 . 2012-04-28 19:56 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-05 11:17 . 2011-06-15 12:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-03 12:46 . 2011-09-25 19:54 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-28 19:23 . 2012-04-28 19:47 476976 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-06-28 19:23 . 2010-04-23 18:27 472880 ----a-w- c:\windows\system32\deployJava1.dll

2012-06-28 17:50 . 2012-04-28 19:47 73728 ----a-w- c:\windows\system32\javacpl.cpl

2008-10-17 09:36 . 2008-10-17 09:36 13998 ----a-w- c:\program files\Common Files\anase.vbs

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-07 114688]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-10 339968]

"Hcontrol"="c:\windows\ATK0100\Hcontrol.exe" [2003-09-19 61440]

"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 45056]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 110592]

"HKSERV.EXE"="c:\program files\Sony\HotKey Utility\HKserv.exe" [2004-06-29 122880]

"SonyPowerCfg"="c:\program files\sony\vaio power management\SPMgr.exe" [2004-06-29 180224]

"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2004-01-19 290816]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="c:\windows\system32\userinit.exe,,c:\documents and settings\Morris Brown\Local Settings\Application Data\hiojrqal\plgvcqjy.exe"

.

[HKLM\~\startupfolder\C:^Documents and Settings^Morris Brown^Start Menu^Programs^Startup^LimeWire On Startup.lnk]

path=c:\documents and settings\Morris Brown\Start Menu\Programs\Startup\LimeWire On Startup.lnk

backup=c:\windows\pss\LimeWire On Startup.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

.

R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [18/08/2004 17:53 118877]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [25/09/2011 20:54 22344]

R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [30/10/2002 16:10 71961]

R4 Micorsoft Windows Service;Micorsoft Windows Service;\??\c:\docume~1\MICHAE~1\LOCALS~1\Temp\wahdfnco.sys --> c:\docume~1\MICHAE~1\LOCALS~1\Temp\wahdfnco.sys [?]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [17/10/2008 11:07 655944]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [07/08/2012 22:50 24064]

S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM --> c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM [?]

S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MICORSOFT_WINDOWS_SERVICE

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uDefault_Search_URL =

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html

IE: Backward &Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cac&hed Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Si&milar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html

Trusted Zone: sony-europe.com

Trusted Zone: sonystyle-europe.com

Trusted Zone: vaio-link.com

TCP: DhcpNameServer = 192.168.0.1

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-PlgVcqjy - c:\documents and settings\Morris Brown\Local Settings\Application Data\hiojrqal\plgvcqjy.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-08 21:13

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(764)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(3072)

c:\windows\system32\ieframe.dll

c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\Ati2evxx.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\sony\vaio entertainment\VzTaskScheduler.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\ICO.EXE

c:\windows\system32\rundll32.exe

c:\windows\ATK0100\ATKOSD.exe

c:\program files\Sony\HotKey Utility\HKWnd.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2012-08-08 21:27:06 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-08 20:26

ComboFix2.txt 2011-05-05 21:54

.

Pre-Run: 2,073,997,312 bytes free

Post-Run: 2,408,624,128 bytes free

.

- - End Of File - - AD4D1E757060622C40F2B552620FE883

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\documents and settings\Morris Brown\Local Settings\Application Data\hiojrqal

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.