Jump to content

your pc protector - shut down malwarebytes


Recommended Posts

This has damn near locked me out of everything. I tried to install new malwarebytes but the exe file is missing. need help. I tried uninstalling malwarebytes but whatever is on the computer won't let me go into the "Add/Remove programs in the control panel". I double click and nothing. I right click and hit open and still nothing.

--------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:41:54 PM, on 2/9/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program Files\Your PC Protector\Your PC Protector.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe

O1 - Hosts: ::1 localhost

O1 - Hosts: ??????????????? browser-security.microsoft.com

O1 - Hosts: ??????????????? antiwareprotect.com

O1 - Hosts: ??????????????? www.antiwareprotect.com

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: ADC PlugIn - {77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02} - C:\Program Files\adc32.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe

O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe

O4 - HKLM\..\Run: [xkbvofui] C:\Documents and Settings\angela\Local Settings\Application Data\ydjpcx\axlosftav.exe

O4 - HKLM\..\Run: [umori] rundll32.exe "C:\WINDOWS\iruyaraqe.dll",Startup

O4 - HKLM\..\Run: [pibovelel] Rundll32.exe "c:\windows\system32\jiponite.dll",a

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU\..\Run: [Xsfva] C:\WINDOWS\??crosoft.NET\c?rss.exe

O4 - HKCU\..\Run: [sen] "C:\Program Files\Outerinfo\OuterinfoUpdate.exe" -vt ndrv

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKCU\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe

O4 - HKCU\..\Run: [xkbvofui] C:\Documents and Settings\angela\Local Settings\Application Data\ydjpcx\axlosftav.exe

O4 - HKCU\..\Run: [internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe

O4 - HKLM\..\Policies\Explorer\Run: [QySTfg0yKZ] C:\WINDOWS\ovqjmrgd.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\crystal\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll

O15 - Trusted Zone: http://*.buy-internetsecurity10.com

O15 - Trusted Zone: http://*.buy-is2010.com

O15 - Trusted Zone: http://*.is-software-download.com

O15 - Trusted Zone: http://*.is-software-download25.com

O15 - Trusted Zone: http://*.is10-soft-download.com

O15 - Trusted Zone: http://*.buy-internetsecurity10.com (HKLM)

O15 - Trusted Zone: http://*.buy-is2010.com (HKLM)

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O20 - AppInit_DLLs: c:\windows\system32\zidopuli.dll kuzokutu.dll c:\windows\system32\jiponite.dll

O20 - Winlogon Notify: efccaax - efccaax.dll (file missing)

O21 - SSODL: tuloyufuz - {9d93cd82-a366-4c56-b941-2be32d532c65} - c:\windows\system32\zidopuli.dll (file missing)

O21 - SSODL: sabuyajer - {e43df755-4df2-430c-8c69-75f99dc4dfe1} - c:\windows\system32\jiponite.dll

O22 - SharedTaskScheduler: kupuhivus - {9d93cd82-a366-4c56-b941-2be32d532c65} - c:\windows\system32\zidopuli.dll (file missing)

O22 - SharedTaskScheduler: tokatiluy - {e43df755-4df2-430c-8c69-75f99dc4dfe1} - c:\windows\system32\jiponite.dll

O23 - Service: Adobe Update Service (AdbUpd) - Unknown owner - C:\Program Files\svchost.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel

Link to post
Share on other sites

Hi themagicianseye, welcome to Malwarebytes :)

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.

1. Go to Start->Run and type in notepad and hit OK.

2. Then copy and paste the content of the following codebox into Notepad:

sc stop AdbUpd

sc delete AdbUpd

del delete.bat

3. Save the file as "delete.bat". Make sure to save it with the quotation marks.

4. Double click delete.bat.

A malicious .DLL file is disrupting the LSP chain on your computer. We need to get rid of it.

  1. Please download LSPFix from here.
  2. Run the LSPFix.exe that you have just finished downloading.
  3. Check the I know what I'm doing box.
  4. In the Keep box you should see one or more instances of helper32.dll.
  5. Select every instance of helper32.dll and move each one to the Remove box by clicking the >> button.
  6. When you are done click Finish>>.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O1 - Hosts: ??????????????? browser-security.microsoft.com

O1 - Hosts: ??????????????? antiwareprotect.com

O1 - Hosts: ??????????????? www.antiwareprotect.com

O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe

O4 - HKLM\..\Run: [xkbvofui] C:\Documents and Settings\angela\Local Settings\Application Data\ydjpcx\axlosftav.exe

O4 - HKLM\..\Run: [umori] rundll32.exe "C:\WINDOWS\iruyaraqe.dll",Startup

O4 - HKLM\..\Run: [pibovelel] Rundll32.exe "c:\windows\system32\jiponite.dll",a

O4 - HKCU\..\Run: [Xsfva] C:\WINDOWS\??crosoft.NET\c?rss.exe

O4 - HKCU\..\Run: [sen] "C:\Program Files\Outerinfo\OuterinfoUpdate.exe" -vt ndrv

O4 - HKCU\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe

O4 - HKCU\..\Run: [xkbvofui] C:\Documents and Settings\angela\Local Settings\Application Data\ydjpcx\axlosftav.exe

O4 - HKCU\..\Run: [internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe

O4 - HKLM\..\Policies\Explorer\Run: [QySTfg0yKZ] C:\WINDOWS\ovqjmrgd.exe

O15 - Trusted Zone: http://*.buy-internetsecurity10.com

O15 - Trusted Zone: http://*.buy-is2010.com

O15 - Trusted Zone: http://*.is-software-download.com

O15 - Trusted Zone: http://*.is-software-download25.com

O15 - Trusted Zone: http://*.is10-soft-download.com

O15 - Trusted Zone: http://*.buy-internetsecurity10.com (HKLM)

O15 - Trusted Zone: http://*.buy-is2010.com (HKLM)

O20 - AppInit_DLLs: c:\windows\system32\zidopuli.dll kuzokutu.dll c:\windows\system32\jiponite.dll

O20 - Winlogon Notify: efccaax - efccaax.dll (file missing)

O21 - SSODL: tuloyufuz - {9d93cd82-a366-4c56-b941-2be32d532c65} - c:\windows\system32\zidopuli.dll (file missing)

O21 - SSODL: sabuyajer - {e43df755-4df2-430c-8c69-75f99dc4dfe1} - c:\windows\system32\jiponite.dll

O22 - SharedTaskScheduler: kupuhivus - {9d93cd82-a366-4c56-b941-2be32d532c65} - c:\windows\system32\zidopuli.dll (file missing)

O22 - SharedTaskScheduler: tokatiluy - {e43df755-4df2-430c-8c69-75f99dc4dfe1} - c:\windows\system32\jiponite.dll

O23 - Service: Adobe Update Service (AdbUpd) - Unknown owner - C:\Program Files\svchost.exe

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

After that, Reboot

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the "C:\Combo-Fix.txt" for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.