Avast WEBforum

Other => Viruses and worms => Topic started by: BryWY on May 07, 2013, 10:16:57 PM

Title: Security cannot change update settings
Post by: BryWY on May 07, 2013, 10:16:57 PM

I keep getting the message pop up that says threat has been detected I have run superanti spyware malware bytes and avast boot scan still cannot get rid of annoying popup
Modify message  I have resoled this issue but still have problem as stated in subject line...also malware bytes is still blocking some websites.
Title: Re: Security cannot change update settings
Post by: BryWY on May 07, 2013, 10:17:24 PM
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : admin [Admin rights]
Mode : Remove -- Date : 05/07/2013 15:04:15
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][JUNCTION] C:\WINDOWS\$NtUninstallKB14045$ >> \systemroot\system32\config --> REMOVED
[Del.Parent][FILE] @ : C:\WINDOWS\$NtUninstallKB14045$\267270451\@ [-] --> REMOVED
[Del.Parent][FILE] Desktop.ini : C:\WINDOWS\$NtUninstallKB14045$\267270451\Desktop.ini [-] --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\WINDOWS\$NtUninstallKB14045$\267270451\L\00000004.@ [-] --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\WINDOWS\$NtUninstallKB14045$\267270451\L\201d3dde [-] --> REMOVED
[Del.Parent][FILE] 76603ac3 : C:\WINDOWS\$NtUninstallKB14045$\267270451\L\76603ac3 [-] --> REMOVED
[Del.Parent][FILE] hycpmsei : C:\WINDOWS\$NtUninstallKB14045$\267270451\L\hycpmsei [-] --> REMOVED
[Del.Parent][FOLDER] ROOT : C:\WINDOWS\$NtUninstallKB14045$\267270451\L --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\WINDOWS\$NtUninstallKB14045$\267270451\U\00000004.@ [-] --> REMOVED
[Del.Parent][FILE] 00000008.@ : C:\WINDOWS\$NtUninstallKB14045$\267270451\U\00000008.@ [-] --> REMOVED
[Del.Parent][FILE] 000000cb.@ : C:\WINDOWS\$NtUninstallKB14045$\267270451\U\000000cb.@ [-] --> REMOVED
[Del.Parent][FILE] 80000000.@ : C:\WINDOWS\$NtUninstallKB14045$\267270451\U\80000000.@ [-] --> REMOVED
[Del.Parent][FILE] 80000032.@ : C:\WINDOWS\$NtUninstallKB14045$\267270451\U\80000032.@ [-] --> REMOVED
[Del.Parent][FOLDER] ROOT : C:\WINDOWS\$NtUninstallKB14045$\267270451\U --> REMOVED
[Del.Parent][FOLDER] ROOT : C:\WINDOWS\$NtUninstallKB14045$\267270451 --> REMOVED
[Del.Parent][FILE] 3444094802 : C:\WINDOWS\$NtUninstallKB14045$\3444094802 [-] --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\WINDOWS\$NtUninstallKB14045$ --> REMOVED

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600AAJS-00B4A0 +++++
--- User ---
[MBR] b8fbf1b647dd698ef66542620dfe45aa
[BSP] 9b0b75bdc055737b567ed4fdf9e0d6d0 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: General USB Flash Disk USB Device +++++
--- User ---
[MBR] 6b25f36d6c0add261e3e974ab1c93571
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 1910 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[4]_D_05072013_02d1504.txt >>
RKreport[1]_S_05062013_02d1556.txt ; RKreport[2]_SC_05062013_02d2204.txt ; RKreport[3]_S_05072013_02d1501.txt ; RKreport[4]_D_05072013_02d1504.txt



Title: Re: Security cannot change update settings
Post by: Pondus on May 07, 2013, 10:19:55 PM
follow this guide and attach the requested logs...not copy and paste.    http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR


when done the removal experts will be notified


Title: Re: Security cannot change update settings
Post by: BryWY on May 07, 2013, 10:22:35 PM
# AdwCleaner v2.300 - Logfile created 05/07/2013 at 15:22:17
# Updated 28/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : admin - JIM-1DFD1E839CB
# Boot Mode : Normal
# Running from : C:\Documents and Settings\admin\My Documents\downloads\adwcleaner(2).exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\idodiefq.default\searchplugins\Search_Results.xml
File Found : C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Found : C:\END
File Found : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Folder Found : C:\Documents and Settings\admin\Application Data\Funmoods
Folder Found : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\idodiefq.default\jetpack
Folder Found : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\idodiefq.default\Smartbar
Folder Found : C:\Documents and Settings\admin\Local Settings\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\admin\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\All Users\Application Data\APN
Folder Found : C:\Documents and Settings\All Users\Application Data\Ask
Folder Found : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\TornTV.com

***** [Registry] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ConduitSearchScopes
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3291673
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\Software\Tarma Installer
Key Found : HKU\S-1-5-21-725345543-1844237615-2146664213-1004\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKU\S-1-5-21-725345543-1844237615-2146664213-1004\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-725345543-1844237615-2146664213-1004\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6000.17128

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&CUI=UN74260036726628287&UM=2&ctid=CT3291673

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\idodiefq.default\prefs.js

Found : user_pref("CT3289847_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Found : user_pref("CT3291673_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3291673&CUI=UN33344691[...]
Found : user_pref("Smartbar.ConduitSearchEngineList", "Search Spin V1 Customized Web Search");
Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291673[...]
Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3291673");
Found : user_pref("browser.search.defaultenginename", "Search Results");
Found : user_pref("browser.search.defaultthis.engineName", "Search Spin V1 Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291673&CUI[...]
Found : user_pref("browser.search.order.1", "Search Results");
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291673&SearchSource=2&CU[...]
Found : user_pref("smartbar.machineId", "M1NINRO5KCAOTISAERTVKDHBFFPW3VE97OOE1KL6MJSBDHMVDRWZF3CG5QQC+LUVSF/[...]

-\\ Google Chrome v26.0.1410.64

File : C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found [l.2068] : homepage = "hxxp://www.searchnu.com/102?appid=100",

*************************

AdwCleaner[R1].txt - [8111 octets] - [07/05/2013 14:19:44]
AdwCleaner[R2].txt - [7963 octets] - [07/05/2013 15:22:17]

########## EOF - C:\AdwCleaner[R2].txt - [8023 octets] ##########
Title: Re: Security cannot change update settings
Post by: Pondus on May 07, 2013, 11:34:51 PM
the AdwCleaner logfile say search.... you need to click delete to remove the crap files listed

and attach the rest of the logs....not copy and paste