Author Topic: 113577url.cptgt.com  (Read 25815 times)

0 Members and 1 Guest are viewing this topic.

Busymama62

  • Guest
113577url.cptgt.com
« on: December 12, 2010, 05:38:35 AM »
We keep getting pop ups.  Some are web page commercials so to speak, some are audio where there is audio but no visual pop up.  Several times I have gotten a page that wants me to choose to remove a virus, the name of this page is 113577url.cptgt.com.  I have done a boot scan twice, the first time things were found and we did choose to delete because it said they could not be repaired.  Please help, we really cannot afford to put the laptop back in the shop right now.
Thanks!
Linda

CharleyO

  • Guest
Re: 113577url.cptgt.com
« Reply #1 on: December 12, 2010, 07:45:31 AM »
***

Try using the free version of malwarebytes antimalware and see what it finds.
Download it, install it, update it, and then run a Full scan.
Let it fix what it finds and post the resulting log here.
You can get it at the link below.

http://www.malwarebytes.org/mbam.php


***
« Last Edit: December 12, 2010, 07:48:38 AM by CharleyO »

Busymama62

  • Guest
Re: 113577url.cptgt.com
« Reply #2 on: December 12, 2010, 11:01:23 PM »
I already have Malwarebytes and have run a full scan twice.  Both times it says that nothing was found!  I did another avast scan this am and it found some files but I could not do anything with them because every choice said this is a window folder are you sure....No I am not sure, I do not want to remove necessary files/folders.  I will run another Malwarebytes and see if it finds anything.

Updated Malwarebytes and ran another scan.  It found no infected files.
« Last Edit: December 13, 2010, 02:40:57 AM by Busymama62 »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: 113577url.cptgt.com
« Reply #3 on: December 12, 2010, 11:11:55 PM »
Hi I would like to look at two areas on your computer - these programmes are purely analysis for now

Please download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A window similar to this should open on your desktop:



  • If you are prompted with options, enter N at the prompt and press Enter[/i]
  • Press Enter[/i] again
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your deskop.  Please post the contents of that file.
.
THEN

Download OTL  to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT




  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: 113577url.cptgt.com
« Reply #4 on: December 12, 2010, 11:44:48 PM »
Quote
I will run another Malwarebytes and see if it finds anything.
did you update it before you scanned ?.......lots of people forget to do that and scan with a very old database!

Busymama62

  • Guest
Re: 113577url.cptgt.com
« Reply #5 on: December 13, 2010, 02:42:56 AM »
Quote
I will run another Malwarebytes and see if it finds anything.
did you update it before you scanned ?.......lots of people forget to do that and scan with a very old database!

I did update this last time.  I guess I was thinking Malwarebytes did automatic updates, but it does not. 

Busymama62

  • Guest
Re: 113577url.cptgt.com
« Reply #6 on: December 13, 2010, 02:48:59 AM »
    Hi I would like to look at two areas on your computer - these programmes are purely analysis for now

    Please download MBRCheck.exe to your desktop.
    • Be sure to disable your security programs
    • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    [/list]

    I will try this afterwhile.  Fixing supper right now.  It is funny.  The few minutes that I have been online checking out the forum posts regarding my issue, I have had 3 windows to pop up and all three are Avast windows.

    nsm0220

    • Guest
    Re: 113577url.cptgt.com
    « Reply #7 on: December 13, 2010, 03:52:01 AM »
    Busymama62 have you used a boot cd to fix this if try gdata boot cd https://www.gdatasoftware.co.uk/support/main-subjects/upgrade-service/download.html

    Busymama62

    • Guest
    Re: 113577url.cptgt.com
    « Reply #8 on: December 13, 2010, 04:38:46 AM »
    Busymama62 have you used a boot cd to fix this if try gdata boot cd https://www.gdatasoftware.co.uk/support/main-subjects/upgrade-service/download.html

    No I have not.  Going to show my ignorance here...does a boot cd, remove all you installed programs?

    Offline DavidR

    • Avast Überevangelist
    • Certainly Bot
    • *****
    • Posts: 88895
    • No support PMs thanks
    Re: 113577url.cptgt.com
    « Reply #9 on: December 13, 2010, 04:53:31 AM »
    No the idea of the GData boot CD (and other such anti-virus boot CDs) is to clean the malware outside of windows, so that you can get at it whilst it isn't running in windows, where it might have protective measure working to protect against its removal..
    Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

    nsm0220

    • Guest
    Re: 113577url.cptgt.com
    « Reply #10 on: December 13, 2010, 04:58:40 AM »
    Busymama62 have you used a boot cd to fix this if try gdata boot cd https://www.gdatasoftware.co.uk/support/main-subjects/upgrade-service/download.html

    No I have not.  Going to show my ignorance here...does a boot cd, remove all you installed programs?

    if its a rouge,virus,malware,or other stuff yes.but if you have clean programs it will not remove them.   

    Busymama62

    • Guest
    Re: 113577url.cptgt.com
    « Reply #11 on: December 13, 2010, 05:02:09 AM »
    MBRCheck, version 1.2.3
    (c) 2010, AD
    Here is what came up.  You said for me to download OTL next.  Where do I find OTL.  According to the following results there is an issue.  I did turn my Avast back on to log on to post this and Avast poped up the window Avast has blocked a threat, no further action needed.  I will do the OTL scan once I have it downloaded.  Do I turn off my Avast to run it?  Thank you very much!!!

    Well I am having to delete part of this text file.  I hope I leave what you need to see.

    Command-line:         
    Windows Version:      Windows XP Home Edition
    Windows Information:      Service Pack 3 (build 2600)
    Logical Drives Mask:      0x0000003c

    Kernel Drivers (total 185):
                                       0xBA7A7000 \SystemRoot\System32\Drivers\Null.SYS
      0xBA5C4000 \SystemRoot\System32\Drivers\Beep.SYS
      0xBA458000 \SystemRoot\System32\drivers\vga.sys
      0xBA5C6000 \SystemRoot\System32\Drivers\mnmdd.SYS
      0xBA5C8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
      0xBA460000 \SystemRoot\System32\Drivers\Msfs.SYS
      0xBA468000 \SystemRoot\System32\Drivers\Npfs.SYS
      0xBA5A4000 \SystemRoot\system32\DRIVERS\rasacd.sys
      0xA94C8000 \SystemRoot\system32\DRIVERS\ipsec.sys
      0xA946F000 \SystemRoot\system32\DRIVERS\tcpip.sys
      0xBA308000 \SystemRoot\System32\Drivers\aswTdi.SYS
      0xA941F000 \SystemRoot\system32\DRIVERS\netbt.sys
      0xA93FD000 \SystemRoot\System32\drivers\afd.sys
      0xBA318000 \SystemRoot\system32\DRIVERS\netbios.sys
      0xA9332000 \SystemRoot\system32\DRIVERS\rdbss.sys
      0xB9D27000 \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys
      0xA92C2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
      0xB9DE3000 \SystemRoot\System32\Drivers\Fips.SYS
      0xA929C000 \SystemRoot\system32\DRIVERS\ipnat.sys
      0xB9DD3000 \SystemRoot\system32\DRIVERS\wanarp.sys
      0xA9275000 \SystemRoot\System32\Drivers\aswSP.SYS
      0xBA478000 \SystemRoot\System32\Drivers\Aavmker4.SYS
      0xBA480000 \SystemRoot\system32\DRIVERS\usbccgp.sys
      0xB9CFA000 \SystemRoot\system32\DRIVERS\usbscan.sys
      0xBA488000 \SystemRoot\system32\DRIVERS\usbprint.sys
      0xBA490000 \SystemRoot\system32\DRIVERS\HPZius12.sys
      0xBA498000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
      0xB9DB3000 \SystemRoot\system32\DRIVERS\HPZid412.sys
      0xB9CF6000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
      0xB9DA3000 \SystemRoot\System32\Drivers\Cdfs.SYS
      0xB9CF2000 \SystemRoot\system32\DRIVERS\hidusb.sys
      0xB9D93000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
      0xBA4A0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
      0xB9CEE000 \SystemRoot\system32\DRIVERS\mouhid.sys
      0xA91E5000 \SystemRoot\System32\Drivers\dump_atapi.sys
      0xBA5CA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
      0xBF800000 \SystemRoot\System32\win32k.sys
      0xA9517000 \SystemRoot\System32\drivers\Dxapi.sys
      0xBA4A8000 \SystemRoot\System32\watchdog.sys
      0xBF000000 \SystemRoot\System32\drivers\dxg.sys
      0xBA698000 \SystemRoot\System32\drivers\dxgthk.sys
      0xBF020000 \SystemRoot\System32\ialmdnt5.dll
      0xBF012000 \SystemRoot\System32\ialmrnt5.dll
      0xBF041000 \SystemRoot\System32\ialmdev5.DLL
      0xBF075000 \SystemRoot\System32\ialmdd5.DLL
      0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
      0xA91C9000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
      0xA90C5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
      0xA8F26000 \SystemRoot\System32\Drivers\aswMon2.SYS
      0xA8CC9000 \SystemRoot\system32\DRIVERS\mrxdav.sys
      0xA8CB4000 \SystemRoot\system32\drivers\wdmaud.sys
      0xA937D000 \SystemRoot\system32\drivers\sysaudio.sys
      0xBA7EF000 \??\C:\WINDOWS\system32\drivers\epm-psd.sys
      0xA8A48000 \??\C:\WINDOWS\system32\drivers\epm-shd.sys
      0xA8C81000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
      0xBA604000 \??\C:\WINDOWS\system32\drivers\osaio.sys
      0xBA71B000 \??\C:\WINDOWS\system32\drivers\osanbm.sys
      0xA8798000 \SystemRoot\system32\DRIVERS\srv.sys
      0xA82F7000 \SystemRoot\System32\Drivers\HTTP.sys
      0xA924D000 \SystemRoot\System32\Drivers\aswRdr.SYS
      0x7C900000 \WINDOWS\System32\ntdll.dll

    Processes (total 39):
           0 System Idle Process
           4 System
         288 C:\WINDOWS\System32\SMSS.EXE
         344 CSRSS.EXE
         368 C:\WINDOWS\System32\winlogon.exe
         412 C:\WINDOWS\System32\services.exe
         424 C:\WINDOWS\System32\LSASS.EXE
         572 C:\WINDOWS\System32\svchost.exe
         632 svchost.exe
         712 C:\WINDOWS\System32\svchost.exe
         792 svchost.exe
         840 svchost.exe
         920 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
        1156 C:\WINDOWS\System32\spoolsv.exe
        1656 svchost.exe
        1868 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
        1912 C:\WINDOWS\Explorer.EXE
        1960 C:\WINDOWS\System32\svchost.exe
        1984 C:\Program Files\Java\JRE6\BIN\JQS.EXE
         144 C:\Program Files\Common Files\Motive\McciCMService.exe
         172 C:\WINDOWS\System32\svchost.exe
         188 C:\WINDOWS\System32\svchost.exe
         272 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
         316 C:\WINDOWS\System32\svchost.exe
         564 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
        1672 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
        1808 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        1816 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
        1744 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
        2104 C:\WINDOWS\Bbstore\DSS\dssagent.exe
        2156 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
        2172 C:\WINDOWS\System32\ctfmon.exe
        2400 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
        2508 C:\Program Files\Messenger\msmsgs.exe
        2680 alg.exe
        2792 C:\Program Files\HP\Digital Imaging\BIN\hpqtra08.exe
        3000 C:\WINDOWS\System32\svchost.exe
        3152 C:\Program Files\HP\Digital Imaging\BIN\hpqste08.exe
         304 C:\Documents and Settings\OWNER\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`c8073000  (FAT32)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000004`e51df800  (FAT32)

    PhysicalDrive0 Model Number: ST9402112A, Rev: 3.06    

          Size  Device Name          MBR Status
      --------------------------------------------
         37 GB  \\.\PhysicalDrive0   Unknown MBR code
                SHA1: 6A37CCD118436B688B51F6BD4C2B47A895EBDF7F


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!

    Offline Pondus

    • Probably Bot
    • ****
    • Posts: 37505
    • Not a avast user
    Re: 113577url.cptgt.com
    « Reply #12 on: December 13, 2010, 09:32:26 AM »
    Quote
    You said for me to download OTL next.  Where do I find OTL
    You click the red " OTL " in Essexboy`s post, and the download will start


    To avoid using multiple post with copy and paste you have to attach the log`s
    Lower left corner: Additional Options > Attach ( OTL.Txt and Extras.Txt. )
    « Last Edit: December 13, 2010, 09:35:53 AM by Pondus »

    Busymama62

    • Guest
    Re: 113577url.cptgt.com
    « Reply #13 on: December 13, 2010, 04:36:15 PM »

    Download OTL  to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Select All Users
    • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    In the Extras report there are several errors.  I would imagine one is from where we have 2 printers installed but only one hooked up at this time.

    [/list]

    TxKimberly

    • Guest
    Re: 113577url.cptgt.com
    « Reply #14 on: December 13, 2010, 06:55:42 PM »
    Hello everyone! After having beat my head against this very same problem for three days, I have joined this forum for the express purpose of telling you how to resolve it. I would like to take credit for it, but I'd have to admit that I failed to resolve it and had to sit here this morning while my IT department worked my PC remotely to do it.
    I'm sorry, but I didn't catch the names of the assorted things that they found but I DID catch the name of the sharware programs they used:
    Hitman Pro 3.5 (This is the program that found the damned thing!)
    SuperAntiSpyware Free Edition

    All of the following failed to find or resolve the issue:
     - Symantec Corp edition
     - MalwareBytes (This really surprised me as I love this program and
       it's saved me a lot in the past)
     - Spyware Doctor from PC Tools
     - Spybot S & D

    I've looked in the history for the program (Which I convinced them to leave with me) and it shows that it found and deleted the following:
    "C:\Windows\System32\wmiapi.Dll"
    I'm not positive that this was "the" problem but offer you the information as an FYI.

    Again, they were moving pretty fast so I didn't get all the details I know you would like, but my IT folks confirmed that it was the Hitman Pro software that found and killed the virus itself.
    One of these two programs (Hitman Pro 3.5 and SuperAntiSpyware Free Edition) also found and removed a trojan downloader on my removable external drive. Sorry but I didn't catch which program found that downloader.

    Clearly I'm not a IT expert and I'm not going to be able to provide any more details than this, but I can tell you for sure that I had exactly the same problem described here and my IT folks used Hitman Pro 3.5 and SuperAntiSpyware Free Edition to find and resolve. I think they are both shareware.

    Good luck!


    « Last Edit: December 13, 2010, 06:58:45 PM by TxKimberly »