Author Topic: 113577url.cptgt.com  (Read 25825 times)

0 Members and 1 Guest are viewing this topic.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: 113577url.cptgt.com
« Reply #15 on: December 13, 2010, 10:07:22 PM »
Quote
"C:\Windows\System32\wmiapi.Dll"
This is a legitimate file, unfortunately I have had to repair a few non booting systems that Hitmanpro fixed


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Quote
    :OTL
    O20 - AppInit_DLLs: (wlanprov.dll) - C:\WINDOWS\System32\wlanprov.dll ()
    O20 - AppInit_DLLs: (catext.dll) - C:\WINDOWS\System32\catext.dll ()
    [2010/12/10 13:25:10 | 000,477,184 | -HS- | M] () -- C:\WINDOWS\System32\wlanprov.dll
    [2010/12/10 12:24:06 | 000,063,488 | ---- | M] () -- C:\WINDOWS\System32\catext.dll
    [2008/02/15 21:42:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
    [2008/04/09 20:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Grisoft

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

Busymama62

  • Guest
Re: 113577url.cptgt.com
« Reply #16 on: December 14, 2010, 12:05:17 AM »
Quote
"C:\Windows\System32\wmiapi.Dll"
This is a legitimate file, unfortunately I have had to repair a few non booting systems that Hitmanpro fixed


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    ] button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN

Download ComboFix from one of these locations:

Fxing to download ComboFix, I apparently am unable to turn off the Malwarebytes

Busymama62

  • Guest
Re: 113577url.cptgt.com
« Reply #17 on: December 14, 2010, 12:24:42 AM »
When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

[/quote]

Attached is the combofix log file.  Also, now I am getting a Rootkit Blocked message from Avast.

Busymama62

  • Guest
Re: 113577url.cptgt.com
« Reply #18 on: December 14, 2010, 04:02:12 AM »
Well, after running the ComboFix and posting the file here, I was checking email and my facebook.  All of a sudden the screen went blue with lots of writing that was to much to read and the computer did an automatic shut down and restart.  Of course that was a "Blue Screen Error"  I was prompted, once the computer loaded after doing the automatic scan, I did follow the prompts and sent a report to MS.  The MS site suggested I remove recent programs that have been installed.  I figure I need to wait untill we know this is resovled for sure before I remove ComboFix, MBR check and OTL.  The only thing I have noticed is that my "gmail" link on my favorites bar quit working so I went ahead and deleted it.  So far we have not had any more pop ups.  But we will see.  Over the weekend there would be times that for several hours we would not get any of the pop ups.

I want to say that I appreciate each and every one of you and your helping me with this issue.  I wish I had thought to check the Avast Forum with the Desktop before it got to bad, but alas, I can not even conncet to the internet with it.  So it will eventually make it to the local shop.

nsm0220

  • Guest
Re: 113577url.cptgt.com
« Reply #19 on: December 14, 2010, 06:12:52 AM »
can you go into safe mode Busymama62

yongsua

  • Guest
Re: 113577url.cptgt.com
« Reply #20 on: December 14, 2010, 06:19:53 AM »
No the idea of the GData boot CD (and other such anti-virus boot CDs) is to clean the malware outside of windows, so that you can get at it whilst it isn't running in windows, where it might have protective measure working to protect against its removal..

How about Dr web cure IT?It won 100% for its detection in 2008.Do you recommend it?

nsm0220

  • Guest
Re: 113577url.cptgt.com
« Reply #21 on: December 14, 2010, 06:26:28 AM »
gdata is better than dr.web

yongsua

  • Guest
Re: 113577url.cptgt.com
« Reply #22 on: December 14, 2010, 04:30:24 PM »
gdata is better than dr.web

I meant Dr web live cd not dr web cure IT.Sorry.I know gdata got better detection but it also contain many false posititves too.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: 113577url.cptgt.com
« Reply #23 on: December 14, 2010, 09:39:34 PM »
What error do you get when you try to connect ?

Go to Control Panel and select Internet Options
Select the Connections TAB
Select LAN settings button
Ensure there is no tick in the Proxy Server box
Select OK and restart Internet explorer


Busymama62

  • Guest
Re: 113577url.cptgt.com
« Reply #24 on: December 14, 2010, 09:54:54 PM »
What error do you get when you try to connect ?

Go to Control Panel and select Internet Options
Select the Connections TAB
Select LAN settings button
Ensure there is no tick in the Proxy Server box
Select OK and restart Internet explorer

I will try this afterwhile.  I will have to basically hook everything up.  It has been several months since we used the desktop.  I know it was hijacked or something.  Problems just got worse and worse and I could not even retrieve MS Word documents.  I will certainly try what you suggest, the laptop is apparently fixed!!! Praise the Lord and Thank you to you and the others!   It has been about 18 hours and no pop ups audio or webpages so I feel like all the things we did worked.  I guess I should go ahead and delete the OTL, MBR and Combofix now.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: 113577url.cptgt.com
« Reply #25 on: December 14, 2010, 10:08:18 PM »
If you run OTL and hit the cleanup button they will discappear  ;D

Busymama62

  • Guest
Re: 113577url.cptgt.com
« Reply #26 on: December 15, 2010, 03:25:08 AM »
What error do you get when you try to connect ?

Go to Control Panel and select Internet Options
Select the Connections TAB
Select LAN settings button
Ensure there is no tick in the Proxy Server box
Select OK and restart Internet explorer

This does not look good at all....I booted the computer and gave it plenty of time to load everything.  When I IE a window popped up that said "Open with" and had a list. Then I went to control panel like you suggested and clicked IE and a window came up saying  C:\WINDOWS\system32\rundll32.exe    Application not found.  So I went back to the IE link and let the "Open with" window pop up and chose IE..A browser window opens and quickly closes then 2 smaller windows pop up one "File Download Security Warning."  Do you want to run or save and a "File Download" that says getting file info.  Would not copy over existing IE file.  I tried makeing a new file named iexplorer2.  Window said complete but still would not open.  My Panda software has expired, and If I could have gotten online the first thing I would have done would have been to download AVAST.  I tried to open Word and Excel and both times I got a window saying "Application not found"

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: 113577url.cptgt.com
« Reply #27 on: December 15, 2010, 09:07:30 PM »
OK this is a different system - correct ?

Download Combofix from any of the links below. You must rename it before saving  rename it to Gotcha before saving it to your desktop.

Link 1
Link 2


==================================


Double click on the renamed ComboFix.exe & follow the prompts.
    When finished, it will produce a report for you. 
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Busymama62

  • Guest
Re: 113577url.cptgt.com
« Reply #28 on: December 15, 2010, 10:53:00 PM »
OK this is a different system - correct ?

Download Combofix from any of the links below. You must rename it before saving  rename it to Gotcha before saving it to your desktop.

Yes this is a different system.  I can not download combofix.  I can not even connect to the internet with that computer.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: 113577url.cptgt.com
« Reply #29 on: December 15, 2010, 11:06:16 PM »
Can you download to a USB drive and then copy to the sick system ?