Author Topic: 113577url.cptgt.com  (Read 25826 times)

0 Members and 1 Guest are viewing this topic.

Busymama62

  • Guest
Re: 113577url.cptgt.com
« Reply #30 on: December 15, 2010, 11:43:14 PM »
Can you download to a USB drive and then copy to the sick system ?

Hmmm.  That is a great idea!!!!!  I will give it a try!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: 113577url.cptgt.com
« Reply #31 on: December 15, 2010, 11:44:41 PM »
Ok I am off to bed now but I will look tomorrow evening when I get home

Busymama62

  • Guest
Re: 113577url.cptgt.com
« Reply #32 on: December 16, 2010, 04:01:46 AM »
Ok I am off to bed now but I will look tomorrow evening when I get home

I hope that you sleep very well.  I am just now where I can try to do the download.

Busymama62

  • Guest
Re: 113577url.cptgt.com
« Reply #33 on: December 16, 2010, 05:00:28 AM »
OK this is a different system - correct ?

 
    When finished, it will produce a report for you. 
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.
Attached is the log file.  Thank you Essexboy for all of your help.  You have been GREAT!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: 113577url.cptgt.com
« Reply #34 on: December 16, 2010, 08:35:16 PM »
OK that took out some bad boys, Combofix appeared to be able to connect as it installed the recovery console

I will now look at the remainder of the system and see where the hiccup is on the network

Download OTL  to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT




  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Busymama62

  • Guest
Re: 113577url.cptgt.com
« Reply #35 on: December 16, 2010, 11:06:28 PM »
OK that took out some bad boys, Combofix appeared to be able to connect as it installed the recovery console

I will now look at the remainder of the system and see where the hiccup is on the network

Wow!  I was able to connect to the internet with this system!  The reports are attached.  Do I need to wait untill we are completly finished with the fixes etc. before downloading Avast?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: 113577url.cptgt.com
« Reply #36 on: December 16, 2010, 11:17:21 PM »
Patience is a virtue grasshopper  ;D

Checking the logs now

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: 113577url.cptgt.com
« Reply #37 on: December 16, 2010, 11:29:13 PM »
I will remove Panda as well for you so that it does not interfere with Avast. Once done connect to the net and download Avast.  Then let me know what problems you are having   

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Quote
    :OTL
    SRV - File not found [Unknown | Stopped] -- -- (PskSvcRetail)
    SRV - File not found [Auto | Running] -- C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe -- (PavPrSrv)
    SRV - [2008/07/10 11:02:00 | 000,169,216 | ---- | M] (Panda Security, S.L.) [Unknown | Stopped] -- C:\Program Files\Panda Security\Panda Internet Security 2009\PavFnSvr.exe -- (PAVFNSVR)
    SRV - [2008/07/04 13:28:26 | 000,288,512 | ---- | M] (Panda Security, S.L.) [Auto | Stopped] -- C:\Program Files\Panda Security\Panda Internet Security 2009\pavsrv51.exe -- (PAVSRV)
    SRV - [2008/07/02 13:09:36 | 000,060,160 | ---- | M] (Panda Security, S.L.) [Unknown | Stopped] -- C:\Program Files\Panda Security\Panda Internet Security 2009\GWMsrv.dll -- (Gwmsrv)
    SRV - [2008/06/19 11:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) [Unknown | Stopped] -- C:\Program Files\Panda Security\Panda Internet Security 2009\PsImSvc.exe -- (PSIMSVC)
    DRV - File not found [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys -- (ShldDrv)
    DRV - File not found [Kernel | Auto | Running] -- C:\WINDOWS\System32\DRIVERS\PavProc.sys -- (PavProc)
    DRV - File not found [File_System | Unknown | Running] -- -- (PAVDRV)
    DRV - File not found [TDI Layer] [Kernel | Unknown | Running] -- -- (NETFLTDI)
    DRV - File not found [Kernel | Unknown | Running] -- -- (IDSFLT)
    DRV - File not found [Kernel | Unknown | Running] -- -- (FNETMON)
    DRV - File not found [Kernel | Unknown | Running] -- -- (DSAFLT)
    DRV - File not found [Kernel | Unknown | Running] -- -- (APPFLT)
    DRV - [2008/06/26 10:25:28 | 000,197,888 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\neti1634.sys -- (NETIMFLT01060034)
    DRV - [2008/06/19 16:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\WINDOWS\System32\avldr.dll (Panda Security, S.L.)
    [2010/12/15 21:38:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\PAVSHRB.INI
    [2010/02/22 22:08:20 | 000,016,144 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\1fsm5VV6y7
    [2009/07/09 10:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
    [2010/12/15 21:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Panda Security

    :Files
    ipconfig /flushdns /c
    C:\Program Files\Panda Security
    C:\Program Files\Common Files\Panda Software

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Busymama62

  • Guest
Re: 113577url.cptgt.com
« Reply #38 on: December 17, 2010, 12:46:51 AM »
I will remove Panda as well for you so that it does not interfere with Avast. Once done connect to the net and download Avast.  Then let me know what problems you are having   

I did downoald Avast!!!  Feels so good to have that on the desktop.  I am attaching the latest log file for you to see.  For some reason on the desk top the reply nor Quote links appear so I had to put the log file on memory stick and then from the lap top attach it.

Busymama62

  • Guest
Re: 113577url.cptgt.com
« Reply #39 on: December 17, 2010, 04:21:36 AM »
I will remove Panda as well for you so that it does not interfere with Avast. Once done connect to the net and download Avast.  Then let me know what problems you are having   

I just got finished "playing around" on the desk top.  So far I have not had any issues.  Malewarebytes opened without a problem, I opened quite a few word files, Adobe files, photo files, even my Bejeweled game.  I had no problems at all.  It appears from my end that things are now fine.  I will see what the report tells you. 

Essexboy, I want to thank you so very much for all of your help.  It has been such a hassel using the laptop for everything.  We run a business from home and there were a lot of files that I could not access on the desk top and all of those files seem fine.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: 113577url.cptgt.com
« Reply #40 on: December 17, 2010, 09:20:15 PM »
Hi unfortunately you saved the file as Unicode, could you resave as ANSI please  ;D

What problems are you experiencing now ?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: 113577url.cptgt.com
« Reply #41 on: December 17, 2010, 09:38:56 PM »
You might want to add that little note "save the log file as ANSI file format please" to your boiler plate script. It would save you al lot of time ;D

Are you still using editpad lite as that makes a reasonable fist of reading it in Unicode format ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Busymama62

  • Guest
Re: 113577url.cptgt.com
« Reply #42 on: December 17, 2010, 10:05:33 PM »
Hi unfortunately you saved the file as Unicode, could you resave as ANSI please  ;D

What problems are you experiencing now ?

Not haveing any problems yet.  I guess I need to set the desktop up to use full time and see if I have any problems.  Will do that once I send this post. 

I have saved the file again, but I chose "text document"  I did not have an option that said ANSI.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: 113577url.cptgt.com
« Reply #43 on: December 17, 2010, 10:09:36 PM »
Yup - I think I will do that David - ta

When you open OTL could you go to File.. Save as...
And in the save box set it as below


Busymama62

  • Guest
Re: 113577url.cptgt.com
« Reply #44 on: December 17, 2010, 11:15:50 PM »
Yup - I think I will do that David - ta

When you open OTL could you go to File.. Save as...
And in the save box set it as below



I see what I did I used word pad not note pad.  Here is the log file in ANSI format.