|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Virus/Trojan/Spyware Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
LinkBack | Thread Tools |
10-20-2009, 05:35 AM
|
#1 (permalink) |
|
Registered User
Join Date: Mar 2009
Posts: 7
OS: Windows XP SP2
|
Can't connect to antivirus sites / autorun.inf / jwgkvsq.vmx
Hi there,
I am running Windows XP Pro SP3. I have for a long while been unable to connect to certain websites with my laptop. I don't think it is a firewall problem as I have tried turning it off. I get the problem whether accessing Internet from office or from home, and from either browser (IE8 or Firefox 3). Other computers are fine. The websites I can't access include:
The other, possibly unrelated problem are two viruses/malware that my Comodo detects, claims to "remove", but is still there everytime I stick in my USB drive. This is the info Comodo gives me:
Below is the DDS log: DDS (Ver_09-10-13.01) - NTFSx86 Run by user at 14:55:34.68 on Tue 10/20/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.252 [GMT 8:00] AV: COMODO Antivirus *On-access scanning enabled* (Outdated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B} AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\_driver\Mouse\Amoumain.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\_misc\ClipX\clipx.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\_misc\_desktop\Rainlendar2\Rainlendar2.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\_misc\_desktop\Launchy\Launchy.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\_misc\_tweak\FlashFolder\FlashFolder.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\_misc\Instant Boss\InstantBoss.exe D:\My Documents\Downloads\software\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com.bn/ uInternet Connection Wizard,ShellNext = https://webmail.egc.gov.bn/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Rainlendar2] c:\program files\_misc\_desktop\rainlendar2\Rainlendar2.exe uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe" mRun: [WheelMouse] c:\program files\_driver\mouse\Amoumain.exe mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h mRun: [ClipX] c:\program files\_misc\clipx\clipx.exe mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launchy.lnk - c:\program files\_misc\_desktop\launchy\Launchy.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224343976890 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab Notify: igfxcui - igfxdev.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\6gi6i7mw.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-2-18 110992] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-2-18 24336] R2 FlashFolder;FlashFolder;c:\program files\_misc\_tweak\flashfolder\FlashFolder.exe [2008-3-21 71680] R3 Amps2prt;Compatible PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2007-4-6 14336] S2 ncsttoid;Support Universal;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2009-4-11 163328] S3 s125bus;Sony Ericsson Device 125 driver (WDM);c:\windows\system32\drivers\s125bus.sys [2007-4-24 83336] S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\system32\drivers\s125mdfl.sys [2007-4-24 15112] S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\system32\drivers\s125mdm.sys [2007-4-24 108680] S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;c:\windows\system32\drivers\s125obex.sys [2007-4-24 98696] =============== Created Last 30 ================ 2009-10-16 14:29 <DIR> --d----- c:\program files\Trend Micro 2009-10-16 10:08 <DIR> --d----- c:\docume~1\user\applic~1\WinPatrol ==================== Find3M ==================== 2008-04-14 05:41 162,397 a--shr-- c:\windows\system32\vmqwo.dll 2009-06-05 10:14 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009060520090606\index.dat ============= FINISH: 14:56:27.84 =============== Oh and I do not currently have access to a Windows Install disc or a boot CD. Thank you for any help I get on this thread :) |
|
     
|
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
10-22-2009, 10:09 PM
|
#2 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,995
OS: WinXP and Vista
|
Re: Can't connect to antivirus sites / autorun.inf / jwgkvsq.vmx
Hello mzah8,
You have a rootkit onboard. We'll begin with ComboFix. Download ComboFix from one of these locations: Link 1 Link 2 * IMPORTANT- Save ComboFix.exe to your Desktop ==================================================== Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. ==================================================== Double click on combofix.exe & follow the prompts.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.  Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:  Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review. |
|
|
|
|
10-25-2009, 03:41 AM
|
#3 (permalink) |
|
Registered User
Join Date: Mar 2009
Posts: 7
OS: Windows XP SP2
|
Re: Can't connect to antivirus sites / autorun.inf / jwgkvsq.vmx
Thanks Reid so much for your reply.
Problem: I am unable to turn off Avira Antivirus. I have tried using Task Manager and other programs to terminate the software but it just won't quit. :/ It also runs at startup (tho not showing in my startup list) so even in Safe Mode it's there. Any advice? Thank you. |
|
|
|
|
10-25-2009, 09:09 AM
|
#4 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,995
OS: WinXP and Vista
|
Re: Can't connect to antivirus sites / autorun.inf / jwgkvsq.vmx
Right click the icon in your system tray (bottom, near the clock) and uncheck Activeguard. If you still can't figure a way to disable it, for now, okay your way through the alerts.
|
|
|
|
|
10-26-2009, 03:31 AM
|
#5 (permalink) |
|
Registered User
Join Date: Mar 2009
Posts: 7
OS: Windows XP SP2
|
Re: Can't connect to antivirus sites / autorun.inf / jwgkvsq.vmx
It's not in my system tray, I disabled that long ago but I guess it's still running in the background. Alright, I'll give it a try. Thanks.
|
|
|
|
|
| Thread Tools | |
|
|
