Recently I got AV protection 2011 malware, my avast av couldnt detect it some how. The malwares tends to block all programs’ functions. These are my logs from Malwarebyte, OTL, and aswMBR on the attached files. I couldn’t get the rougue killer because it crashes in the middle somehow. I ran those program in safe mode in order to run those programs. I would also like some recommendation on program that helps prevent malware/virus from the net in the future. Thanks.

my system is a XP 2002 sp3 on a laptop.

I see you have run Combofix, could I see the log please

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL O4 - HKLM..\Run: [ybDnGa66dW8fXCl8234A] C:\WINNT\system32\AV Protection 2011v121.exe („K„€„‚„„€„‚„p„ˆ„y„‘ „M„p„z„{„‚„€„ƒ„€„†„„) [2011/11/22 13:02:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\NrlOBtxP0c1b3n [2011/11/22 13:02:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WG5sQJ7dE8RqYwU [2011/11/22 12:18:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WVeellOBtzP0 [2011/11/22 12:18:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\C6ddEKK8fRZhYwj [2011/11/22 02:47:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\uŠJŽnvŒ÷”\•\\’öŽ®W\AV Protection 2011 [2011/11/22 02:47:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\zUVeB0SiDoGamsK [2011/11/22 02:47:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\oaaQQ6ddEKfR9Yw [2011/11/22 02:46:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AUUttzP0ycA1 [2011/11/22 02:46:12 | 002,841,088 | ---- | C] („K„€„‚„„€„‚„p„ˆ„y„‘ „M„p„z„{„‚„€„ƒ„€„†„„) -- C:\WINNT\System32\AV Protection 2011v121.exe [2011/11/22 02:46:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\KOOBBtxx0ycSiGf [2011/11/22 02:46:33 | 000,286,208 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\dwme.exe [2011/11/22 02:46:13 | 002,841,088 | ---- | M] („K„€„‚„„€„‚„p„ˆ„y„‘ „M„p„z„{„‚„€„ƒ„€„†„„) -- C:\WINNT\System32\AV Protection 2011v121.exe [2011/11/22 02:46:33 | 000,286,208 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\dwme.exe

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

here is the log. At the moment, I notice I logged in without having the av protection 2011 malware popping up at the start.

What are you current problems ?

Could you run a fresh OTL scan for me please to ensure that I missed nothing

also the Malwarebytes log you posted show that the program have not been updated for many days
always click the update button before you start a scan

here is another scan from OTL. Thank you very much for your help.

Edited: I notice I don have access to internet while it still detects my wireless network. The window firewall system also cannot be turned back on somehow.

A couple of orphans to remove… What are your current problems ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O4 - HKLM..\Run: [xIVrrzONtxA0vSb] File not found

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

Here is the log. i guess the malware is gone now, bc I don’t see the program itself anymore. Now I notice my internet and firewall functions are dead, even though it detects the wireless network.

OK here we go again - but at least I am getting a routine down for it

Open Services…
Start > Run > Type: services.msc > Click OK
Scroll down to and double click DNS Client
Set to Automatic under Startup type
Click the Apply button
Click the Start button
When it starts click OK

Repeat for DHCP Client.
And repeat for Remote Procedure Call (RPC).

When done, close Services.

Try the connection again

OK run OTL and run the following script as I need to check the dependency files

[*]Select All Users
[*]Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%*.exe
/md5start
afd.*
tcpip.*
netbt.*
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
C:\Windows\assembly\tmp\U /s
CREATERESTOREPOINT

i cant activiate the dns client, and it said error 1068 anyway here is the log.

OK - next area to look at

Click Start, Run and type DEVMGMT.MSC
In the View menu, click Show hidden devices
Double-click Non-Plug and Play drivers section
Double-click the entry AFD, and click the Driver tab
Set the Startup type to System.
Start the service. Note down the error message if any.
Similarly start the two other drivers namely:
TCP/IP Protocol Driver
NetBios over Tcpip
Close Device Manager and restart Windows.

the TCP/IP Protocol Driver doesn’t seem to function
i got code 22 i think.

Could you go to start > run and enter the following commands pressing enter after each line

IPCONFIG /RELEASE
IPCONFIG /RENEW
IPCONFIG /ALL

when i type in ipconfigure in run. the black window pops up n disappear right away. very wierd.

It will as it opens a command window (black window) and runs the command and closes the window.

Could you go to start > run and enter cmd, this will open a command window, which will stay open. Then you can type the commands into the command window and get the results, make sure you have a space after the IPCONFIG before the /RELEASE etc.

ok when i hit the command “ipconfig/ release” on cmd, an internal error occurred, “please contact microsoft product support services for further help. additional information: unable to query host name.”

Are you using the quotes in the command or just using them for emphasis ?

If just for emphasis, then you could try a google search, etc. for “unable to query host name” (with or without quotes), if that doesn’t return anything related to the IPCONFIG command try adding the IPCONFIG to the search string before the “unable to query host name”

Otherwise it will need the services of essexboy when he is next back on the forum as it is now almost 12:25am in the UK.

whenever i type ipconfig or anything liek that in cmd, it gives the message: “an internal error occurred,please contact microsoft product support services for further help. additional information: unable to query host name.” Right now I assume my laptop cant even reach the ip address, I’ll try a number of method from google search right now.

atm , i did the following:

Go to Start->Run->cmd

netsh int ip reset resetlog.txt
netsh Winsock reset

I tried to reinstall network card, but have no clue how to do that.

I can’t really help practically, but they aren’t the commands that essexboy suggested that you try.