Jump to content

RedBarron

Members
  • Content Count

    13
  • Joined

  • Last visited

Community Reputation

0 Neutral

About RedBarron

  • Rank
    New Member
  1. Ok, so I thought I was good, then I got the same thing again: 2012/05/02 10:52:53 +0800 IP-BLOCK 122.70.141.101 (Type: outgoing, Port: 59021, Process: chrome.exe) Here is the OTL log: All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-3948093705-1484294097-1952622497-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Arne -&
  2. Hey, sorry I didn't see your last post, I will do it tomorrow.. btw. this is the last time Malwarebytes blocked anything: 2012/04/26 00:59:13 +0800 IP-BLOCK 60.190.222.181 (Type: outgoing, Port: 50196, Process: chrome.exe) so fingers crossed, maybe something helped along the way
  3. OTL logfile created on: 4/27/2012 11:53:35 PM - Run 1 OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Arne\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 1013.30 Mb Total Physical Memory | 157.65 Mb Available Physical Memory | 15.56% Memory free 2.10 Gb Paging File | 0.61 Gb Available in Paging File | 28.98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows |
  4. Updated and scanned, nothing found by Microsoft Security Essentials
  5. I have Skype 4.2, but it's been on my PC for a long time. I don't know how to check for the two parameters you mentioned in connection with Skype. I tried every website and they all came back green. I am located in China, so I don't know if they work over here. Listparts scan: ListParts by Farbar Version: 12-03-2012 03 Ran by Arne (administrator) on 27-04-2012 at 00:13:43 Windows 7 (X86) Running From: C:\Users\Arne\Downloads Language: 0409 ************************************************************ ========================= Memory info ====================== Percentage of memory in use: 76%
  6. Just as I was running the scan I had another pop up come up, this time not blocked by Malwarebytes (which I have re-enabled) aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-04-26 10:22:03 ----------------------------- 10:22:03.377 OS Version: Windows 6.1.7601 Service Pack 1 10:22:03.377 Number of processors: 2 586 0x1C0A 10:22:03.439 ComputerName: ARNE-PC UserName: Arne 10:22:15.966 Initialize success 10:26:51.737 AVAST engine defs: 12042501 10:27:19.286 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 10:27:19.286 Disk 0 V
  7. Thanks again for your help, I'm going to bed, will be back tomorrow.
  8. ComboFix 12-04-25.01 - Arne 26.04.2012 0:08.1.2 - x86 Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1033.18.1013.427 [GMT 8:00] ausgeführt von:: c:\users\Arne\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\FullRemove.exe c:\u
  9. <p> </p> <div>ComboFix 12-04-25.01 - Arne 26.04.2012 0:08.1.2 - x86</div> <div>Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1033.18.1013.427 [GMT 8:00]</div> <div>ausgeführt von:: c:\users\Arne\Desktop\ComboFix.exe</div> <div>AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}</div> <div>SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}</div> <div>SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</
  10. 23:44:57.0990 5348 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43 23:44:59.0279 5348 ============================================================ 23:44:59.0279 5348 Current date / time: 2012/04/25 23:44:59.0279 23:44:59.0279 5348 SystemInfo: 23:44:59.0280 5348 23:44:59.0280 5348 OS Version: 6.1.7601 ServicePack: 1.0 23:44:59.0280 5348 Product type: Workstation 23:44:59.0280 5348 ComputerName: 23:44:59.0281 5348 UserName: 23:44:59.0281 5348 Windows directory: C:\windows 23:44:59.0281 5348 System windows directory: C:\windows 23:44:59.0281 5348 Processor architecture: Intel x86 23:4
  11. Thanks MrCharlie RogueKiller V7.3.3 [04/22/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User: Arne [Admin rights] Mode: Scan -- Date: 04/25/2012 23:04:35 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 3 ¤¤¤ [HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04
  12. First off, I really appreciate the help, don't think (know) this would be a big problem but I don't feel confident with this malware on my PC. I started getting these annoying pop up ads for some Chinese role-playing game at the lower bottom right corner of my screen when i try to connect to websites (not just Chinese ones, so I realized that there was something on my PC). The pop ups come with sound (how nice). I installed Malwarebytes Anti Malware and activated the full version trial then ran a scan. Found and quarantined "PUP.TollbarDownloader" in an exe file I had downloaded (and I guess e
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.