Jump to content

Search the Community

Showing results for tags 'Malicious'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. i was running my p2p program and today not malicious website were blocked. so after a while i checked if malwarebyte is running, and it wasn't. so is it possible that i might be infected? and what can i do to get uninfected?
  2. I haven't had MalwareBytes on forever, but I recently activated the free trial and have been getting constant pop-ups informing of certain IP addresses (mostly from China) being blocked. The connection is inbound and the process used is svchost.exe Here are a few of the logs from MalwareBytes: Protection, 6/26/2014 9:56:28 PM, SYSTEM, MO, Protection, Malware Protection, Starting, Protection, 6/26/2014 9:56:28 PM, SYSTEM, MO, Protection, Malware Protection, Started, Protection, 6/26/2014 9:56:28 PM, SYSTEM, MO, Protection, Malicious Website Protection, Starting, Protection, 6/26/2014 9:56:56 PM, SYSTEM, MO, Protection, Malicious Website Protection, Started, Detection, 6/26/2014 10:04:15 PM, SYSTEM, MO, Protection, Malicious Website Protection, IP, 85.234.173.195, 64932, Inbound, C:\Windows\System32\svchost.exe, Detection, 6/26/2014 10:04:15 PM, SYSTEM, MO, Protection, Malicious Website Protection, IP, 85.234.173.195, 64932, Inbound, C:\Windows\System32\svchost.exe, Detection, 6/26/2014 10:10:58 PM, SYSTEM, MO, Protection, Malicious Website Protection, IP, 222.186.19.3, 64932, Inbound, C:\Windows\System32\svchost.exe, Detection, 6/26/2014 10:10:58 PM, SYSTEM, MO, Protection, Malicious Website Protection, IP, 222.186.19.3, 64932, Inbound, C:\Windows\System32\svchost.exe, Detection, 6/26/2014 10:18:04 PM, SYSTEM, MO, Protection, Malicious Website Protection, IP, 81.198.148.128, 64932, Inbound, C:\Windows\System32\svchost.exe, Detection, 6/26/2014 10:18:04 PM, SYSTEM, MO, Protection, Malicious Website Protection, IP, 81.198.148.128, 64932, Inbound, C:\Windows\System32\svchost.exe, Detection, 6/26/2014 10:19:19 PM, SYSTEM, MO, Protection, Malicious Website Protection, IP, 220.248.169.189, 64932, Inbound, C:\Windows\System32\svchost.exe, Detection, 6/26/2014 10:19:19 PM, SYSTEM, MO, Protection, Malicious Website Protection, IP, 220.248.169.189, 64932, Inbound, C:\Windows\System32\svchost.exe, (end)I'm not sure how long I've had this going on for, but everything runs normal. Any idea on what might be causing this and how I can find out what is the source? Rootkit scans via MalwareBytes Anti-Rootkit and Kaspersky TDSS both came back clean. MalwareBytes Anti-Malware also came back clean. I just want to make sure that it is nothing serious. Please let me know what further information is necessary and what the next step is. Thanks
  3. Hey, every time I have wi-fi on, I get a message from Malwarebytes that says "Successfully blocked access to a potentially malicious website" IPs that I found include 89.248.172.45 (which belongs to The Netherlands), and 89.28.5.37 (which belongs to Moldova) There are definitely more, but those are the ones I recorded, plz help :C
  4. I am currently experiencing much trouble with my computer once my internet connection is on because of what Malwarebytes blocks as "Malicious Website: 162.210.192.14". I've read previous post of the same problems and would follow the same steps, but everyone's computer/malware is different. Since this threat does make my whole computer slow once the internet connection is on, I cannot download anything from the web browser, but I can download and transfer log information from a flash drive to another computer. I'd appreciate all the help given to me - Justin
  5. Hello, I have been suspicious of whether my laptop has been hacked or tapped for spyware so I ran a trial of Malwarebytes and it came up with 20 PUP malicious software applications. Are these PUP's signs of spyware? Thanks, Paul
  6. Just wanted to know because I need to download something from an external website, and I can't be sure, malwarebytes blocked me from it. Cheers.
  7. Submitting Hxxp://www.xconsoles.com (46.246.94.116) as a potential false positive. This is an Xbox accessories website.
  8. Hi everyone, i'm having a chronic problem with Svchost.exe having connections with random IPs. For the past 3 days now Mbam has been blocking many incoming IP connections under the Svchost process, with all IP addresses coming from Ecatel LTD in the Netherlands (except for 1 attempt yesterday from Harbin, China). I'm seeing these blocked connections about 10 times per day, and they seem to be from different Ecatel IPs each time. The latest IP was 93.174.93.67. All ports targeted were different each time. Also, today after another IP connection block, that same IP ended up invoking my BitDef firewall to prompt for permission for Chrome having an outgoing connection to that same IP few seconds later! I blocked it. Yesterday I disconnected my internet and scanned my pc with MBAM, Bitdefender AV, Malwarebytes Anti-rootkit, TDSSkiller, Kaspersky Virus Removal tool, Microsoft Safety Scanner (msert.exe), Microsoft Malware Removal tool, and all these scans found nothing. Today i scanned using Rkill, Combofix, and Adwcleaner with results attached below. This is a very chronic problem i've had for the past year, with Mbam blocking svchost connections or my former Comodo firewall prompting for svchost connections from random IPs from Brazil, China, Russia, Iceland, and now Ecatel, and each time i run an AV, MBAM, Rkill and Combofix scan it found no malware (except once combofix deleted a worm few months ago). The majority of these were inbound, although many were outbound too. I also reformatted my pc many times in the past few months ( as recently as 4 days ago), because I didn't know what problem is going on, but i don't think the marathon of reformatting is a lasting solution because it'll reoccur again sooner or later. I also tried blocking svchost from having any incoming connections with my firewall, but it only worked for last night. For some reason, right after i made that firewall rule, i couldn't find it in the list of firewall rules... Is there any way I can make this problem stop once and for all? What is it that causes svchost to make these connections? Can i just block svchost altogether from connecting to the web? I would greatly appreciate any help to stop this madness. Thanks Rkill.txt Rkill.txt ComboFix.txt AdwCleanerR0.txt AdwCleanerS0.txt
  9. Hi there, I keep finding that when I restart my computer (I normally just put it into sleep mode), my MBAM Pro switches off the malicious website blocking and I can't switch it back on unless I completely exit MBAM and restart it again, then I am able to reactivate the full protection. If I don't do a full restart of MBAM, checking the box for blocking does nothing. I am using Windows XP SP3 Can you offer any suggestions please? Thank you
  10. This must be common to every user of MBAM, because it happens to me occasionally. I have experienced IP blocks when browsing through Google Images, and I cannot figure out the why or source of it. The tooltip can appear in a couple different instances; search results, image upload search results, or after opening up a preview. Even more confusing, I am still on the Google's Images website when the tooltip appears, no potentially malicious websites of any sort have been accessed yet. I use a Google Chrome extension called ScriptSafe (very similar addon to NoScript for Firefox), which allows me to disable/enable certain Javascript. I've allowed Javascript all across the Google domain, but every other outside source is blocked. Regardless, I can still receive an MBAM tooltip regarding an 'IP block' of a malicious website, even though the javascript from the foreign domain is blocked entirely. I'm running Avast antivirus alongside MBAM, using Google Chrome. Here is a log from yesterday. I've replaced (potentially) sensitive areas with x's: 2013/10/18 02:42:44 -0600 FONTAINE Double MESSAGE Executing scheduled update: Daily2013/10/18 02:42:55 -0600 FONTAINE Double MESSAGE Scheduled update executed successfully: database updated from version v2013.10.17.03 to version v2013.10.18.042013/10/18 02:42:55 -0600 FONTAINE Double MESSAGE Starting database refresh2013/10/18 02:42:55 -0600 FONTAINE Double MESSAGE Stopping IP protection2013/10/18 02:42:55 -0600 FONTAINE Double MESSAGE IP Protection stopped successfully2013/10/18 02:42:58 -0600 FONTAINE Double MESSAGE Database refreshed successfully2013/10/18 02:42:58 -0600 FONTAINE Double MESSAGE Starting IP protection2013/10/18 02:43:01 -0600 FONTAINE Double MESSAGE IP Protection started successfully2013/10/18 12:12:34 -0600 FONTAINE Double IP-BLOCK xx.xx.xx.xx (Type: outgoing, Port: xxxxx, Process: chrome.exe)2013/10/18 12:12:35 -0600 FONTAINE Double IP-BLOCK xx.xx.xx.xx (Type: outgoing, Port: xxxxx, Process: avastsvc.exe)2013/10/18 12:12:35 -0600 FONTAINE Double IP-BLOCK xx.xx.xx.xx (Type: outgoing, Port: xxxxx, Process: avastsvc.exe)2013/10/18 12:12:35 -0600 FONTAINE Double IP-BLOCK xx.xx.xx.xx (Type: outgoing, Port: xxxxx, Process: avastsvc.exe)2013/10/18 12:12:35 -0600 FONTAINE Double IP-BLOCK xx.xx.xx.xx (Type: outgoing, Port: xxxxx, Process: avastsvc.exe)2013/10/18 12:12:35 -0600 FONTAINE Double IP-BLOCK xx.xx.xx.xx (Type: outgoing, Port: xxxxx, Process: avastsvc.exe)2013/10/18 12:12:35 -0600 FONTAINE Double IP-BLOCK xx.xx.xx.xx (Type: outgoing, Port: xxxxx, Process: avastsvc.exe) If you need more information, please let me know.
  11. Reading through the forum, I've seen that other people have also had this problem, but I think my computer could be infected with something. Every couple minutes or so I've been getting pop-ups that say "Successfully blocked access to a potentially malicious website." IP address is 111.111.111.111 This message pops up even when all my browsers are closed and I'm basically doing nothing on the computer. Earlier I downloaded Malwarebytes (this is a new computer and I forgot to download it when I first got it- oops!) because when I opened my computer none of the browsers on my laptop would open. I downloaded Malwarebytes, ran a full scan that said I had two infected items- removed them and restarted my computer. Even after the restart I've been constantly getting those messages. Wondering if this is nothing or if it's something malicious that needs to be fixed. Thank you for any and all help!
  12. Hello, I have recently gotten alot of the notification "A potentially malicious site has been blocked", going to my protection log says the IP's are related to the program "PMB.EXE" (Pando Media Booster, installed by League of Legends) No program files related to Pando are changed (as far as I can tell), all scans show 0 results (all logs except Spybot S&D log included at bottom of post). The IP's are what i presume to be private. (one of them led me to a QNAP NAS web client logon screen) If PMB.EXE is closed : No notifications Software reinstall: Still notifications, no change Scans run: Flash scan, full scan (Both safemode and normal return 0 results) Keeping the software off and/or uninstall it completely is not an option, as I need it to play League of Legends, which I to be honest would not want to miss. --Ignore the Chrome.exe related things, they are just me trying to connect to the IP's-- Protection log: Full scan log Flash scan log
  13. Hello, I have recently ran Malwarebytes normally in Quick Scan and then waited a while and came across some kind of malicious software called Hijack.Homepage. So I've decided to remove it and then it told me to restart to remove it. So I did, and after my system restarted I wanted to make sure if it's gone so I scanned it again and then, the same software popped up. So I removed, restarted, scanned again and it's still there. So for a while I've did the same thing over and over again like a maniac and nothing really changed. I've also scanned with Norton 360 and then after the scan the Hijack.Homepage hasn't been detected. So I looked up some stuff about this Hijack.Homepage and found this: Home page or other settings change on your computer. Links are added that point to websites that you'd usually avoid. You can't navigate to certain web pages, such as antispyware and other security software sites. A seemingly endless barrage of ads pops up on your screen. New toolbars or Favorites are installed that give you icons and links to web pages that you don't want. Your computer runs sluggishly. Malicious software can slow down your computer. But none of these seems to be the problem in my browser. What could be wrong?
  14. I have recently had a website blocked due to its being "potentially malicious". The only program I had open was Google Chrome Browser. A little pop-up window in my system tray open up and listed the following IP addresses in 3 separate instances: 121.10.53.161 212.113.37.224 125.211.13.110 I'd like to find out what's going on so that I can fully remove any virus i may have that is causing my PC to ping malicious web sites. Please advise
  15. I want to report the toolbar called Sweetpacks. The website site is www.sweetim.sweetpacks.com .This toolbar is very difficult to remove and malwarebytes does not detect it.
  16. Hello Has any one noticed a huge rise recently in spam Emails being sent from hacked accounts with links to malicious sites? Nutloaf
  17. malicious website while trying to log into my ISP -- to check webmail -- developer scan zipped, pic. of warning + IP Qwest turned into http://www.mycenturylink.com/ a major U.S. outfit..... TIA.... protection-log-2013-04-15.zip
  18. Hey there, I recently noticed my ping times to local devices such as my router are above 1ms which is obviously not normal. I've finally narrowed it down to the Malicious Website Blocking module on MBAM. Here are my ping times with the module enabled: Reply from 192.168.1.1: bytes=32 time=3ms TTL=64 Reply from 192.168.1.1: bytes=32 time=4ms TTL=64 Reply from 192.168.1.1: bytes=32 time=4ms TTL=64 Reply from 192.168.1.1: bytes=32 time=3ms TTL=64Here are my ping times with the website blocking module disabled and just the file system protection enabled: Reply from 192.168.1.1: bytes=32 time<1ms TTL=64 Reply from 192.168.1.1: bytes=32 time<1ms TTL=64 Reply from 192.168.1.1: bytes=32 time<1ms TTL=64 Reply from 192.168.1.1: bytes=32 time<1ms TTL=64Is there any way I can fix this? Thank you in advance.
  19. Malwarebytes Quick Scan Log Malwarebytes Anti-Malware (PRO) 1.62.0.1300 www.malwarebytes.org Database version: v2013.01.22.03Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 HahaHeadshot :: HAHAHEADSHOT-PC [administrator] Protection: Enabled26-Jan-13 1:25:42 PM mbam-log-2013-01-26 (13-25-42).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 268774 Time elapsed: 5 minute(s), 51 second(s)Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected)Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected)Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected)Files Detected: 0 (No malicious items detected) (end) svchost.exe activities 2013/01/26 00:29:29 +0600 HAHAHEADSHOT-PC HahaHeadshot IP-BLOCK 58.240.223.154 (Type: incoming, Port: 1433, Process: svchost.exe) 2013/01/26 13:18:36 +0600 HAHAHEADSHOT-PC HahaHeadshot IP-BLOCK 178.152.0.236 (Type: incoming, Port: 20068, Process: svchost.exe) DDS log DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.4.1 Run by HahaHeadshot at 13:34:12 on 2013-01-26 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2040.679 [GMT 6:00] . AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D} FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe F:\Advanced SystemCare 6\ASCService.exe F:\COMODO\COMODO Internet Security\cmdagent.exe F:\SandBoxie FINAL\SbieSvc.exe F:\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\QUBEE WCM\GPCommonService.exe C:\Program Files\Hotspot Shield\bin\openvpnas.exe C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe C:\Program Files\Hotspot Shield\bin\hsswd.exe F:\Defraggg\oodag.exe C:\Windows\system32\vmnat.exe C:\Program Files\Wondershare\Wondershare Application Center\WACService.exe C:\Windows\system32\vmnetdhcp.exe F:\VMWARE INSTALLED\vmware-authd.exe C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE F:\Advanced SystemCare 6\Monitor.exe F:\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\KeyScrambler\KeyScrambler.exe F:\Avast\AvastUI.exe C:\Program Files\QUBEE WCM\QUBEE WCM.exe F:\Internet Download Manager\IDMan.exe C:\Users\HahaHeadshot\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe F:\SandBoxie FINAL\SbieCtrl.exe F:\Internet Download Manager\IEMonitor.exe C:\Program Files\QUBEE WCM\wimax\WmMMgr.exe C:\Windows\system32\conhost.exe C:\Windows\system32\SearchIndexer.exe F:\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamservice.exe C:\Users\HahaHeadshot\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\HahaHeadshot\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\HahaHeadshot\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\HahaHeadshot\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\HahaHeadshot\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\HahaHeadshot\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\HahaHeadshot\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\HahaHeadshot\AppData\Local\Google\Chrome\Application\chrome.exe F:\Acrobat\Acrobat\Acrobat.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe F:\Microsoft Office 2007\Office12\EXCEL.EXE C:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe H:\Desktop 29-12\ReverseTethering_2.30\AndroidTool.exe H:\Desktop 29-12\ReverseTethering_2.30\adb.exe C:\Users\HahaHeadshot\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Hotspot Shield\bin\openvpntray.exe C:\Windows\system32\taskhost.exe F:\VLC\vlc.exe C:\Users\HahaHeadshot\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\HahaHeadshot\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted . ============== Pseudo HJT Report =============== . uProxyServer = ftp=70.116.71.141:32420;http=180.234.110.74:8080;https=70.116.71.141:32420;socks=70.116.71.141:32420 uProxyOverride = <local> BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - f:\internet download manager\IDMIECC.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - f:\microsoft office 2007\office12\GrooveShellExtensions.dll BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - f:\avast\aswWebRepIE.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files\hotspot shield\hssie\HssIE.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - f:\avast\aswWebRepIE.dll uRun: [QUBEE WCM] "c:\program files\qubee wcm\QUBEE WCM.exe" minimized uRun: [IDMan] f:\internet download manager\IDMan.exe /onboot uRun: [Screenpresso] "c:\users\hahaheadshot\appdata\local\learnpulse\screenpresso\Screenpresso.exe" -startup uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED uRun: [SandboxieControl] f:\sandboxie final\sbiectrl.exe uRun: [Advanced SystemCare 6] "f:\advanced systemcare 6\ASCTray.exe" /AutoStart mRun: [Malwarebytes' Anti-Malware] "f:\malwarebytes' anti-malware\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [KeyScrambler] c:\program files\keyscrambler\keyscrambler.exe /a mRun: [avast] "f:\avast\avastUI.exe" /nogui mRun: [ShaPlus Bandwidth Meter] "c:\program files\shaplus bandwidth meter\ShaPlus Bandwidth Meter" /s dRun: [Advanced SystemCare 5] "f:\advanced systemcare 5\ASCTray.exe" /AutoStart StartupFolder: c:\users\hahahe~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\hahaheadshot\appdata\roaming\dropbox\bin\Dropbox.exe mPolicies-Explorer: NoDriveTypeAutoRun = dword:95 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: Customize Menu - f:\roboform\RoboFormComCustomizeIEMenu.html IE: Download all links with IDM - f:\internet download manager\IEGetAll.htm IE: Download with IDM - f:\internet download manager\IEExt.htm IE: E&xport to Microsoft Excel - f:\micros~1\office12\EXCEL.EXE/3000 IE: Fill Forms - f:\roboform\RoboFormComFillForms.html IE: RoboForm Toolbar - f:\roboform\RoboFormComShowToolbar.html IE: Save Forms - f:\roboform\RoboFormComSavePass.html IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - f:\microsoft office 2007\office12\ONBttnIE.dll IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} LSP: %windir%\system32\vsocklib.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab TCP: NameServer = 180.234.0.193 180.234.0.197 TCP: Interfaces\{3EEA6427-1FE0-40C9-A24E-B98783DB4F92} : DHCPNameServer = 180.234.0.193 180.234.0.197 TCP: Interfaces\{4D9B5384-F63E-43EB-81DF-79B7693D6D57} : DHCPNameServer = 180.234.0.193 180.234.0.197 TCP: Interfaces\{72B120FA-B5F8-476A-9969-EA92F2EDDB8B} : DHCPNameServer = 180.234.0.193 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - f:\microsoft office 2007\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll AppInit_DLLs= c:\windows\system32\guard32.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - f:\microsoft office 2007\office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\hahaheadshot\appdata\roaming\mozilla\firefox\profiles\n9ap4412.default\ FF - prefs.js: browser.startup.homepage - hxxp://us-mg4.mail.yahoo.com/neo/launch?.rand=8eg2sb9i2ju0a FF - component: c:\users\hahaheadshot\appdata\roaming\idm\idmmzcc5\components\idmmzcc.dll FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll FF - plugin: c:\users\hahaheadshot\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\users\hahaheadshot\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: f:\acrobat\acrobat\browser\nppdf32.dll FF - plugin: f:\java\bin\npjpi170_10.dll FF - ExtSQL: 2013-01-07 01:13; CookiesIE@yahoo.com; c:\users\hahaheadshot\appdata\roaming\mozilla\firefox\profiles\n9ap4412.default\extensions\CookiesIE@yahoo.com.xpi FF - ExtSQL: 2013-01-15 18:29; {ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}; c:\users\hahaheadshot\appdata\roaming\mozilla\firefox\profiles\n9ap4412.default\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}.xpi FF - ExtSQL: 2013-01-15 18:31; cookieimporter@krk; c:\users\hahaheadshot\appdata\roaming\mozilla\firefox\profiles\n9ap4412.default\extensions\cookieimporter@krk.xpi . ---- FIREFOX POLICIES ---- FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: browser.xul.error_pages.enabled - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.maxtextrun - 8191 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: dom.disable_window_status_change - true FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: content.max.tokenizing.time - 2250000 . ============= SERVICES / DRIVERS =============== . R0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-10-11 61296] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-31 738504] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-31 361032] R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2012-3-11 19600] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-3-11 491816] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2012-3-11 39640] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-6-9 242240] R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\drivers\hssdrv6.sys [2013-1-11 36040] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608] R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;f:\advanced systemcare 6\ASCService.exe [2013-1-18 1026432] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-31 21256] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-31 58680] R2 avast! Antivirus;avast! Antivirus;f:\avast\AvastSvc.exe [2012-11-1 44808] R2 GPCommonService;GPCommonService;c:\program files\qubee wcm\GPCommonService.exe [2012-8-5 90112] R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2013-1-11 533288] R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe [2013-1-11 389928] R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2012-8-24 97632] R2 MBAMService;MBAMService;f:\malwarebytes' anti-malware\malwarebytes' anti-malware\mbamservice.exe [2012-7-19 655944] R2 MTKWMPROT;MediaTek WiMAX Modem Protocol Driver;c:\windows\system32\drivers\mtkwmptv.sys [2012-8-2 15360] R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2012-4-19 5120] R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2012-8-1 719512] R2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi10-shared.sys [2011-7-12 22768] R2 WACService;WACService;c:\program files\wondershare\wondershare application center\WACService.exe [2012-12-7 103272] R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2012-6-7 173880] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-26 22344] R3 MT7118VU;MediaTek MT7118 WiMAX USB Card Driver for VISTA;c:\windows\system32\drivers\mt7118vu.sys [2012-4-12 131072] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776] R3 SbieDrv;SbieDrv;f:\sandboxie final\SbieDrv.sys [2010-7-4 119016] R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-7-1 34896] R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2013-1-11 37064] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 metasploitPostgreSQL;metasploitPostgreSQL;G:/MSF_IN~1/POSTGR~1/bin/pg_ctl.exe runservice -N "metasploitPostgreSQL" -D "G:/MSF_IN~1/POSTGR~1/data" --> G:/MSF_IN~1/POSTGR~1/bin/pg_ctl.exe runservice -N metasploitPostgreSQL [?] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944] S2 VMwareHostd;VMware Workstation Server;f:\vmware installed\vmware-hostd.exe [2012-8-15 15680000] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-9-19 83168] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-2-16 11520] . =============== Created Last 30 ================ . 2013-01-15 18:13:47 -------- d-----w- c:\users\hahaheadshot\appdata\local\Learnpulse 2013-01-15 17:35:24 -------- d-----w- c:\program files\WinHTTrack 2013-01-15 17:25:58 -------- d-----w- c:\program files\YPOPs 2013-01-15 17:25:57 -------- d-----w- c:\users\hahaheadshot\YPOPs 2013-01-14 17:58:58 -------- d-----w- c:\users\hahaheadshot\appdata\roaming\FFSJ 2013-01-14 17:53:19 794906 ----a-w- c:\windows\unins000.exe 2013-01-14 17:53:19 -------- d-----w- c:\windows\system32\FFSJ 2013-01-10 19:41:34 37064 ----a-w- c:\windows\system32\drivers\taphss6.sys 2013-01-10 19:27:44 36040 ----a-w- c:\windows\system32\drivers\hssdrv6.sys 2013-01-08 19:08:45 -------- d-----w- c:\users\hahaheadshot\appdata\roaming\DiskSpaceFan 2013-01-02 16:14:26 -------- d-----w- C:\emailextractor14 2013-01-01 05:14:28 -------- d-----w- c:\users\hahaheadshot\backup 2013-01-01 05:14:26 -------- d-----w- c:\users\hahaheadshot\download 2012-12-31 19:10:36 -------- d-----w- c:\program files\ShaPlus Bandwidth Meter . ==================== Find3M ==================== . 2013-01-13 16:54:39 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-13 16:54:39 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-22 09:39:34 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-12-22 09:39:34 859072 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-12-22 09:39:34 779704 ----a-w- c:\windows\system32\deployJava1.dll 2012-10-30 22:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-30 22:51:57 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-10-30 22:51:07 41224 ----a-w- c:\windows\avastSS.scr . ============= FINISH: 13:35:15.60 =============== DDS attach log: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 17-Apr-12 11:04:07 PM System Uptime: 26-Jan-13 12:52:36 AM (13 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | 945GCM-S2C Processor: Intel(R) Pentium(R) Dual CPU E2220 @ 2.40GHz | Socket 775 | 2400/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 20 GiB total, 2.534 GiB free. D: is FIXED (NTFS) - 49 GiB total, 32.757 GiB free. E: is FIXED (NTFS) - 98 GiB total, 13.522 GiB free. F: is FIXED (NTFS) - 98 GiB total, 28.721 GiB free. G: is FIXED (NTFS) - 49 GiB total, 29.206 GiB free. H: is FIXED (NTFS) - 49 GiB total, 10.655 GiB free. I: is FIXED (NTFS) - 104 GiB total, 38.785 GiB free. J: is CDROM () L: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft Teredo Tunneling Adapter Device ID: ROOT\*TEREDO\0000 Manufacturer: Microsoft Name: Teredo Tunneling Pseudo-Interface PNP Device ID: ROOT\*TEREDO\0000 Service: tunnel . ==== System Restore Points =================== . RP179: 25-Jan-13 10:40:11 AM - Scheduled Checkpoint . ==== Installed Programs ====================== . µTorrent 7-Zip 9.10 beta Adobe Acrobat 9 Pro - English, Français, Deutsch Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Media Player Adobe Shockwave Player 11.6 Advanced SystemCare 6 AI RoboForm (All Users) avast! Free Antivirus Camtasia Studio 7 Canon ScanGear Starter CanoScan Toolbox Ver4.9 CCleaner Clownfish for Skype CoffeeCup HTML Editor COMODO Internet Security DAEMON Tools Lite Disk Space Fan 4 (4.1.1.79) Dropbox Email Extractor 14 1.0 ESET Online Scanner v3 F.lux File Shredder 2.5 File Splitter and Joiner (FFSJ v3.3) Google Chrome Google Drive Google Update Helper Gyazo 1.0 Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708) Hotspot Shield 2.83 Internet Download Manager Java 7 Update 10 Java Auto Updater Java(TM) 6 Update 32 JavaFX 2.1.0 KeyScrambler LAME v3.99.3 (for Windows) Maintenance Samsung ML-1660 Series Malwarebytes Anti-Malware version 1.62.0.1300 Manual CanoScan LiDE 25 Metasploit Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft SQL Server 2008 Management Objects Microsoft SQL Server Compact 3.5 SP1 Design Tools English Microsoft SQL Server Compact 3.5 SP1 English Microsoft Visual Basic 2008 Express Edition with SP1 - ENU Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Movie Studio Platinum 12.0 Mozilla Firefox (3.6) Mozilla Maintenance Service MSVCRT Redists O&O Defrag Professional OpenVPN 2.2.2 Palringo Python 2.7.3 QUBEE WiMAX Connection Manager Recuva Sandboxie 3.46 ScanSoft OmniPage SE 4.0 Screenpresso SES Driver ShaPlus Bandwidth Meter 1.3.1 SIW version 2011.10.29 Skype™ 5.10 Spotflux SQL Server System CLR Types StreamTransport version: 1.0.2.2171 Stronghold 2 SUPERAntiSpyware swMSM tools-freebsd tools-linux tools-netware tools-solaris tools-windows tools-winPre2k Total Video Converter 3.71 100812 TrueCrypt Unity Web Player VLC media player 1.1.10 VMware Workstation WinHTTrack Website Copier 3.46-1 WinPcap 4.1.2 WinRAR 4.00 (32-bit) Wireshark 1.8.4 (32-bit) Wondershare Application Center 1.0.0.58 Wondershare MobileGo for Android ( Version 2.1.5 ) YPOPs! 0.9.7.3 . ==== Event Viewer Messages From Past Week ======== . 25-Jan-13 10:02:44 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 25-Jan-13 10:02:44 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-2147218173. 25-Jan-13 10:01:50 AM, Error: Service Control Manager [7024] - The VMware Workstation Server service terminated with service-specific error %%-1. 25-Jan-13 10:01:37 AM, Error: Service Control Manager [7000] - The metasploitPostgreSQL service failed to start due to the following error: The system cannot find the file specified. 25-Jan-13 10:01:36 AM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified. 24-Jan-13 2:27:29 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. . ==== End Of File =========================== PC does slow down at times for no reason. Do let me know if there's anything else I need to do. Thank you so much for your help (: P.S. I can't do anything that MIGHT make my pc crash, say run combofix or anything. I can't risk it. I have very important files on board and there's no place for me to take a backup. Hope you understand. Cheers.
  20. Not sure why it wont let me enable it . I can enable file system protection but not suspicious website blocking. I attached all the files like I saw in other threads. Thanks for all the support guys! CheckResults.txt dds.txt attach.txt
  21. I recently ran a quick scan on Malwarebytes Antimalware and it detected 4 malicious software. It asked me if I wanted to delete it, and I canceled it because I wanted to delete it in the full scan I was about run. But, I ran a quick scan a second time and it found no malicious software, even though I did not delete them the first time. What happened to them? I want to delete these files but they went undetected. I even restarted my computer and reinstalled Malwarebytes Antimalware, but still nothing was detected in the quick scan.
  22. Someone recently opened up the Fedex email scam link on my PC and I ran MBAM and it found Trojan.Fasagent, Pum.Hijack.Startmenu and Bloodhound.Mpalpe on my PC and it removed them. But now every 5-10 minutes MBAM pops up a warning that it "successfully blocked access to a potentially malicious website 206.161.121.6 Type:outgoing and I am concerned there is still some issues with the PC other than the fact that the shortcuts to most of my programs say empty when I go to start programs. Am I still infected and how do I correct it. I have attached a dds.txt and attach.txt file as requested.attach.txtdds.txt
  23. nk1993

    HELP!

    Hi!These are the IP's that Malware keeps stating it is blocking: 206.161.121.6 78.41.203.118 208.76.54.215 64.34.127.185
  24. Someone recently opened a link on a Fedex email that then infected my PC with Tojan.Fasagent and Pum.Hijack.Start Menu and Bloddhoun.Malpe that were found and removed by Mbam. These trojans the hid all my files and start menus and I have slowly been rebuilding the links and unhiding things and the system is almost normal but I think there is still something hidden that I can't find and remove. Mbam keeps warning me every 5 - 10 minutes that it has successfully blocked access to a potentially malicious website 201.161.121.6. Type:Outgoing. Can anyone suggest how I can find what's causing this and get rid of it? Thanks
  25. Merged 3 post I have attached the two files that I was told to attach. Thanks in advance for your help! This is urgent, so I'm hoping someone can help me get rid of this virus. Thanks! Trying to bring this to the top of the list. dds.txt attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.