Jump to content

Recommended Posts

Hi,

I'm having messages saying

Malawarebytes successfully blocked access to a malicious software

website: (numbers)

Type outgoing

Port: (number)

Process: utorrent.exe

I don't get anything from a Malaware Quickscan. I removed utorrent and reinstalled it. Now I've got the same message with Process: firefox.exe instead.

As advised I've ran dds.com.

Below is the DDS.txt first followed by the Attach.txt log.

Thanks very much for your help.

Laurent

DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by laurent_guerguy at 18:53:31 on 2012-09-21

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3062.1346 [GMT 2:00]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe

C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

C:\Windows\system32\IoctlSvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\DllHost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Windows\notepad.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/webhp?sourceid=navclient&ie=UTF-8

uSearch Bar = Preserve

mDefault_Page_URL = hxxp://www.medion.com/

uInternet Settings,ProxyOverride = *.local;<local>

uInternet Settings,ProxyServer = 178.33.177.8:3128

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

uURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll

mURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.8.0.14\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.8.0.14\ips\IPSBHO.DLL

BHO: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.8.0.14\coIEPlg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll

TB: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File

EB: &Rechercher: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; SRS_IT_E879027EB57659533FAC95; .NET4.0C; InfoPath.1)" -"http://www.expoenvironment.com/virtualexpo/ver_stand_3d.php?id=175"

dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uPolicies-explorer: NoInstrumentation = 1

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.co...72741-17534-1/4

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/maconfig/MaConfig_3_5_3_0.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP1-13926/event/ieatgpc1.cab

DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://upexe.pplive.com/config/pplite/pluginsetup.cab

TCP: DhcpNameServer = 62.81.29.254 62.81.16.213

TCP: Interfaces\{0093ACE2-3565-4894-88D4-8719BE181AEB} : DhcpNameServer = 212.54.40.25 212.54.35.25

TCP: Interfaces\{DBFFAEAD-0A3D-4AB0-A57D-3CB60905A9CB} : DhcpNameServer = 62.81.29.254 62.81.16.213

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\laurent_guerguy\appdata\roaming\mozilla\firefox\profiles\7ju62xd4.default\

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\tvuplayer\npTVUAx.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\laurent_guerguy\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\users\laurent_guerguy\appdata\roaming\mozilla\firefox\profiles\7ju62xd4.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\plugins\np-mswmp.dll

FF - plugin: c:\users\laurent_guerguy\appdata\roaming\mozilla\plugins\npicaN.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_278.dll

.

============= SERVICES / DRIVERS ===============

.

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-9-7 65848]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1308000.00e\symds.sys [2012-8-19 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1308000.00e\symefa.sys [2012-8-19 924320]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\bashdefs\20120919.001\BHDrvx86.sys [2012-9-20 995488]

R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1308000.00e\ccsetx86.sys [2012-8-19 132768]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\ipsdefs\20120920.002\IDSvix86.sys [2012-9-21 386720]

R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-2-26 390528]

R1 RapportCerberus_42020;RapportCerberus_42020;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_42020.sys [2012-8-7 228376]

R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-9-7 71480]

R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-9-7 166840]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1308000.00e\ironx86.sys [2012-8-19 149624]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1308000.00e\symtdiv.sys [2012-8-19 345208]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-7-6 116608]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-15 399432]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-15 676936]

R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.8.0.14\ccsvchst.exe [2012-8-19 138272]

R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2012-2-16 793048]

R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-9-7 976728]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-19 106656]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-15 22856]

R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28.sys [2009-1-19 517120]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-9 135664]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-11 250288]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-9 135664]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-9-23 238960]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-11 113120]

S3 WisLMSvc;WisLMSvc;c:\program files\launch manager\WisLMSvc.exe [2009-5-20 113152]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== File Associations ===============

.

.scr=AutoCADScriptFile

.

=============== Created Last 30 ================

.

2012-09-21 15:43:40 -------- d-----w- c:\program files\uTorrentControl_v2

2012-09-21 15:43:09 -------- d-----w- c:\program files\uTorrent

2012-09-15 14:42:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-15 14:42:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-09-12 20:42:21 -------- d-----w- c:\users\laurent_guerguy\appdata\local\ElevatedDiagnostics

2012-09-07 09:07:30 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

.

==================== Find3M ====================

.

2012-09-20 21:57:20 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-20 21:57:20 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-06 02:17:57 574112 ----a-w- c:\windows\system32\drivers\nis\1308000.00e\srtsp.sys

2012-07-06 02:17:57 32928 ----a-w- c:\windows\system32\drivers\nis\1308000.00e\srtspx.sys

2012-07-04 14:02:46 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb

.

============= FINISH: 18:55:32.08 ===============

And the Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 10/08/2009 17:55:55

System Uptime: 21/09/2012 18:01:57 (0 hours ago)

.

Motherboard: MEDION | | E5211

Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz | U2E1 | 2000/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 279 GiB total, 157.984 GiB free.

D: is FIXED (FAT32) - 20 GiB total, 13.191 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP630: 07/08/2012 07:22:27 - Installed Rapport

RP631: 08/08/2012 18:29:21 - Scheduled Checkpoint

RP632: 20/08/2012 01:18:48 - Windows Update

RP634: 27/08/2012 19:13:19 - Installed Rapport

RP636: 12/09/2012 19:21:54 - Installed Rapport

RP637: 12/09/2012 22:18:37 - Windows Update

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.2

Adobe Shockwave Player 11

Andica Self Assessment Personal 2011

Apple Application Support

Apple Mobile Device Support

Apple Software Update

µTorrent

Auslogics Registry Cleaner

AutoCAD 2008 - Español

Autodesk DWF Viewer 7

Azurewave Wireless LAN

Bonjour

CALENER-GT

Cisco WebEx Meetings

Citrix XenApp Web Plugin

Combined Community Codec Pack 2009-09-09

Compatibility Pack for the 2007 Office system

DivX Setup

ffdshow [rev 610] [2006-12-01]

Google Chrome

Google SketchUp 7

Google Toolbar for Internet Explorer

Google Update Helper

Google Updater

Haali Media Splitter

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Inkscape 0.48.2

Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

Intel® TV Wizard

iTunes

Java™ 6 Update 13

Junk Mail filter update

Launch Manager V1.5.0.2

LIDER

Logitech Legacy USB Camera Driver Package

Logitech Print Service

Logitech Vid

Logitech Webcam Software

Logitech Webcam Software Driver Package

Ma-Config.com

Malwarebytes Anti-Malware version 1.65.0.1400

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office File Validation Add-In

Microsoft Office Professional Edition 2003

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Move Networks Media Player for Internet Explorer

Mozilla Firefox 13.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MWSnap 3

Nero 8 Essentials

neroxml

Norton Bootable Recovery Tool Wizard

Norton Internet Security

Notepad++

PC Tools Registry Mechanic 11.0

PPLite 1.0.0.6

PVSOL Expert 4.0

QuickTime

Rapport

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Skype Click to Call

Skype™ 5.10

Sothink FLV Player

Spelling Dictionaries Support For Adobe Reader 9

Spotify

Synaptics Pointing Device Driver

System Requirements Lab for Intel

TVUPlayer 2.5.3.1

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

uTorrentControl_v2 Toolbar

Valentin Meteo Data 1.0.26

VBA (2627.01)

VBA (2627.4)

VC80CRTRedist - 8.0.50727.6195

VCRedistSetup

Veetle TV 0.9.18

VLC media player 1.0.1

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

WinRAR archiver

Xvid 1.2.1 final uninstall

.

==== Event Viewer Messages From Past Week ========

.

21/09/2012 18:04:50, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASKUTIL

21/09/2012 18:04:50, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

21/09/2012 18:04:50, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

21/09/2012 17:46:24, Error: Ntfs [137] - The default transaction resource manager on volume F: encountered a non-retryable error and could not start. The data contains the error code.

21/09/2012 15:08:27, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

20/09/2012 19:08:26, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Software Updater service to connect.

20/09/2012 19:08:26, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

17/09/2012 21:12:38, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.

.

==== End Of File ===========================

Link to post
Share on other sites

Hello Laurent and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

website: (numbers)

Please give me these numbers.

Step 1

Please uninstall the following applications:

µTorrent

uTorrentControl_v2 Toolbar

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Please download AdwCleaner from here and save it on your Desktop.

  1. Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Step 4

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • AdwCleaner log
  • aswMBR log

Link to post
Share on other sites

Hi.

Thanks for your help.

The numbers for website are: 91.224.160.192

The log from the Malawarebytes quickscan is:

Malwarebytes Anti-Malware (Trial) 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.22.05

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

laurent_guerguy :: OFFICE-PC [administrator]

Protection: Enabled

22/09/2012 18:09:01

mbam-log-2012-09-22 (18-09-01).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 228103

Time elapsed: 11 minute(s), 32 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

The log from AdwCleaner is:

# AdwCleaner v2.002 - Logfile created 09/22/2012 at 18:31:03

# Updated 16/09/2012 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)

# User : laurent_guerguy - OFFICE-PC

# Boot Mode : Normal

# Running from : C:\Users\laurent_guerguy\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files\Conduit

Folder Found : C:\ProgramData\boost_interprocess

Folder Found : C:\Users\LAUREN~1\AppData\Local\Temp\CT3220468

Folder Found : C:\Users\laurent_guerguy\AppData\Local\Conduit

Folder Found : C:\Users\laurent_guerguy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Folder Found : C:\Users\laurent_guerguy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc

Folder Found : C:\Users\laurent_guerguy\AppData\LocalLow\boost_interprocess

Folder Found : C:\Users\laurent_guerguy\AppData\LocalLow\Conduit

Folder Found : C:\Users\laurent_guerguy\AppData\LocalLow\ShoppingReport2

Folder Found : C:\Users\laurent_guerguy\AppData\Roaming\Mozilla\Firefox\Profiles\7ju62xd4.default\CT3220468

Folder Found : C:\Users\laurent_guerguy\AppData\Roaming\Mozilla\Firefox\Profiles\7ju62xd4.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}

Folder Found : C:\Users\laurent_guerguy\AppData\Roaming\Mozilla\Firefox\Profiles\7ju62xd4.default\Smartbar

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\ShoppingReport2

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Key Found : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QuestDns

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QuestScan

Key Found : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3220468

Key Found : HKLM\Software\Conduit

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (en-US)

Profile name : default

File : C:\Users\laurent_guerguy\AppData\Roaming\Mozilla\Firefox\Profiles\7ju62xd4.default\prefs.js

Found : user_pref("CT3220468.BT_Stats", "{\"last_log\":1348242902,\"uuid\":250454358870936,\"seq_id\":1,\"ss[...]

Found : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Found : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Found : user_pref("CT3220468.FirstTime", "true");

Found : user_pref("CT3220468.FirstTimeFF3", "true");

Found : user_pref("CT3220468.UserID", "UN71476230731072687");

Found : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");

Found : user_pref("CT3220468.autoDisableScopes", -1);

Found : user_pref("CT3220468.cbcountry_001", "ES");

Found : user_pref("CT3220468.cbfirsttime", "Fri Sep 21 2012 17:55:02 GMT+0200");

Found : user_pref("CT3220468.defaultSearch", "FALSE");

Found : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"cross[...]

Found : user_pref("CT3220468.enableAlerts", "always");

Found : user_pref("CT3220468.enableSearchFromAddressBar", "FALSE");

Found : user_pref("CT3220468.firstTimeDialogOpened", "true");

Found : user_pref("CT3220468.fixPageNotFoundError", "true");

Found : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");

Found : user_pref("CT3220468.fixUrls", true);

Found : user_pref("CT3220468.installId", "fftD26F.tmp.exe");

Found : user_pref("CT3220468.installType", "XPE");

Found : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Found : user_pref("CT3220468.isNewTabEnabled", true);

Found : user_pref("CT3220468.isPerformedSmartBarTransition", "true");

Found : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Found : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Found : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"Malawarebytes successfully block[...]

Found : user_pref("CT3220468.openThankYouPage", "true");

Found : user_pref("CT3220468.openUninstallPage", "FALSE");

Found : user_pref("CT3220468.search.searchAppId", "129813684258939747");

Found : user_pref("CT3220468.search.searchCount", "0");

Found : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");

Found : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Found : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Found : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"3\[...]

Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Found : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]

Found : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1348242898702");

Found : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1348242898575");

Found : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1348242899459");

Found : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1348242899746");

Found : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1348242899563");

Found : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1348242897896");

Found : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1348242897663");

Found : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1348242899402");

Found : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1348242897804");

Found : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1348242898503");

Found : user_pref("CT3220468.settingsINI", true);

Found : user_pref("CT3220468.shouldFirstTimeDialog", "false");

Found : user_pref("CT3220468.smartbar.CTID", "CT3220468");

Found : user_pref("CT3220468.smartbar.Uninstall", "0");

Found : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");

Found : user_pref("CT3220468.toolbarBornServerTime", "21-9-2012");

Found : user_pref("CT3220468.toolbarCurrentServerTime", "21-9-2012");

Found : user_pref("CT3220468.url_history0001", "hxxp://forums.malwarebytes.org/index.php?s=f9a2c99391eaab07c[...]

-\\ Google Chrome v11.0.696.60

File : C:\Users\laurent_guerguy\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [7683 octets] - [22/09/2012 18:31:03]

########## EOF - C:\AdwCleaner[R1].txt - [7743 octets] ##########

And the aswMBR log is:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-09-22 18:35:31

-----------------------------

18:35:31.434 OS Version: Windows 6.0.6002 Service Pack 2

18:35:31.434 Number of processors: 2 586 0x170A

18:35:31.449 ComputerName: OFFICE-PC UserName:

18:35:33.883 Initialize success

18:36:08.225 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

18:36:08.241 Disk 0 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3

18:36:08.241 Disk 0 MBR read successfully

18:36:08.241 Disk 0 MBR scan

18:36:08.257 Disk 0 Windows VISTA default MBR code

18:36:08.257 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 285245 MB offset 2048

18:36:08.288 Disk 0 Partition 2 00 0C FAT32 LBA MSWIN4.1 19998 MB offset 584183808

18:36:08.303 Disk 0 scanning sectors +625139712

18:36:08.350 Disk 0 scanning C:\Windows\system32\drivers

18:36:16.135 Service scanning

18:36:41.765 Modules scanning

18:37:11.249 Disk 0 trace - called modules:

18:37:11.281 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys

18:37:11.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b261ac8]

18:37:11.281 3 CLASSPNP.SYS[8f7b88b3] -> nt!IofCallDriver -> [0x8a129860]

18:37:11.296 5 acpi.sys[8eca06bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a12f030]

18:37:11.296 Scan finished successfully

18:38:11.933 Disk 0 MBR has been saved successfully to "C:\Users\laurent_guerguy\Desktop\MBR.dat"

18:38:11.949 The log file has been saved successfully to "C:\Users\laurent_guerguy\Desktop\aswMBR.txt"

Thanks again.

Cheers,

Laurent

Link to post
Share on other sites

Step 1

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Step 2

Note: Please do not run this tool without special supervision and instruction of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

In your next reply, post the following log files:

  • AdwCleaner log
  • ComboFix log

Link to post
Share on other sites

Hello,

The AdwCleaner log is:

# AdwCleaner v2.002 - Logfile created 09/23/2012 at 19:45:19

# Updated 16/09/2012 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)

# User : laurent_guerguy - OFFICE-PC

# Boot Mode : Normal

# Running from : C:\Users\laurent_guerguy\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\Users\LAUREN~1\AppData\Local\Temp\CT3220468

Folder Deleted : C:\Users\laurent_guerguy\AppData\Local\Conduit

Folder Deleted : C:\Users\laurent_guerguy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Folder Deleted : C:\Users\laurent_guerguy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc

Folder Deleted : C:\Users\laurent_guerguy\AppData\LocalLow\boost_interprocess

Folder Deleted : C:\Users\laurent_guerguy\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\laurent_guerguy\AppData\LocalLow\ShoppingReport2

Folder Deleted : C:\Users\laurent_guerguy\AppData\Roaming\Mozilla\Firefox\Profiles\7ju62xd4.default\CT3220468

Folder Deleted : C:\Users\laurent_guerguy\AppData\Roaming\Mozilla\Firefox\Profiles\7ju62xd4.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}

Folder Deleted : C:\Users\laurent_guerguy\AppData\Roaming\Mozilla\Firefox\Profiles\7ju62xd4.default\Smartbar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\ShoppingReport2

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Key Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QuestDns

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QuestScan

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v13.0.1 (en-US)

Profile name : default

File : C:\Users\laurent_guerguy\AppData\Roaming\Mozilla\Firefox\Profiles\7ju62xd4.default\prefs.js

Deleted : user_pref("CT3220468.BT_Stats", "{\"last_log\":1348242902,\"uuid\":250454358870936,\"seq_id\":1,\"ss[...]

Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Deleted : user_pref("CT3220468.FirstTime", "true");

Deleted : user_pref("CT3220468.FirstTimeFF3", "true");

Deleted : user_pref("CT3220468.UserID", "UN71476230731072687");

Deleted : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");

Deleted : user_pref("CT3220468.autoDisableScopes", -1);

Deleted : user_pref("CT3220468.cbcountry_001", "ES");

Deleted : user_pref("CT3220468.cbfirsttime", "Fri Sep 21 2012 17:55:02 GMT+0200");

Deleted : user_pref("CT3220468.defaultSearch", "FALSE");

Deleted : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"cross[...]

Deleted : user_pref("CT3220468.enableAlerts", "always");

Deleted : user_pref("CT3220468.enableSearchFromAddressBar", "FALSE");

Deleted : user_pref("CT3220468.firstTimeDialogOpened", "true");

Deleted : user_pref("CT3220468.fixPageNotFoundError", "true");

Deleted : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");

Deleted : user_pref("CT3220468.fixUrls", true);

Deleted : user_pref("CT3220468.installId", "fftD26F.tmp.exe");

Deleted : user_pref("CT3220468.installType", "XPE");

Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3220468.isNewTabEnabled", true);

Deleted : user_pref("CT3220468.isPerformedSmartBarTransition", "true");

Deleted : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Deleted : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Deleted : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"Malawarebytes successfully block[...]

Deleted : user_pref("CT3220468.openThankYouPage", "true");

Deleted : user_pref("CT3220468.openUninstallPage", "FALSE");

Deleted : user_pref("CT3220468.search.searchAppId", "129813684258939747");

Deleted : user_pref("CT3220468.search.searchCount", "0");

Deleted : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");

Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Deleted : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"3\[...]

Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Deleted : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]

Deleted : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1348242898702");

Deleted : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1348242898575");

Deleted : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1348242899459");

Deleted : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1348242899746");

Deleted : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1348242899563");

Deleted : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1348242897896");

Deleted : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1348242897663");

Deleted : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1348242899402");

Deleted : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1348242897804");

Deleted : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1348242898503");

Deleted : user_pref("CT3220468.settingsINI", true);

Deleted : user_pref("CT3220468.shouldFirstTimeDialog", "false");

Deleted : user_pref("CT3220468.smartbar.CTID", "CT3220468");

Deleted : user_pref("CT3220468.smartbar.Uninstall", "0");

Deleted : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");

Deleted : user_pref("CT3220468.toolbarBornServerTime", "21-9-2012");

Deleted : user_pref("CT3220468.toolbarCurrentServerTime", "21-9-2012");

Deleted : user_pref("CT3220468.url_history0001", "hxxp://forums.malwarebytes.org/index.php?s=f9a2c99391eaab07c[...]

-\\ Google Chrome v11.0.696.60

File : C:\Users\laurent_guerguy\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [7812 octets] - [22/09/2012 18:31:03]

AdwCleaner[R2].txt - [7872 octets] - [23/09/2012 19:43:56]

AdwCleaner[s1].txt - [8388 octets] - [23/09/2012 19:45:19]

########## EOF - C:\AdwCleaner[s1].txt - [8448 octets] ##########

The ComboFix log is:

ComboFix 12-09-23.02 - laurent_guerguy 23/09/2012 20:23:41.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3062.1602 [GMT 2:00]

Running from: c:\users\laurent_guerguy\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\laurent_guerguy\Desktop\Documents\~WRL3502.tmp

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-08-23 to 2012-09-23 )))))))))))))))))))))))))))))))

.

.

2012-09-23 18:39 . 2012-09-23 18:44 -------- d-----w- c:\users\laurent_guerguy\AppData\Local\temp

2012-09-15 14:42 . 2012-09-15 14:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-09-15 14:42 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-12 20:42 . 2012-09-12 20:42 -------- d-----w- c:\users\laurent_guerguy\AppData\Local\ElevatedDiagnostics

2012-09-07 09:07 . 2012-09-07 09:07 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-20 21:57 . 2012-04-11 07:01 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-09-20 21:57 . 2011-05-18 17:56 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-06 02:17 . 2012-08-19 20:50 32928 ----a-w- c:\windows\system32\drivers\NIS\1308000.00E\srtspx.sys

2012-07-06 02:17 . 2012-08-19 20:50 574112 ----a-w- c:\windows\system32\drivers\NIS\1308000.00E\srtsp.sys

2012-07-04 14:02 . 2012-08-19 23:24 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-06-19 17:55 . 2012-06-11 21:04 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-10 39408]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-07-11 19:00 919008 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-07-31 11:20 38872 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyApp]

2009-04-10 15:46 191488 ----a-w- c:\program files\Launch Manager\HotkeyApp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2009-03-05 10:06 173592 ----a-w- c:\windows\System32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

2007-03-21 12:00 174872 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2009-03-05 10:06 141848 ----a-w- c:\windows\System32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-04-14 09:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD]

2006-08-29 08:26 241664 ----a-w- c:\program files\Launch Manager\OSDCtrl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrVolOSD]

2006-12-26 10:23 180224 ----a-w- c:\program files\Launch Manager\OSD.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2009-03-05 10:06 150552 ----a-w- c:\windows\System32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 15:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2007-07-06 09:06 4669440 ----a-w- c:\windows\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]

2007-06-15 14:45 1826816 ----a-w- c:\windows\SkyTel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSDMonitor]

2012-01-04 21:24 103896 ----a-w- c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2008-05-08 18:37 1111336 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 21:57]

.

2012-09-08 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-10 17:52]

.

2012-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 01:15]

.

2012-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 01:15]

.

2012-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2549468108-1473318864-4274882289-1000Core.job

- c:\users\laurent_guerguy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-17 10:38]

.

2012-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2549468108-1473318864-4274882289-1000UA.job

- c:\users\laurent_guerguy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-17 10:38]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/webhp?sourceid=navclient&ie=UTF-8

uInternet Settings,ProxyOverride = *.local;<local>

uInternet Settings,ProxyServer = 178.33.177.8:3128

IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4

TCP: DhcpNameServer = 62.81.29.254 62.81.16.213

DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://upexe.pplive.com/config/pplite/pluginsetup.cab

FF - ProfilePath - c:\users\laurent_guerguy\AppData\Roaming\Mozilla\Firefox\Profiles\7ju62xd4.default\

.

.

------- File Associations -------

.

.scr=AutoCADScriptFile

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)

URLSearchHooks-{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)

WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)

WebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file)

HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-09-23 20:44

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.8.0.14\diMaster.dll\" /prefetch:1"

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe

c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\program files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe

c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe

c:\windows\system32\IoctlSvc.exe

c:\program files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\system32\vssvc.exe

c:\users\laurent_guerguy\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe

.

**************************************************************************

.

Completion time: 2012-09-23 20:53:33 - machine was rebooted

ComboFix-quarantined-files.txt 2012-09-23 18:53

.

Pre-Run: 170,455,408,640 bytes free

Post-Run: 170,236,039,168 bytes free

.

- - End Of File - - 9A3471770ECCD042F55A6D59A15598FA

Thank you.

Cheers,

Laurent

Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Hi,

It seems the Malaware alerts appear much less often. I got three tonight with (I put the log from Malawarebytes below) and they seem to come when i get to some specific websites.

I've noticed it happens the first time I get to these websites but not when I return to them during the same session.

But it seems if I put my computer on sleep then log back in and go back to the site the alert comes again.

Here is the protection log from Malaware for today:

2012/09/25 07:47:49 +0200 OFFICE-PC laurent_guerguy MESSAGE Starting protection

2012/09/25 07:47:49 +0200 OFFICE-PC laurent_guerguy MESSAGE Protection started successfully

2012/09/25 07:47:50 +0200 OFFICE-PC laurent_guerguy MESSAGE Starting IP protection

2012/09/25 07:47:54 +0200 OFFICE-PC laurent_guerguy MESSAGE IP Protection started successfully

2012/09/25 18:38:02 +0200 OFFICE-PC (null) MESSAGE Executing scheduled update: Daily

2012/09/25 18:38:16 +0200 OFFICE-PC (null) MESSAGE Scheduled update executed successfully: database updated from version v2012.09.22.05 to version v2012.09.25.09

2012/09/25 18:38:49 +0200 OFFICE-PC laurent_guerguy MESSAGE Starting protection

2012/09/25 18:38:49 +0200 OFFICE-PC laurent_guerguy MESSAGE Protection started successfully

2012/09/25 18:38:49 +0200 OFFICE-PC laurent_guerguy MESSAGE Starting IP protection

2012/09/25 18:38:53 +0200 OFFICE-PC laurent_guerguy MESSAGE IP Protection started successfully

2012/09/25 18:38:55 +0200 OFFICE-PC laurent_guerguy MESSAGE Starting database refresh

2012/09/25 18:38:55 +0200 OFFICE-PC laurent_guerguy MESSAGE Stopping IP protection

2012/09/25 18:38:55 +0200 OFFICE-PC laurent_guerguy MESSAGE IP Protection stopped successfully

2012/09/25 18:38:59 +0200 OFFICE-PC laurent_guerguy MESSAGE Database refreshed successfully

2012/09/25 18:38:59 +0200 OFFICE-PC laurent_guerguy MESSAGE Starting IP protection

2012/09/25 18:39:03 +0200 OFFICE-PC laurent_guerguy MESSAGE IP Protection started successfully

2012/09/25 18:47:10 +0200 OFFICE-PC laurent_guerguy IP-BLOCK 193.105.134.194 (Type: outgoing, Port: 49325, Process: iexplore.exe)

2012/09/25 18:47:11 +0200 OFFICE-PC laurent_guerguy IP-BLOCK 195.3.147.99 (Type: outgoing, Port: 49326, Process: iexplore.exe)

2012/09/25 18:47:11 +0200 OFFICE-PC laurent_guerguy IP-BLOCK 193.105.134.194 (Type: outgoing, Port: 49330, Process: iexplore.exe)

2012/09/25 18:47:11 +0200 OFFICE-PC laurent_guerguy IP-BLOCK 193.105.134.194 (Type: outgoing, Port: 49333, Process: iexplore.exe)

2012/09/25 18:47:11 +0200 OFFICE-PC laurent_guerguy IP-BLOCK 195.3.147.99 (Type: outgoing, Port: 49335, Process: iexplore.exe)

2012/09/25 18:47:11 +0200 OFFICE-PC laurent_guerguy IP-BLOCK 195.3.147.99 (Type: outgoing, Port: 49336, Process: iexplore.exe)

2012/09/25 18:47:11 +0200 OFFICE-PC laurent_guerguy IP-BLOCK 193.105.134.194 (Type: outgoing, Port: 49343, Process: iexplore.exe)

2012/09/25 18:47:11 +0200 OFFICE-PC laurent_guerguy IP-BLOCK 195.3.147.99 (Type: outgoing, Port: 49345, Process: iexplore.exe)

2012/09/25 18:47:19 +0200 OFFICE-PC laurent_guerguy IP-BLOCK 193.105.134.194 (Type: outgoing, Port: 49367, Process: iexplore.exe)

2012/09/25 18:47:19 +0200 OFFICE-PC laurent_guerguy IP-BLOCK 195.3.147.99 (Type: outgoing, Port: 49369, Process: iexplore.exe)

2012/09/25 18:47:19 +0200 OFFICE-PC laurent_guerguy IP-BLOCK 195.3.147.99 (Type: outgoing, Port: 49370, Process: iexplore.exe)

2012/09/25 21:37:48 +0200 OFFICE-PC laurent_guerguy IP-BLOCK 193.105.134.194 (Type: outgoing, Port: 50942, Process: iexplore.exe)

2012/09/25 21:37:48 +0200 OFFICE-PC laurent_guerguy IP-BLOCK 195.3.147.99 (Type: outgoing, Port: 50944, Process: iexplore.exe)

2012/09/25 21:37:48 +0200 OFFICE-PC laurent_guerguy IP-BLOCK 193.105.134.194 (Type: outgoing, Port: 50948, Process: iexplore.exe)

2012/09/25 21:37:48 +0200 OFFICE-PC laurent_guerguy IP-BLOCK 193.105.134.194 (Type: outgoing, Port: 50949, Process: iexplore.exe)

2012/09/25 21:37:48 +0200 OFFICE-PC laurent_guerguy IP-BLOCK 195.3.147.99 (Type: outgoing, Port: 50950, Process: iexplore.exe)

2012/09/25 21:37:48 +0200 OFFICE-PC laurent_guerguy IP-BLOCK 193.105.134.194 (Type: outgoing, Port: 50957, Process: iexplore.exe)

2012/09/25 21:37:48 +0200 OFFICE-PC laurent_guerguy IP-BLOCK 195.3.147.99 (Type: outgoing, Port: 50959, Process: iexplore.exe)

2012/09/25 21:39:09 +0200 OFFICE-PC laurent_guerguy IP-BLOCK 88.208.33.4 (Type: outgoing, Port: 51026, Process: iexplore.exe)

2012/09/25 21:39:09 +0200 OFFICE-PC laurent_guerguy IP-BLOCK 88.208.33.4 (Type: outgoing, Port: 51027, Process: iexplore.exe)

2012/09/25 21:40:05 +0200 OFFICE-PC laurent_guerguy IP-BLOCK 88.208.33.4 (Type: outgoing, Port: 51327, Process: iexplore.exe)

2012/09/25 21:40:05 +0200 OFFICE-PC laurent_guerguy IP-BLOCK 88.208.33.4 (Type: outgoing, Port: 51330, Process: iexplore.exe)

2012/09/25 21:40:05 +0200 OFFICE-PC laurent_guerguy IP-BLOCK 88.208.33.4 (Type: outgoing, Port: 51333, Process: iexplore.exe)

Thanks,

Laurent

Link to post
Share on other sites

Hi,

The website was a torrent download website:

http://kat.ph/the-football-league-show-01-09-2012-t6625777.html

It seems I get the alert the first time I get on it but not when I go back to the site (in the same session).

Below is the log DDS.txt:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by laurent_guerguy at 20:55:29 on 2012-09-27

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3062.882 [GMT 2:00]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe

C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

C:\Windows\system32\IoctlSvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\DllHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\laurent_guerguy\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Users\laurent_guerguy\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/webhp?sourceid=navclient&ie=UTF-8

uInternet Settings,ProxyOverride = *.local;<local>

uInternet Settings,ProxyServer = 178.33.177.8:3128

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.8.0.14\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.8.0.14\ips\IPSBHO.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.8.0.14\coIEPlg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

EB: &Rechercher: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uPolicies-explorer: NoInstrumentation = 1

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/maconfig/MaConfig_3_5_3_0.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP1-13926/event/ieatgpc1.cab

DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://upexe.pplive.com/config/pplite/pluginsetup.cab

TCP: DhcpNameServer = 62.81.29.254 62.81.16.213

TCP: Interfaces\{0093ACE2-3565-4894-88D4-8719BE181AEB} : DhcpNameServer = 212.54.40.25 212.54.35.25

TCP: Interfaces\{DBFFAEAD-0A3D-4AB0-A57D-3CB60905A9CB} : DhcpNameServer = 62.81.29.254 62.81.16.213

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\laurent_guerguy\appdata\roaming\mozilla\firefox\profiles\7ju62xd4.default\

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\tvuplayer\npTVUAx.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\laurent_guerguy\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\users\laurent_guerguy\appdata\roaming\mozilla\plugins\npicaN.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_278.dll

.

============= SERVICES / DRIVERS ===============

.

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-9-7 65848]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1308000.00e\symds.sys [2012-8-19 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1308000.00e\symefa.sys [2012-8-19 924320]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\bashdefs\20120919.001\BHDrvx86.sys [2012-9-20 995488]

R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1308000.00e\ccsetx86.sys [2012-8-19 132768]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\ipsdefs\20120926.001\IDSvix86.sys [2012-9-27 386720]

R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-2-26 390528]

R1 RapportCerberus_42020;RapportCerberus_42020;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_42020.sys [2012-8-7 228376]

R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-9-7 71480]

R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-9-7 166840]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1308000.00e\ironx86.sys [2012-8-19 149624]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1308000.00e\symtdiv.sys [2012-8-19 345208]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-7-6 116608]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-15 399432]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-15 676936]

R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.8.0.14\ccsvchst.exe [2012-8-19 138272]

R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2012-2-16 793048]

R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-9-7 976728]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-19 106656]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-15 22856]

R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28.sys [2009-1-19 517120]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-9 135664]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-11 250288]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-9 135664]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-9-23 238960]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-11 113120]

S3 WisLMSvc;WisLMSvc;c:\program files\launch manager\WisLMSvc.exe [2009-5-20 113152]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== File Associations ===============

.

.scr=AutoCADScriptFile

.

=============== Created Last 30 ================

.

2012-09-24 17:10:21 -------- d-----w- c:\program files\ESET

2012-09-23 18:53:38 -------- d-----w- c:\users\laurent_guerguy\appdata\local\temp

2012-09-23 18:51:54 -------- d-sh--w- C:\$RECYCLE.BIN

2012-09-23 18:20:57 98816 ----a-w- c:\windows\sed.exe

2012-09-23 18:20:57 518144 ----a-w- c:\windows\SWREG.exe

2012-09-23 18:20:57 256000 ----a-w- c:\windows\PEV.exe

2012-09-23 18:20:57 208896 ----a-w- c:\windows\MBR.exe

2012-09-15 14:42:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-15 14:42:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-09-12 20:42:21 -------- d-----w- c:\users\laurent_guerguy\appdata\local\ElevatedDiagnostics

2012-09-07 09:07:30 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

.

==================== Find3M ====================

.

2012-09-20 21:57:20 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-20 21:57:20 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-07-06 02:17:57 574112 ----a-w- c:\windows\system32\drivers\nis\1308000.00e\srtsp.sys

2012-07-06 02:17:57 32928 ----a-w- c:\windows\system32\drivers\nis\1308000.00e\srtspx.sys

2012-07-04 14:02:46 2047488 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 20:57:19.34 ===============

Then the attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 10/08/2009 17:55:55

System Uptime: 27/09/2012 19:03:34 (1 hours ago)

.

Motherboard: MEDION | | E5211

Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz | U2E1 | 2000/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 279 GiB total, 158.687 GiB free.

D: is FIXED (FAT32) - 20 GiB total, 13.191 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP637: 12/09/2012 22:18:37 - Windows Update

RP638: 22/09/2012 16:42:38 - Scheduled Checkpoint

RP639: 23/09/2012 03:00:13 - Windows Update

RP640: 23/09/2012 23:36:03 - Scheduled Checkpoint

RP641: 24/09/2012 22:46:25 - Scheduled Checkpoint

RP642: 25/09/2012 20:23:48 - Scheduled Checkpoint

RP643: 26/09/2012 00:57:39 - Removed Microsoft Silverlight

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.2

Adobe Shockwave Player 11

Andica Self Assessment Personal 2011

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Auslogics Registry Cleaner

AutoCAD 2008 - Español

Autodesk DWF Viewer 7

Azurewave Wireless LAN

Bonjour

CALENER-GT

Cisco WebEx Meetings

Citrix XenApp Web Plugin

Combined Community Codec Pack 2009-09-09

Compatibility Pack for the 2007 Office system

DivX Setup

ESET Online Scanner v3

ffdshow [rev 610] [2006-12-01]

Google Chrome

Google SketchUp 7

Google Toolbar for Internet Explorer

Google Update Helper

Google Updater

Haali Media Splitter

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Inkscape 0.48.2

Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

Intel® TV Wizard

iTunes

Java 6 Update 13

Junk Mail filter update

Launch Manager V1.5.0.2

LIDER

Logitech Legacy USB Camera Driver Package

Logitech Print Service

Logitech Vid

Logitech Webcam Software

Logitech Webcam Software Driver Package

Ma-Config.com

Malwarebytes Anti-Malware version 1.65.0.1400

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office File Validation Add-In

Microsoft Office Professional Edition 2003

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Move Networks Media Player for Internet Explorer

Mozilla Firefox 13.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MWSnap 3

Nero 8 Essentials

neroxml

Norton Bootable Recovery Tool Wizard

Norton Internet Security

Notepad++

PC Tools Registry Mechanic 11.0

PPLite 1.0.0.6

PVSOL Expert 4.0

QuickTime

Rapport

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Skype Click to Call

Skype™ 5.10

Sothink FLV Player

Spelling Dictionaries Support For Adobe Reader 9

Spotify

Synaptics Pointing Device Driver

System Requirements Lab for Intel

TVUPlayer 2.5.3.1

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Valentin Meteo Data 1.0.26

VBA (2627.01)

VBA (2627.4)

VC80CRTRedist - 8.0.50727.6195

VCRedistSetup

Veetle TV 0.9.18

VLC media player 1.0.1

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

WinRAR archiver

Xvid 1.2.1 final uninstall

.

==== Event Viewer Messages From Past Week ========

.

27/09/2012 19:08:19, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

27/09/2012 19:08:19, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

27/09/2012 19:07:49, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Skype Updater service to connect.

27/09/2012 19:07:49, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service SkypeUpdate with arguments "/ComService" in order to run the server: {CC957078-B838-47C4-A7CF-626E7A82FC58}

27/09/2012 19:05:38, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASKUTIL

27/09/2012 19:05:38, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

27/09/2012 19:05:38, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

26/09/2012 20:08:40, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {A47979D2-C419-11D9-A5B4-001185AD2B89} to the user Office-PC\laurent_guerguy SID (S-1-5-21-2549468108-1473318864-4274882289-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

25/09/2012 18:42:02, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.

25/09/2012 18:42:02, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

23/09/2012 20:45:19, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

23/09/2012 20:44:49, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.

23/09/2012 20:39:20, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

23/09/2012 20:20:15, Error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).

23/09/2012 19:38:31, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.

23/09/2012 19:38:31, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

23/09/2012 14:42:42, Error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error.

23/09/2012 14:42:23, Error: Ntfs [137] - The default transaction resource manager on volume F: encountered a non-retryable error and could not start. The data contains the error code.

20/09/2012 19:08:26, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Software Updater service to connect.

20/09/2012 19:08:26, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

.

==== End Of File ===========================

Thanks.

Cheers,

Laurent

Link to post
Share on other sites

javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :

Please download JavaRa to your desktop and unzip it to its own folder

  • Run JavaRa.exe, then click Remove Older Versions.
  • Run the built-in uninstallers for all copies of java listed
  • Click the Next button
  • Click the Next button again
  • Click the Java Manual Download link
  • A browser window will open with the Java download page
  • Click the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your system's version)
  • Run the installer
  • Close JavaRa

Link to post
Share on other sites

Hi,

Yes things are fine but I didn't go again on the problematic website. Now my trial period with Malware bytes is over so it wouldn't show up anyway.

What do you think is best? Not going to that specific website ever again?

Should I buy Malware bytes? I've already bought Norton Antivirus so not so keen in buying another antivirus now... If Norton antivirus is not flagging it is it really something worth worrying about?

Thanks for your advice.

Laurent

Link to post
Share on other sites

Give me the website, if is not a problem, of course and I will check it for you.

Should I buy Malware bytes?

It is your choice. :)

I've already bought Norton Antivirus so not so keen in buying another antivirus now... If Norton antivirus is not flagging it is it really something worth worrying about?

Norton's antivirus and Malwarebytes - anti-malware program. These are different products running on different technologies. It is difficult to compare and disclose their mistakes.

I want to check it and thus clear the mystery about where exactly the problem.

Link to post
Share on other sites

Glad I could help! :)

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Next, please uninstall ESET Online Scanner and manually delete JavaRa.

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.