Jump to content

"Successfully blocked access to a potentially malicious Website"


Recommended Posts

Hi, My name is TrueGamer150. I posted the same thread over in the general forums. I keep getting this message: "Successfully blocked access to a potentially malicious Website" followed by an IP address. I believe I may be infected with something and I would like some help. My antivirus (Avira Free Antivirus) and Malwarebytes hasnt detected anything malicious on my computer when I've scanned. I've done multiple scans with both but detected nothing. What do I do now? I get very afraid every time I get the message and I really want to fix this asap.

Thanks,

-A frightened Gamer.

Link to post
Share on other sites

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic:
Click on the
Follow This Topic Button
(at the top right of this page), make sure that the
Receive notification
box is checked and that it is set to
Instantly

Removing malware can be unpredictable
...things can go very wrong!
Backup
any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>
Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>
Please stick with me until I give you the "all clear" and
Please don't waste my time by leaving before that
.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Heres the DDS:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.21.2

Run by admin at 19:03:36 on 2013-05-08

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1224 [GMT 1:00]

.

AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ================

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.avira.com/?l=dis&o=APN10267&gct=hp&dc=EU&locale=en_IE

uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [soundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [JMB36X IDE Setup] c:\windows\jm\JMInsIDE.exe

mRun: [JMB36X Configure] c:\windows\system32\JMRaidSetup.exe boot

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

LSP: c:\program files\avira\antivir desktop\avsda.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1355835521390

TCP: NameServer = 85.91.1.128 85.91.1.130

TCP: Interfaces\{96476DE4-6D5B-4FFD-9F3E-AA623DE1032A} : DHCPNameServer = 85.91.1.128 85.91.1.130

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: AtiExtEvent - Ati2evxx.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\admin\application data\mozilla\firefox\profiles\bh5gfkga.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxps://www.google.ie/setprefs?sig=0_4bi1ODF_N5fz9upIulHPfk4iSXY%3D&hl=en&source=homepage

FF - plugin: c:\documents and settings\admin\application data\mozilla\firefox\profiles\bh5gfkga.default\extensions\toolbar@ask.com\plugins\npAviraCallingID.dll

FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll

FF - ExtSQL: 2013-05-07 22:45; toolbar@ask.com; c:\documents and settings\admin\application data\mozilla\firefox\profiles\bh5gfkga.default\extensions\toolbar@ask.com

.

============= SERVICES / DRIVERS ===============

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-1-6 37352]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-1-6 86752]

R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-1-6 110816]

R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2013-1-6 562744]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-1-6 84744]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-16 418376]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-16 701512]

R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-4-15 3289208]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2013-1-6 99856]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-16 22856]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2013-05-07 21:45:09 -------- d-----w- c:\program files\Ask.com

2013-05-07 21:45:07 -------- d-----w- c:\documents and settings\admin\local settings\application data\AskToolbar

2013-05-07 21:44:55 -------- d-----w- c:\documents and settings\admin\local settings\application data\APN

2013-05-03 18:52:59 -------- d-----w- c:\documents and settings\admin\application data\CallingID

2013-04-18 19:44:54 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-04-15 14:32:30 6128760 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll

2013-04-15 14:32:30 6128760 ----a-w- c:\program files\mozilla firefox\browser\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll

2013-04-12 21:05:07 26520 ----a-w- c:\program files\mozilla firefox\plugin-hang-ui.exe

2013-04-12 21:05:00 96664 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe

2013-04-12 21:05:00 865800 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe

2013-04-12 21:05:00 272280 ----a-w- c:\program files\mozilla firefox\updater.exe

2013-04-12 21:05:00 19352 ----a-w- c:\program files\mozilla firefox\xpcom.dll

2013-04-12 21:05:00 18581400 ----a-w- c:\program files\mozilla firefox\xul.dll

2013-04-12 21:05:00 170232 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe

2013-04-12 21:05:00 157080 ----a-w- c:\program files\mozilla firefox\ssl3.dll

2013-04-12 21:05:00 152472 ----a-w- c:\program files\mozilla firefox\softokn3.dll

.

==================== Find3M ====================

.

2013-04-04 13:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-30 07:47:26 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2013-03-30 07:47:26 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2013-03-12 22:02:53 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-03-12 22:02:52 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-03-06 19:26:42 861088 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-03-06 19:26:42 782240 ----a-w- c:\windows\system32\deployJava1.dll

.

============= FINISH: 19:04:13.84 ===============

Link to post
Share on other sites

And the attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 17/12/2012 14:21:24

System Uptime: 08/05/2013 17:20:44 (2 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P5B

Processor: Intel® Core2 Duo CPU E6750 @ 2.66GHz | Socket 775 | 2662/333mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 466 GiB total, 403.191 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP57: 08/02/2013 12:54:38 - System Checkpoint

RP58: 10/02/2013 10:42:29 - System Checkpoint

RP59: 11/02/2013 18:28:54 - System Checkpoint

RP60: 12/02/2013 18:47:09 - System Checkpoint

RP61: 14/02/2013 10:51:10 - System Checkpoint

RP62: 15/02/2013 18:39:17 - System Checkpoint

RP63: 17/02/2013 10:28:52 - System Checkpoint

RP64: 19/02/2013 21:32:14 - System Checkpoint

RP65: 20/02/2013 13:16:04 - Removed Java 7 Update 13

RP66: 20/02/2013 13:16:31 - Installed Java 7 Update 15

RP67: 21/02/2013 21:23:06 - System Checkpoint

RP68: 23/02/2013 13:59:07 - System Checkpoint

RP69: 24/02/2013 14:00:49 - System Checkpoint

RP70: 26/02/2013 19:19:55 - System Checkpoint

RP71: 28/02/2013 16:54:45 - System Checkpoint

RP72: 01/03/2013 22:19:26 - System Checkpoint

RP73: 03/03/2013 22:14:00 - System Checkpoint

RP74: 06/03/2013 11:33:12 - System Checkpoint

RP75: 06/03/2013 19:26:11 - Removed Java 7 Update 15

RP76: 06/03/2013 19:26:35 - Installed Java 7 Update 17

RP77: 07/03/2013 20:35:06 - System Checkpoint

RP78: 09/03/2013 12:32:16 - System Checkpoint

RP79: 10/03/2013 12:57:07 - System Checkpoint

RP80: 11/03/2013 15:26:51 - System Checkpoint

RP81: 14/03/2013 23:24:24 - System Checkpoint

RP82: 16/03/2013 11:30:13 - System Checkpoint

RP83: 19/03/2013 21:24:38 - System Checkpoint

RP84: 24/03/2013 11:49:32 - System Checkpoint

RP85: 26/03/2013 09:05:50 - System Checkpoint

RP86: 27/03/2013 18:04:51 - System Checkpoint

RP87: 29/03/2013 12:26:17 - System Checkpoint

RP88: 31/03/2013 15:14:17 - System Checkpoint

RP89: 01/04/2013 15:14:32 - System Checkpoint

RP90: 02/04/2013 18:54:07 - System Checkpoint

RP91: 04/04/2013 15:46:04 - System Checkpoint

RP92: 07/04/2013 14:14:49 - System Checkpoint

RP93: 08/04/2013 15:03:13 - System Checkpoint

RP94: 11/04/2013 16:53:39 - System Checkpoint

RP95: 12/04/2013 17:03:15 - System Checkpoint

RP96: 13/04/2013 17:49:22 - System Checkpoint

RP97: 15/04/2013 09:24:27 - System Checkpoint

RP98: 16/04/2013 09:45:09 - System Checkpoint

RP99: 17/04/2013 17:18:36 - System Checkpoint

RP100: 18/04/2013 20:44:09 - Installed Java 7 Update 21

RP101: 21/04/2013 11:22:14 - System Checkpoint

RP102: 23/04/2013 09:48:26 - System Checkpoint

RP103: 25/04/2013 10:50:05 - System Checkpoint

RP104: 26/04/2013 15:29:45 - System Checkpoint

RP105: 28/04/2013 08:00:02 - System Checkpoint

RP106: 30/04/2013 17:32:02 - System Checkpoint

RP107: 01/05/2013 22:24:06 - System Checkpoint

RP108: 03/05/2013 12:22:02 - System Checkpoint

RP109: 05/05/2013 17:21:02 - System Checkpoint

RP110: 07/05/2013 14:37:54 - System Checkpoint

.

==== Installed Programs ======================

.

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.02)

Ask Toolbar

Avira Free Antivirus

Avira SearchFree Toolbar plus Web Protection Updater

CollSoft Payroll 2012

Counter-Strike: Source

Garry's Mod

Google Chrome

Google Update Helper

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2779562)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB976002-v5)

Java 7 Update 21

Java Auto Updater

JMB36X Raid Configurer

League of Legends

Left 4 Dead 2

Malwarebytes Anti-Malware version 1.75.0.1300

Marvell Miniport Driver

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 20.0.1 (x86 en-GB)

Mozilla Maintenance Service

Pando Media Booster

Pivot Animator version 4.1.8

REALTEK GbE & FE Ethernet PCI-E NIC Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2761465)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219-v2)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135-v2)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2753842-v2)

Security Update for Windows XP (KB2757638)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2779030)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982665)

Skype Click to Call

Skype™ 6.3

SoundMAX

Steam

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Windows XP (KB2345886)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB973815)

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows XP Service Pack 3

XML Paper Specification Shared Components Pack 1.0

.

==== End Of File ===========================

Link to post
Share on other sites

And heres the Report on Rogue Killer:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : admin [Admin rights]

Mode : Scan -- Date : 05/08/2013 19:08:15

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

SSDT[25] : NtClose @ 0x805BC538 -> HOOKED (Unknown @ 0xBA7C5DCC)

SSDT[41] : NtCreateKey @ 0x806240F6 -> HOOKED (Unknown @ 0xBA7C5D86)

SSDT[50] : NtCreateSection @ 0x805AB3D0 -> HOOKED (Unknown @ 0xBA7C5DD6)

SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0xBA7C5D7C)

SSDT[63] : NtDeleteKey @ 0x80624592 -> HOOKED (Unknown @ 0xBA7C5D8B)

SSDT[65] : NtDeleteValueKey @ 0x80624762 -> HOOKED (Unknown @ 0xBA7C5D95)

SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (Unknown @ 0xBA7C5DC7)

SSDT[98] : NtLoadKey @ 0x8062631A -> HOOKED (Unknown @ 0xBA7C5D9A)

SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0xBA7C5D68)

SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (Unknown @ 0xBA7C5D6D)

SSDT[177] : NtQueryValueKey @ 0x8062231A -> HOOKED (Unknown @ 0xBA7C5DEF)

SSDT[193] : NtReplaceKey @ 0x806261CA -> HOOKED (Unknown @ 0xBA7C5DA4)

SSDT[200] : NtRequestWaitReplyPort @ 0x805A2D7E -> HOOKED (Unknown @ 0xBA7C5DE0)

SSDT[204] : NtRestoreKey @ 0x80625AD6 -> HOOKED (Unknown @ 0xBA7C5D9F)

SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0xBA7C5DDB)

SSDT[237] : NtSetSecurityObject @ 0x805C0636 -> HOOKED (Unknown @ 0xBA7C5DE5)

SSDT[247] : NtSetValueKey @ 0x80622668 -> HOOKED (Unknown @ 0xBA7C5D90)

SSDT[255] : NtSystemDebugControl @ 0x806180CA -> HOOKED (Unknown @ 0xBA7C5DEA)

SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0xBA7C5D77)

S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xBA7C5DFE)

S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xBA7C5E03)

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721050CLA362 +++++

--- User ---

[MBR] c6a2dfc4c5939b1641c846ec5ffd0828

[bSP] 9cc5225abeca9ac8b014677f3edb1255 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 19 | Size: 476935 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_05082013_02d1908.txt >>

RKreport[1]_S_05082013_02d1908.txt

Link to post
Share on other sites

Well we didn't fix anything yet, so if there's a problem...it's still there.

Can you post the protection log from Malwarebytes that shows the blocks.

Then............we should run some scans:

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that your system is now functioning normally.

MrC

Link to post
Share on other sites

Also, Rogue Killer seems to have found something, after the scan, in registry theres 2 items and it says:

Status Type Key Type Global

FOUND Susp Path RUN HKLM

FOUND HJ DESK HKLM

Theres more stuff beside that but im not gonig to add everything, are those two things malicious?

Link to post
Share on other sites

Also, Rogue Killer seems to have found something, after the scan, in registry theres 2 items and it says:

Status Type Key Type Global

FOUND Susp Path RUN HKLM

FOUND HJ DESK HKLM

Theres more stuff beside that but im not gonig to add everything, are those two things malicious?

I clicked delete but im not sure what those were or if I should have clicked delete

Link to post
Share on other sites

The blocks may just be Malwarebytes doing its job, we have to scan the system to make sure there's no malware on the system.

Now.....

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Try it in safe mode, MrC

Hang on, sorry about this, but I dont seem to be getting any more IP blocks. Im going to wait to see if I get another one, if not, then... Well i dont know. I was thinking that maybe if I removed those 2 things in roguekiller it might have fixed it. Let me just wait and see what happens

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.