Jump to content

"Successfully blocked content to potentially malicious website" continues to pop up


Recommended Posts

Hi,

Today I found the BitDefender on my pc. I followed some instructions to remove it, and I think I managed to do it. I installed the Malwarebytes in the process. Now, it is saying that he "successfully blocked content to potentially malicious website". It does it both when I am on the internet (also with just googhle page open) and when I'm not web surfing at all, though the pop ups don't appear often. I am afraid I am still infected; I run a full scan with Malwarebytes, and it found nothing. I attach here the two logs. Anyone has any idea what I have to do?

Thanks for the patience!

protection-log-2011-06-21.txt

mbam-log-2011-06-21 (09-48-14).txt

Link to post
Share on other sites

Hi and :welcome:

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Link to post
Share on other sites

Thank you very much for the help. I think I noticed another something today: now the Malwarebytes messages don't appear when I'm not web surfing. They appear when I'm web surfing or when I'm using bittorrent.

Here is the DDS scan:

.

DDS (Ver_2011-06-12.02) - NTFSx86

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_20

Run by utente at 19:59:39 on 2011-06-22

Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.3071.2098 [GMT 2:00]

.

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Programmi\Java\jre6\bin\jqs.exe

C:\WINDOWS\Explorer.EXE

C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Programmi\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programmi\VIA\VIAudioi\HDADeck\HDeck.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Programmi\Java\j2re1.4.2_01\bin\jusched.exe

C:\WINDOWS\USB Vibration\7906\USB Gamepad.exe

C:\Programmi\DivX\DivX Update\DivXUpdate.exe

C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Programmi\DNA\btdna.exe

C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe

C:\Programmi\Messenger\msmsgs.exe

C:\Programmi\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe

C:\Programmi\Mozilla Firefox\firefox.exe

C:\Programmi\Skype\Phone\Skype.exe

C:\Programmi\Skype\Plugin Manager\skypePM.exe

C:\Programmi\Mozilla Firefox\plugin-container.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.ask.com/?o=101764&l=dis

uInternet Connection Wizard,ShellNext = hxxp://go.divx.com/divx/webplayerdemo/en?yrv=1&yoc=divx&ydt=divxdotcom&ybt=DFW&ybv=6.8&yo=iet

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\programmi\orbitdownloader\orbitcth.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programmi\file comuni\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: PDF Suite Helper: {1ad61d5b-58a3-4592-9b34-dc84688ff805} - c:\programmi\pdf suite 2010\PDFIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\programmi\avg\avg8\avgssie.dll

BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\programmi\spybot - search & destroy\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Guida per l'accesso a Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmi\file comuni\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\programmi\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmi\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmi\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\programmi\orbitdownloader\GrabPro.dll

TB: PDF Suite Toolbar: {261f6a8b-7aaf-4bf5-8552-6610f4d67819} - c:\programmi\pdf suite 2010\PDFIEPlugin.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [bitTorrent DNA] "c:\programmi\dna\btdna.exe"

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\programmi\file comuni\ahead\lib\NMBgMonitor.exe"

uRun: [VeohPlugin] "c:\programmi\veoh networks\veohwebplayer\veohwebplayer.exe"

uRun: [MSMSGS] "c:\programmi\messenger\msmsgs.exe" /background

uRun: [steam] "c:\programmi\steam\Steam.exe" -silent

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [HDAudDeck] c:\programmi\via\viaudioi\hdadeck\HDeck.exe 1

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [sunJavaUpdateSched] "c:\programmi\java\j2re1.4.2_01\bin\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\programmi\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\programmi\file comuni\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\programmi\quicktime\QTTask.exe" -atboottime

mRun: [uSB Gamepad] c:\windows\usb vibration\7906\USB Gamepad.exe -boot

mRun: [DivXUpdate] "c:\programmi\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [Malwarebytes' Anti-Malware] "c:\programmi\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\utente\menuav~1\progra~1\esecuz~1\adobeg~1.lnk - c:\programmi\file comuni\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\wg111v~1.lnk - c:\programmi\netgear\wg111v2 configuration utility\RtlWake.exe

IE: &Download by Orbit - c:\programmi\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\programmi\orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\programmi\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\programmi\orbitdownloader\orbitmxt.dll/202

IE: E&sporta in Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\programmi\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: Interfaces\{12C812B9-3D7F-4E0D-B9E5-0F55E288B0A3} : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{FFBBB324-AEDB-4077-A230-47C803FC6C9C} : DhcpNameServer = 192.168.1.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\programmi\avg\avg8\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\programmi\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fileco~1\skype\SKYPE4~1.DLL

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 66.98.148.65 auto.search.msn.com

Hosts: 66.98.148.65 auto.search.msn.es

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\utente\dati applicazioni\mozilla\firefox\profiles\d1hviuxc.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=

FF - component: c:\documents and settings\utente\dati applicazioni\mozilla\firefox\profiles\d1hviuxc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\documents and settings\utente\dati applicazioni\mozilla\firefox\profiles\d1hviuxc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll

FF - component: c:\programmi\pdf suite 2010\firefoxextension\components\FFPDFConverter.dll

FF - plugin: c:\programmi\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\programmi\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\programmi\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\programmi\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\programmi\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\programmi\mozilla firefox\plugins\npbittorrent.dll

FF - plugin: c:\programmi\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\programmi\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\programmi\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll

.

============= SERVICES / DRIVERS ===============

.

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-4 335240]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-4 27784]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-4 108552]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-9-4 908056]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-4 297752]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2009-7-5 66048]

R2 MBAMService;MBAMService;c:\programmi\malwarebytes' anti-malware\mbamservice.exe [2011-6-21 366640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-21 22712]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-2-4 222976]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 hid7906;MAP2A10K;c:\windows\system32\drivers\hid7906.sys [2011-4-16 34793]

S3 idrmkl;idrmkl;\??\c:\docume~1\utente\impost~1\temp\idrmkl.sys --> c:\docume~1\utente\impost~1\temp\idrmkl.sys [?]

S3 PciCon;PciCon;\??\e:\pcicon.sys --> e:\PciCon.sys [?]

S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2009-7-5 167808]

S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2009-3-30 468768]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 ZD1211BU(Atlantis-Land);NetFly U54 Wireless USB Adapter Driver(Atlantis-Land);c:\windows\system32\drivers\ZD1211BU.sys [2009-3-27 500736]

S4 PDF Suite 2010 Service;PDF Suite 2010 Service;c:\programmi\pdf suite 2010\ConversionService.exe [2010-6-1 799552]

S4 StarWindServiceAE;StarWind AE Service;c:\programmi\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]

.

=============== Created Last 30 ================

.

2011-06-21 05:39:42 -------- d-----w- c:\documents and settings\utente\dati applicazioni\Malwarebytes

2011-06-21 04:44:53 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-21 04:44:53 -------- d-----w- c:\documents and settings\all users\dati applicazioni\Malwarebytes

2011-06-21 04:44:50 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-21 04:44:50 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware

2011-06-19 10:16:37 -------- d-----w- c:\programmi\Darksiders

2011-06-19 10:09:20 -------- d-----w- c:\programmi\Steam

2011-06-19 10:07:01 -------- d-----w- c:\programmi\THQ

2011-06-19 08:40:05 -------- d-----w- c:\documents and settings\utente\impostazioni locali\dati applicazioni\Darksiders

2011-06-07 11:22:31 -------- d-----w- c:\documents and settings\utente\dati applicazioni\TS3Client

2011-06-07 10:35:34 103864 ----a-w- c:\programmi\mozilla firefox\plugins\nppdf32.dll

2011-06-07 10:35:34 103864 ----a-w- c:\programmi\internet explorer\plugins\nppdf32.dll

2011-06-02 20:23:11 -------- d-----w- c:\documents and settings\utente\impostazioni locali\dati applicazioni\Turbine

2011-06-02 18:56:11 -------- d-----w- c:\programmi\Turbine

.

==================== Find3M ====================

.

2011-06-18 14:20:23 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-04-08 11:36:10 86016 ----a-w- c:\windows\system32\custmon32.dll

2011-03-31 09:18:18 23376 ----a-w- c:\windows\system32\dopdfmn7.dll

2011-03-31 09:18:16 20304 ----a-w- c:\windows\system32\dopdfmi7.dll

2011-03-28 09:29:07 716153 ----a-w- c:\windows\system32\unins000.exe

2009-05-17 02:06:59 58652 ----a-w- c:\programmi\AMVapp-uninst.exe

2008-03-09 05:25:10 236 ----a-w- c:\programmi\file comuni\dx.reg

2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll

2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll

.

============= FINISH: 20.00.20,89 ===============

attach.rar

Link to post
Share on other sites

Hi again,

P2P WARNING

-------------------

Going over your logs I noticed that you have BitTorrent installed.

  • [*] Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

[*]They are a security risk which can make your computer susceptible to a sm

Link to post
Share on other sites

The TDSS Killer didn't found anything. Here's the scan:

2011/06/22 21:22:20.0859 0128 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15

2011/06/22 21:22:21.0203 0128 ================================================================================

2011/06/22 21:22:21.0203 0128 SystemInfo:

2011/06/22 21:22:21.0203 0128

2011/06/22 21:22:21.0203 0128 OS Version: 5.1.2600 ServicePack: 2.0

2011/06/22 21:22:21.0203 0128 Product type: Workstation

2011/06/22 21:22:21.0203 0128 ComputerName: UTENTE-4DFACC7C

2011/06/22 21:22:21.0203 0128 UserName: utente

2011/06/22 21:22:21.0203 0128 Windows directory: C:\WINDOWS

2011/06/22 21:22:21.0203 0128 System windows directory: C:\WINDOWS

2011/06/22 21:22:21.0203 0128 Processor architecture: Intel x86

2011/06/22 21:22:21.0203 0128 Number of processors: 4

2011/06/22 21:22:21.0203 0128 Page size: 0x1000

2011/06/22 21:22:21.0203 0128 Boot type: Normal boot

2011/06/22 21:22:21.0203 0128 ================================================================================

2011/06/22 21:22:22.0359 0128 Initialize success

2011/06/22 21:22:26.0218 2872 ================================================================================

2011/06/22 21:22:26.0218 2872 Scan started

2011/06/22 21:22:26.0218 2872 Mode: Manual;

2011/06/22 21:22:26.0218 2872 ================================================================================

2011/06/22 21:22:27.0468 2872 ACPI (ad825cb3397c837d1fb91d566d78de04) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/06/22 21:22:27.0515 2872 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/06/22 21:22:27.0625 2872 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys

2011/06/22 21:22:27.0687 2872 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys

2011/06/22 21:22:27.0953 2872 Aspi32 (20d04091eba710f6988f710507d85868) C:\WINDOWS\system32\drivers\Aspi32.sys

2011/06/22 21:22:28.0015 2872 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/06/22 21:22:28.0078 2872 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/06/22 21:22:28.0140 2872 atksgt (e46d344412d1abc60c58e95c73bcdc70) C:\WINDOWS\system32\DRIVERS\atksgt.sys

2011/06/22 21:22:28.0203 2872 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/06/22 21:22:28.0250 2872 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/06/22 21:22:28.0296 2872 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys

2011/06/22 21:22:28.0343 2872 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys

2011/06/22 21:22:28.0406 2872 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys

2011/06/22 21:22:28.0500 2872 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/06/22 21:22:28.0562 2872 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/06/22 21:22:28.0593 2872 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/06/22 21:22:28.0703 2872 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/06/22 21:22:28.0734 2872 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/06/22 21:22:28.0859 2872 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/06/22 21:22:28.0937 2872 dmboot (6570b4c952f0d8fee4c6ef2ff5e10c08) C:\WINDOWS\system32\drivers\dmboot.sys

2011/06/22 21:22:28.0984 2872 dmio (c57d35621782c7f40770f3e5ca20a182) C:\WINDOWS\system32\drivers\dmio.sys

2011/06/22 21:22:29.0031 2872 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/06/22 21:22:29.0109 2872 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2011/06/22 21:22:29.0171 2872 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/06/22 21:22:29.0250 2872 EAPPkt (efacd8d57a42a93e244a0dbd357e8cb8) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys

2011/06/22 21:22:29.0312 2872 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/06/22 21:22:29.0375 2872 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/06/22 21:22:29.0390 2872 Fips (333fbbc71bdcbb46c58a3b51b3d51184) C:\WINDOWS\system32\drivers\Fips.sys

2011/06/22 21:22:29.0453 2872 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/06/22 21:22:29.0593 2872 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/06/22 21:22:29.0625 2872 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/06/22 21:22:29.0718 2872 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/06/22 21:22:29.0796 2872 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/06/22 21:22:29.0921 2872 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/06/22 21:22:29.0968 2872 hid7906 (4ea8b2ce92cee1201313d4792d47cafc) C:\WINDOWS\system32\drivers\hid7906.sys

2011/06/22 21:22:30.0093 2872 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/06/22 21:22:30.0187 2872 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/06/22 21:22:30.0234 2872 i8042prt (30e64dfa4efaacc8142ea07766181fb4) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/06/22 21:22:30.0562 2872 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/06/22 21:22:30.0687 2872 intelppm (ebc07787034bbe312020d30198a9f362) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/06/22 21:22:30.0718 2872 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/06/22 21:22:30.0796 2872 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/06/22 21:22:30.0828 2872 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/06/22 21:22:30.0906 2872 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/06/22 21:22:30.0921 2872 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/06/22 21:22:31.0062 2872 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/06/22 21:22:31.0109 2872 isapnp (ea3245a8e8758d6b84de189a5caaa75e) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/06/22 21:22:31.0156 2872 Kbdclass (e883ae6ea0b313e659225aa32e449ce9) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/06/22 21:22:31.0234 2872 kbdhid (24f4d51e89822c349044c28be255c8a5) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/06/22 21:22:31.0265 2872 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys

2011/06/22 21:22:31.0328 2872 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/06/22 21:22:31.0515 2872 lirsgt (8ccf9ed46d52af1375875f74a91ffacf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys

2011/06/22 21:22:31.0562 2872 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys

2011/06/22 21:22:31.0593 2872 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys

2011/06/22 21:22:31.0734 2872 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/06/22 21:22:31.0796 2872 Modem (b30d2db351e3191bd71232036cfe711a) C:\WINDOWS\system32\drivers\Modem.sys

2011/06/22 21:22:31.0953 2872 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys

2011/06/22 21:22:32.0203 2872 Mouclass (c458e314b8722253897c94a714c2e0c0) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/06/22 21:22:32.0218 2872 mouhid (d7662f0cf5b77bbbe3202716f5bd5318) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/06/22 21:22:32.0265 2872 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/06/22 21:22:32.0296 2872 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/06/22 21:22:32.0359 2872 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/06/22 21:22:32.0515 2872 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2011/06/22 21:22:32.0546 2872 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/06/22 21:22:32.0578 2872 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/06/22 21:22:32.0593 2872 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/06/22 21:22:32.0640 2872 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/06/22 21:22:32.0687 2872 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

2011/06/22 21:22:32.0718 2872 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

2011/06/22 21:22:32.0750 2872 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2011/06/22 21:22:32.0812 2872 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/06/22 21:22:32.0875 2872 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/06/22 21:22:32.0937 2872 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/06/22 21:22:33.0015 2872 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/06/22 21:22:33.0093 2872 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/06/22 21:22:33.0125 2872 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/06/22 21:22:33.0156 2872 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2011/06/22 21:22:33.0187 2872 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/06/22 21:22:33.0234 2872 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/06/22 21:22:33.0390 2872 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/06/22 21:22:33.0734 2872 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/06/22 21:22:33.0750 2872 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/06/22 21:22:33.0859 2872 Parport (3490ead0612bfd0e7c1b864ee24e6a4a) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/06/22 21:22:33.0921 2872 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/06/22 21:22:33.0984 2872 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/06/22 21:22:34.0046 2872 PCI (91fc1d483d900b1c0600a08b871c39d5) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/06/22 21:22:34.0109 2872 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/06/22 21:22:34.0187 2872 Pcmcia (28f3538a2091993a03506311a05053e8) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/06/22 21:22:34.0328 2872 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/06/22 21:22:34.0390 2872 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/06/22 21:22:34.0421 2872 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/06/22 21:22:34.0484 2872 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/06/22 21:22:34.0625 2872 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/06/22 21:22:34.0687 2872 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/06/22 21:22:34.0765 2872 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/06/22 21:22:34.0812 2872 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/06/22 21:22:34.0843 2872 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/06/22 21:22:34.0875 2872 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/06/22 21:22:34.0937 2872 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/06/22 21:22:35.0015 2872 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/06/22 21:22:35.0093 2872 redbook (a8eee004a16af1d583d9de9f6de250e0) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/06/22 21:22:35.0203 2872 RTLE8023xp (1814434b1a9be6ae3e740053119fb003) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

2011/06/22 21:22:35.0281 2872 RTLWUSB (463b8ac0130adf01a85daebf646b3db3) C:\WINDOWS\system32\DRIVERS\wg111v2.sys

2011/06/22 21:22:35.0328 2872 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/06/22 21:22:35.0359 2872 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/06/22 21:22:35.0390 2872 Serial (dbab3260e7eb3398cb87267d1410fad4) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/06/22 21:22:35.0468 2872 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/06/22 21:22:35.0593 2872 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys

2011/06/22 21:22:35.0640 2872 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\System32\Drivers\sptd.sys

2011/06/22 21:22:35.0765 2872 sr (896f566afc498077172eae8a50e8baf8) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/06/22 21:22:35.0828 2872 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/06/22 21:22:35.0859 2872 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/06/22 21:22:35.0906 2872 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2011/06/22 21:22:36.0031 2872 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/06/22 21:22:36.0093 2872 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/06/22 21:22:36.0218 2872 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/06/22 21:22:36.0250 2872 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/06/22 21:22:36.0281 2872 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/06/22 21:22:36.0343 2872 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

2011/06/22 21:22:36.0406 2872 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys

2011/06/22 21:22:36.0468 2872 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/06/22 21:22:36.0546 2872 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/06/22 21:22:36.0609 2872 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/06/22 21:22:36.0656 2872 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/06/22 21:22:36.0765 2872 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/06/22 21:22:36.0828 2872 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/06/22 21:22:36.0843 2872 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2011/06/22 21:22:36.0906 2872 VIAHdAudAddService (6b2c9ee4c16616e9398bbd0bc80ceb22) C:\WINDOWS\system32\drivers\viahduaa.sys

2011/06/22 21:22:36.0984 2872 VolSnap (698869e82c57169f2140c04a272bf12b) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/06/22 21:22:37.0015 2872 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/06/22 21:22:37.0093 2872 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/06/22 21:22:37.0171 2872 WN5301 (b72d232e46ff5ee2bd8f61498b748df7) C:\WINDOWS\system32\DRIVERS\wn5301.sys

2011/06/22 21:22:37.0296 2872 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2011/06/22 21:22:37.0343 2872 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/06/22 21:22:37.0390 2872 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/06/22 21:22:37.0453 2872 ZD1211BU(Atlantis-Land) (d125e1445bb9dc951c250d4192e70841) C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys

2011/06/22 21:22:37.0531 2872 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys

2011/06/22 21:22:37.0562 2872 MBR (0x1B8) (828e02d5c4a4fbe53441ee9dbee51f43) \Device\Harddisk0\DR0

2011/06/22 21:22:37.0687 2872 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

2011/06/22 21:22:37.0687 2872 ================================================================================

2011/06/22 21:22:37.0687 2872 Scan finished

2011/06/22 21:22:37.0687 2872 ================================================================================

2011/06/22 21:22:37.0687 2996 Detected object count: 0

2011/06/22 21:22:37.0687 2996 Actual detected object count: 0

Thanks for the advices, I surely won't use bittorrent, or any p2p program while cleaning up :).

Link to post
Share on other sites

Hi there,

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

I have a little problem. I have the AVG 8.5 Free Edition; I disabled the Resident Shield (I don0t have the Firwall), but ComboFix tells me that he can't work with AVG installed on my pc. The exact message is:

"ComboFix cannot run when AVG is installed. This is due to AVG's targeting of ComboFix's file/processes. It would be dangerous to continue. Please uninstall AVG or use another tool."

Should I uninstall AVG?

Link to post
Share on other sites

Hi, please leave AVG uninstalled until everything is cleaned up as we'll have to uninstall Combofix then, which will again interfere with AVG.

UPDATE XP

--------------

Your Microsoft Windows installation is out of date. Using unpatched Windows systems on the Internet is a security risk to everyone. When there are insecure computers connected to the Internet, malware spreads faster and more extensively, distributed denial-of-service attacks are easier to launch, and spammers have more platforms from which to send e-mail. Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your computer. Keeping up-to-date with all these security patches will help prevent malware from reinfecting your machine. If you are not sure how to do this, see How to use Microsoft Update.

For additional information, be sure to read "Windows Xp Service Pack 3 (sp3) Information".

Then go here to check for & install updates to Microsoft applications.

Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.

Please reboot and repeat the update process until there are no more updates to install.

When done, rerun Combofix and post me the new log.

Link to post
Share on other sites

I am sorry, but I have another problem. I never did any update of Windows because when I bought the computer it was told me not to, and since I'm not an expert, I was afraid to cause troubles. Now, I read the instructions, I went to the site (using Internet Explorer), I allowed ActiveX to work, but the site blocks me. It says: "403 - Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied."

I did the process two times, and I think I'm doing it right... am I missing something?

Link to post
Share on other sites

I'm glad to hear that! :)

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

Your Adobe Reader is now up to date!

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

  • Download the latest version of Java Runtime Environment (JRE) Version 6.
  • Look for "JDK 6 Update 26 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-6u26-windows-i586.exe

    [*]Save it to your desktop

    [*]Close any programs you may have running - especially your web browser.

    [*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).

    [*]Reboot your computer once all Java components are removed.

    [*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
  2. Click the esetonlinebtn.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    3. Check "YES, I accept the Terms of Use."
    4. Click the Start button.
    5. Accept any security warnings from your browser.
    6. Under scan settings, check "Scan Archives" and "Remove found threats"
    7. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

Link to post
Share on other sites

Done all. Here's the scan results:

C:\Documents and Settings\utente\Documenti\MsgPlusLive-470.exe a variant of Win32/Adware.CiDHelp application cleaned by deleting - quarantined

C:\Documents and Settings\utente\Documenti\WORM\aTube_Catcher.exe Win32/OpenCandy application deleted - quarantined

C:\Documents and Settings\utente\Documenti\WORM\Per ora\aTube_Catcher.exe Win32/OpenCandy application deleted - quarantined

This time, Malwarebytes gave me a pop up as soon as I turned on the pc (after uninstalling Java components), and some other messages while I was running the scan.

Link to post
Share on other sites

He said: "Successfully blocked access to potentially malicious website" but I wasn't quick enough to write down the IP associated. He did so during the ESET scan, and one time as soon as windows finished loading. It's ok if it's normal :) , I thought it was important.

Link to post
Share on other sites

Yes; it's always a different IP. This morning was:

"Successfully blocked access to potentially malicious website 62.45.155.226 (Type: outgoing)"

This evening was:

"Successfully blocked access to potentially malicious website 89.28.64.76 (Type: outgoing)"

I restarted again now, and two messages pop up, one after another:

"Successfully blocked access to potentially malicious website 91.218.38.154 (Type: incoming)"

and

"Successfully blocked access to potentially malicious website 218.7.123.132 (Type: outgoing)"

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.