Detected DNS Cache Poisoning Attack

Yes please perform the uninstall of combofix as instructed in the last post.

Yes please perform the uninstall of combofix as instructed in the last post.

done, what is the next step?

Are you using Windows Firewall by any chance?

Also what kind of CD-ROM do you have, the below will let me know that information.

Please perform the following, so that we can get the exact specs of your computer. This will better assist us in helping you more.

Publish a Snapshot using Speccy

The below is for those who cannot get online

Please take caution when attaching a text file to your post if you cannot copy/paste the link to your post, you will need to edit it to make sure that your Windows Key is not present.

http://speccy.piriform.com/results/LMOfzWdkzzS7k8qQjlHZcjj

Can I request that the information in this thread be deleted afterwards? it seems to be showing quite alot of my information within my computer...
(even this link to be removed)

According to Sneakycyber, my cdrom is out of date and needed an update, but he/she told that process will be after fixing the problem. And yes, I have Windows Firewall activated at the moment

Yes that link can be deleted by you, and lets take care of a few things first.

Are you using the firewall within Eset or is it disabled? If you are using Eset as your firewall then you need to disable Windows Firewall.

Also lets go disable Windows Defender which is running. Go to Control Panel then to Administrative Tools then to Service scroll down and disable Windows Defender from starting.

Having multiple active scanners going can cause issues.

Yes that link can be deleted by you, and lets take care of a few things first.

Are you using the firewall within Eset or is it disabled? If you are using Eset as your firewall then you need to disable Windows Firewall.

Also lets go disable Windows Defender which is running. Go to Control Panel then to Administrative Tools then to Service scroll down and disable Windows Defender from starting.

Having multiple active scanners going can cause issues.

Done

Guess I'll delete everything if this can be solved...
I have Windows Firewall disabled at the moment and have ESET firewall running. But would it be better to run the opposite? Disabling ESET's firewall and using Windows (since as I recall was suggested by someone else)

Well lets do this for now and see if the attacks continue to appear. Also what is the exact model number of your Sony Lap top?

This can be found on the bottom on the label.

Well lets do this for now and see if the attacks continue to appear. Also what is the exact model number of your Sony Lap top?

This can be found on the bottom on the label.

I purchased this online, its a VPCSA26GG
I am getting the message less frequent compared to before, but I actually did get before I did the uninstalling of ComboFix and Speccy.

I just wanted to know, were these the steps to "removing the registry remnant and any others from my computer" mentioned by Sneakycyber?

UPDATE: I just received 2 notification with the same error again... >.<

Lets go ahead and disable Eset's firewall then enable Windows Firewall.

Also can you navigate to Device Manager via right clicking on My Computer then go to Properties. On the left click on Device Manager.

go to CD/DVD-ROMS and expand it. Right click on it and go to Properties then the Details Tab and select HardwareID's copy and paste the information into your next post.

I want to make sure that I am giving you the right link to upgrade the CD-ROM Drivers.

Lets go ahead and disable Eset's firewall then enable Windows Firewall.

Also can you navigate to Device Manager via right clicking on My Computer then go to Properties. On the left click on Device Manager.

go to CD/DVD-ROMS and expand it. Right click on it and go to Properties then the Details Tab and select HardwareID's copy and paste the information into your next post.

I want to make sure that I am giving you the right link to upgrade the CD-ROM Drivers.

I have Eset's personal firewall disabled and now with Windows Firewall enabled, hopefully that does the trick. I am unfamiliar with what I have, is the router I have a firewalled router? I've been told that running Windows firewall + firewalled router should be enough as protection, is the router already automatically setup to protect? or again, is there another procedure in setting it up?

And this is what I have under the tab you mentioned:

IDE\CdRomMATbleepA_DVD-RAM_UJ8A2AS________________1.20____
IDE\MATbleepA_DVD-RAM_UJ8A2AS________________1.20____
IDE\CdRomMATbleepA_DVD-RAM_UJ8A2AS________________
MATbleepA_DVD-RAM_UJ8A2AS________________1.20____
GenCdRom

Here is the user manual for your router: ftp://ftp.dlink.com/Gateway/dir615/Manual/dir615_manual_100.zip in there it will discuss the firewall and its options.


Lets look for some files:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE

• Double-click SystemLook.exe to run it.
• Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
• Copy the content of the following box into the main textfield:
  

  :filefind
  cdrom.sys
  cdrom.inf
  

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Here is the user manual for your router: ftp://ftp.dlink.com/Gateway/dir615/Manual/dir615_manual_100.zip in there it will discuss the firewall and its options.


Lets look for some files:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE

• Double-click SystemLook.exe to run it.
• Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
• Copy the content of the following box into the main textfield:
  

  :filefind
  cdrom.sys
  cdrom.inf
  

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Thanks, I'll read over my manual and see if I am able to get anything out of it, or find some alternative or something hahaha

Here are the results:

SystemLook 30.07.11 by jpshortstuff
Log created at 23:44 on 27/05/2012 by sony
Administrator - Elevation successful

========== filefind ==========

Searching for "cdrom.sys"
C:\Windows\System32\drivers\cdrom.sys --a---- 147456 bytes [03:23 21/11/2010] [03:23 21/11/2010] F036CE71586E93D94DAB220D7BDF4416
C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys --a---- 147456 bytes [03:23 21/11/2010] [03:23 21/11/2010] F036CE71586E93D94DAB220D7BDF4416
C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys --a---- 147456 bytes [03:23 21/11/2010] [03:23 21/11/2010] F036CE71586E93D94DAB220D7BDF4416

Searching for "cdrom.inf"
C:\Windows\inf\cdrom.inf --a---- 9878 bytes [05:31 14/07/2009] [03:28 21/11/2010] 55F752CB20B82A4424CE33D1ABCFA755
C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.inf --a---- 9878 bytes [03:23 21/11/2010] [03:23 21/11/2010] 55F752CB20B82A4424CE33D1ABCFA755
C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.inf --a---- 9878 bytes [03:23 21/11/2010] [03:23 21/11/2010] 55F752CB20B82A4424CE33D1ABCFA755

-= EOF =-

Thanks, I'll read over my manual and see if I am able to get anything out of it, or find some alternative or something hahaha

Here are the results:

SystemLook 30.07.11 by jpshortstuff
Log created at 23:44 on 27/05/2012 by sony
Administrator - Elevation successful

========== filefind ==========

Searching for "cdrom.sys"
C:\Windows\System32\drivers\cdrom.sys --a---- 147456 bytes [03:23 21/11/2010] [03:23 21/11/2010] F036CE71586E93D94DAB220D7BDF4416

Searching for "cdrom.inf"
C:\Windows\inf\cdrom.inf --a---- 9878 bytes [05:31 14/07/2009] [03:28 21/11/2010] 55F752CB20B82A4424CE33D1ABCFA755

-= EOF =-

You have the latest version of the CD-ROM Files:

SystemLook 30.07.11 by jpshortstuff
Log created at 06:52 on 28/05/2012 by cryptodan
Administrator - Elevation successful

========== filefind ==========

Searching for "cdrom.sys"
C:\Windows\System32\drivers\cdrom.sys --a---- 147456 bytes [17:17 08/09/2011] [01:19 20/11/2010] F036CE71586E93D94DAB220D7BDF4416


Searching for "cdrom.inf"
C:\Windows\inf\cdrom.inf --a---- 9878 bytes [05:31 14/07/2009] [17:47 08/09/2011] 55F752CB20B82A4424CE33D1ABCFA755


-= EOF =-

Well, since I have the ESET firewall disabled and with Windows Firewall enabled, I don't think I will be getting that notification again. Hopefully no more problems...

I just wanted to know, were the steps before the cdrom check, to "removing the registry remnant and any others from my computer" mentioned by Sneakycyber??

Just to recap I had said the file could have been moved because of and update. Not that the drivers were out of date. Cryptodan did everything I would have done and a few that I didn't know to do. Rest assured your in great hands.