Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is my Malware blocking my Avast security?


  • Please log in to reply
8 replies to this topic

#1 Nardcore805

Nardcore805

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 12 July 2011 - 05:31 PM

I think I had this question in the wrong area so here goes:
i recently was having problems with every part of my laptop it seems and my AVG said all was good but a friend suggested Avast and he was a professor for ITT. I loaded that and Malware Bytes then upgraded to the pay version of both and ran the scans which Malware found several trojans ect. Since then neither has not a one virus or anything in the quarantine areas but constantly I do see a window at the bottom right saying Malware has successfully blocked a incoming threat. when I check the logs here is what I get and it is blocking a outgoing port IP but at the end says Avast.exe are they conflicting with each other?? Please help me determine what's wrong. Here is what is printed 50 plus times on each log and they are rapid fire!
17:31:20 nardcore714 IP-BLOCK 178.218.210.194 (Type: outgoing, Port: 50785, Process: avastsvc.exe)
17:31:21 nardcore714 IP-BLOCK 178.218.210.194 (Type: outgoing, Port: 50788, Process: avastsvc.exe)
17:31:21 nardcore714 IP-BLOCK 178.218.210.194 (Type: outgoing, Port: 50790, Process: avastsvc.exe)
17:31:21 nardcore714 IP-BLOCK 178.218.210.194 (Type: outgoing, Port: 50791, Process: avastsvc.exe)
17:31:21 nardcore714 IP-BLOCK 178.218.210.194 (Type: outgoing, Port: 50792, Process: avastsvc.exe)
17:31:21 nardcore714 IP-BLOCK 178.218.210.194 (Type: outgoing, Port: 50793, Process: avastsvc.exe)
17:31:21 nardcore714 IP-BLOCK 178.218.210.194 (Type: outgoing, Port: 50794, Process: avastsvc.exe)
17:31:22 nardcore714 IP-BLOCK 178.218.210.194 (Type: outgoing, Port: 50795, Process: avastsvc.exe)
17:31:22 nardcore714 IP-BLOCK 178.218.210.194 (Type: outgoing, Port: 50796, Process: avastsvc.exe)
17:31:22 nardcore714 IP-BLOCK 178.218.210.194 (Type: outgoing, Port: 50797, Process: avastsvc.exe)
17:31:22 nardcore714 IP-BLOCK 178.218.210.194 (Type: outgoing, Port: 50819, Process: avastsvc.exe)
17:31:22 nardcore714 IP-BLOCK 178.218.210.194 (Type: outgoing, Port: 50821, Process: avastsvc.exe)
17:31:22 nardcore714 IP-BLOCK 178.218.210.194 (Type: outgoing, Port: 50823, Process: avastsvc.exe)
17:31:22 nardcore714 IP-BLOCK 178.218.210.194 (Type: outgoing, Port: 50825, Process: avastsvc.exe)
17:31:22 nardcore714 IP-BLOCK 178.218.210.194 (Type: outgoing, Port: 50826, Process: avastsvc.exe)
17:31:22 nardcore714 IP-BLOCK 178.218.210.194 (Type: outgoing, Port: 50827, Process: avastsvc.exe)
17:31:22 nardcore714 IP-BLOCK 178.218.210.194 (Type: outgoing, Port: 50828, Process: avastsvc.exe)
17:31:22 nardcore714 IP-BLOCK 178.218.210.194 (Type: outgoing, Port: 50829, Process: avastsvc.exe)
17:31:22 nardcore714 IP-BLOCK 178.218.210.194 (Type: outgoing, Port: 50846, Process: avastsvc.exe)
17:31:22 nardcore714 IP-BLOCK 178.218.210.194 (Type: outgoing, Port: 50847, Process: avastsvc.exe)
17:31:22 nardcore714 IP-BLOCK 178.218.210.194 (Type: outgoing, Port: 50849, Process: avastsvc.exe)
17:31:22 nardcore714 IP-BLOCK 178.218.210.194 (Type: outgoing, Port: 50850, Process: avastsvc.exe)
17:31:22 nardcore714 IP-BLOCK 178.218.210.194 (Type: outgoing, Port: 50851, Process: avastsvc.exe)
17:31:22 nardcore714 IP-BLOCK 178.218.210.194 (Type: outgoing, Port: 50852, Process: avastsvc.exe)
17:31:38 nardcore714 IP-BLOCK 178.218.210.194 (Type: outgoing, Port: 51054, Process: avastsvc.exe)
Thank you

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:37 PM

Posted 12 July 2011 - 09:28 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Nardcore805

Nardcore805
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 13 July 2011 - 06:14 AM

Here is the first one and I will post the others as well. It looks like my ethernet and VGA are missing as well so trying to fix that. Thank you for helping!

Results of screen317's Security Check version 0.99.7
Windows 7 Service Pack 1 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

avast! Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.3.181.34
Adobe Reader X (10.1.0)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast afwServ.exe
``````````End of Log````````````

#4 Nardcore805

Nardcore805
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 13 July 2011 - 06:19 AM

Here is the Mini Toolbox report again and my computer crashed more than a few times last night:

MiniToolBox by Farbar
Ran by nardcore714 (administrator) on 14-07-2011 at 00:41:58
Windows 7 Home Premium Service Pack 1 (X86)

***************************************************************************


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

== End of IE Proxy Settings ==

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "*.local"
"network.proxy.type", 4

== End of FF Proxy Settings ==
=============== Hosts content: ============================================

127.0.0.1 localhost
::1 localhost
# Copyright © 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost

== End of Hosts ==

================= IP Configuration: =======================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : nardcore714-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 06-1B-9E-28-C8-C9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR5007EG Wireless Network Adapter
Physical Address. . . . . . . . . : 00-1B-9E-28-C8-C9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::cdb2:8f3:9d87:198a%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, July 13, 2011 7:45:26 PM
Lease Expires . . . . . . . . . . : Thursday, July 14, 2011 7:45:34 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 218110878
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-C8-44-69-00-1B-38-14-06-0D
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-1B-38-14-06-0D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.Belkin:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{C7B9AB8C-B9F1-456B-B824-0A683971524D}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{B8CCAA1D-F70E-4FE3-A340-96B8FB2ACEC0}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{DC5B5922-3016-4CDA-A051-A4A91464D655}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.224.83
74.125.224.84
74.125.224.80
74.125.224.81
74.125.224.82


Pinging google.com [74.125.224.80] with 32 bytes of data:
Reply from 74.125.224.80: bytes=32 time=27ms TTL=53
Reply from 74.125.224.80: bytes=32 time=25ms TTL=53

Ping statistics for 74.125.224.80:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 25ms, Maximum = 27ms, Average = 26ms
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.2.43
98.137.149.56
209.191.122.70
67.195.160.76
69.147.125.65


Pinging yahoo.com [98.137.149.56] with 32 bytes of data:
Reply from 98.137.149.56: bytes=32 time=26ms TTL=52
Reply from 98.137.149.56: bytes=32 time=149ms TTL=52

Ping statistics for 98.137.149.56:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 26ms, Maximum = 149ms, Average = 87ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
26...06 1b 9e 28 c8 c9 ......Microsoft Virtual WiFi Miniport Adapter
12...00 1b 9e 28 c8 c9 ......Atheros AR5007EG Wireless Network Adapter
10...00 1b 38 14 06 0d ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
29...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
30...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
15...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
28...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.4 281
192.168.1.4 255.255.255.255 On-link 192.168.1.4 281
192.168.1.255 255.255.255.255 On-link 192.168.1.4 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.4 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.4 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
12 281 fe80::/64 On-link
12 281 fe80::cdb2:8f3:9d87:198a/128
On-link
1 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

== End of IP Configuration ==

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/13/2011 03:02:58 PM) (Source: Windows Backup) (User: )
Description: The backup was not successful. The error is: "C:\Users\nardcore714\Pictures\2009-12-28\426.JPG" Data error (cyclic redundancy check). (0x80070017).

Error: (07/13/2011 02:23:35 PM) (Source: Windows Backup) (User: )
Description: The backup was not successful. The error is: "C:\Users\nardcore714\AppData\Local\Mozilla\Firefox\Profiles\8s54nlo6.default\urlclassifier3.sqlite" Data error (cyclic redundancy check). (0x80070017).

Error: (07/13/2011 01:52:58 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (07/13/2011 00:46:53 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (07/13/2011 11:42:27 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (07/13/2011 10:14:23 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {f09b1182-745e-447e-aa47-ff11e46f97f1}

Error: (07/13/2011 09:52:27 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (07/13/2011 06:13:39 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (07/13/2011 05:46:53 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (07/13/2011 04:44:43 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============
Error: (07/13/2011 10:07:48 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (07/13/2011 09:12:45 PM) (Source: Service Control Manager) (User: )
Description: The Windows Connect Now - Config Registrar service failed to start due to the following error:
%%1079

Error: (07/13/2011 09:06:46 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (07/13/2011 09:06:42 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (07/13/2011 09:06:38 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (07/13/2011 08:35:12 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (07/13/2011 08:31:44 PM) (Source: Disk) (User: )

Edited by Nardcore805, 14 July 2011 - 02:47 AM.


#5 Nardcore805

Nardcore805
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 13 July 2011 - 06:33 AM

Here is the Malware scan:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7079

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

7/13/2011 4:29:54 AM
mbam-log-2011-07-13 (04-29-54).txt

Scan type: Quick scan
Objects scanned: 241407
Time elapsed: 8 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:37 PM

Posted 13 July 2011 - 06:09 PM

MiniToolbox log is incomplete.
Please repost it.

I still need GMER log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 Nardcore805

Nardcore805
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 14 July 2011 - 02:44 AM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:

  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.



#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:37 PM

Posted 14 July 2011 - 01:34 PM

You just quoted my reply.

Please post both required logs.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 Sz2

Sz2

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 14 July 2011 - 03:57 PM

Oh, it's a funny thing that it happened to me too more or less recently since I installed the "Complete version trial". (It blocks the same IP) And, I'm not using avast.

Edited by Sz2, 15 July 2011 - 06:23 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users