Malwarebytes blocks numerous websites [Solved]

Thanks! It will feel sooooo good to know this baddy is finally GONE!

Ok,

WVcheck:

Windows Validation Check
Log Created On: 1550_29-05-2010
------------------------

Windows Information
-----------------------
Windows Version: Windows 7
Windows Mode: Normal

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Do not download or install updates automatically.
------------------------------
Last Success Time for Update Detection: 2010-05-27 02:16:17
Last Success Time for Update Download: 2010-05-27 02:16:58
Last Success Time for Update Installation: 2010-05-27 02:18:27

WVCheck's File Dump
-------------------
WVCheck found no known bad files.

WVCheck's Missing File Check
-------------------
WVCheck found no missing Windows files.

WVCheck's MBAM Quarantine Check
-------------------
There were no bad files quarantined by MBAM.

WVCheck's HOSTS File Check
-------------------
WVCheck found no bad lines in the hosts file.

-------- End of File, program close at 1551_29-05-2010 --------

********************************************************************************
*********************************************************************************
******************************************************************************

MGADiag:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-GJY49-VJBQ7-HYRR2
Windows Product Key Hash: W5/6nm6F2UPXrCkY5xUhXb/+21g=
Windows Product ID: 00426-OEM-8992662-00006
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7600.2.00010100.0.0.001
ID: {13EEB35D-60CE-4EAE-B42B-719D37DE94D5}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000000
Build lab: 7600.win7_gdr.100226-1909
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{13EEB35D-60CE-4EAE-B42B-719D37DE94D5}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-HYRR2</PKey><PID>00426-OEM-8992662-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-1169059471-794929098-2150087493</SID><SYSTEM><Manufacturer>. </Manufacturer><Model>. </Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>6.00 PG</Version><SMBIOSVersion major="2" minor="5"/><Date>20080530000000.000000+000</Date></BIOS><HWID>30203207018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7600.16385

Name: Windows® 7, Ultimate edition
Description: Windows Operating System - Windows® 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600006-02-1033-7600.0000-0632010
Installation ID: 000070513105755526055760327620488770106675331394741516
Processor Certificate URL: http://go.microsoft....k/?LinkID=88338
Machine Certificate URL: http://go.microsoft....k/?LinkID=88339
Use License URL: http://go.microsoft....k/?LinkID=88341
Product Key Certificate URL: http://go.microsoft....k/?LinkID=88340
Partial Product Key: HYRR2
License Status: Licensed
Remaining Windows rearm count: 0
Trusted time: 5/29/2010 3:53:40 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 3:5:2010 13:14
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: QAAAAAQABgABAAEAAgACAAAAAQABAAEA6GGSEVxVLDQRGnL+4l/KzTpfKiGI/XTm0oLuP0y/je8ka5w8pnMqhQ==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC IntelR AWRDACPI
FACP IntelR AWRDACPI
MCFG IntelR AWRDACPI
SSDT PmRef CpuPm
SLIC ACRSYS ACRPRDCT

********************************************************************************
*********************************************************************************
*****************************************************************************

ESET Online Scan:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=c805eefc5feb8b419e3d914ee9497e61
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-05-29 11:13:52
# local_time=2010-05-29 06:13:52 (-0600, Central Daylight Time)
# country="United States"
# lang=9
# osver=6.1.7600 NT
# compatibility_mode=1792 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 0 26711961 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=109863
# found=8
# cleaned=8
# scan_time=7661
C:\BF2\AIX\AIX_2.0_CORE_MOD.exe probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Downloads\software\Divx\DivXse7en.xebec101\DivXse7en.xebec101\DivXInstaller.exe a variant of Win32/Injector.BDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Downloads\software\Divx\DivXse7en.xebec101\DivXse7en.xebec101\Keygen\Keygen FFF.exe a variant of Win32/Injector.BDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\EA GAMES\Battlefield 2\mods\stats\Stats.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\config\systemprofile\AppData\Roaming\alggui.exe a variant of Win32/Adware.PCProtector.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\CODEMAN-MYPC\Backup Set 2010-05-21 041401\Backup Files 2010-05-21 041401\Backup files 1.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
D:\CODEMAN-MYPC\Backup Set 2010-05-21 041401\Backup Files 2010-05-21 041401\Backup files 3.zip a variant of Win32/Injector.BDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
J:\Isos\Need For Speed Most Wanted.iso probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C

Note:

Ok, a couple of false positives here I think? C:\BF2\AIX\AIX_2.0_CORE_MOD.exe (Downloaded from their website) That's a mod for the game BF2. I doubt if that's a virus!!! Also, C:\Program Files\EA GAMES\Battlefield 2\mods\stats\Stats.exe? I believe I NEED THAT to play BF2 correctly, which I play frequently, lol! I think the Divx is showing up b\c of the keygen, but I'll get rid of that. Now this one: C:\Windows\System32\config\systemprofile\AppData\Roaming\alggui.exe, looks bad and I'm definitely deleting it! D:\ is where Windows is saving a backup image of my hard drive, so it has to go. J:\Isos\Need For Speed Most Wanted.iso, not sure about this one, but just to be safe it's gone.

All of these are just what I think is correct, if you think they all need to go then I'll delete them all.

Ok Rorschach, what's next?

hi

Please download OTM

Save it to your desktop.
Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Processes

:Services

:Reg

:Files
C:\Windows\System32\config\systemprofile\AppData\Roaming\alggui.exe  
:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[Reboot]

Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Your logs are clean

Follow these steps to uninstall Combofix and tools used in the removal of malware

Uninstall ComboFix

Remove Combofix now that we're done with it.

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
Please follow the prompts to uninstall Combofix.
You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

Open OTL
Under the Custom Scans/Fixes box at the bottom, paste the following:
```
:Commands
[clearallrestorepoints]
```
Click the Run Fix button at the top
It might ask you to reboot, if so click YES

Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
Click on the CleanUp button.
Click Yes to begin the cleanup process and remove tools, including this application
You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

Please read my guide on how to prevent malware and about safe computing here

Thank you for your patience, and performing all of the procedures requested.

Malwarebytes blocks numerous websites [Solved] - Geeks to Go Forums

Malwarebytes blocks numerous websites [Solved] Mbam scan keeps finding C :\Windows\system32\Drivers�

#16 cody1

#17 Rorschach112

#18 cody1

#19 Rorschach112

Share this topic:

Related Topics: