I’ve seen a few other people on here having this problem where you just keep getting this notification that Avast is blocking harmful sites. I downloaded all of zee equipment in the sticky and here are the results!

I’m using Avast on Windows XP

I’ve done tons of scans and they find an infected file or two but it doesn’t fix the problem.

This is what Avast pops up saying every time
178.162.172.37
URL:Mal
C:\WINDOWS\System32\svchost.exe
This is the MBAM results

Malwarebytes’ Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7554

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/24/2011 10:52:06 AM
mbam-log-2011-08-24 (10-52-06).txt

Scan type: Quick scan
Objects scanned: 176083
Time elapsed: 17 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) → Bad: (1) Good: (0) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) → Bad: (1) Good: (0) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) → Bad: (1) Good: (0) → Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL results are attached as well as the results from aswMBR.

here is the Extras and the aswMBR

Not able to reply?

There may well be a TDL3 problem

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL [2011/07/18 01:04:05 | 000,003,638 | -HS- | C] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\4722741pumq416vmcl2g8csbs13i10 [2011/07/18 01:04:05 | 000,003,638 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4722741pumq416vmcl2g8csbs13i10 [2011/07/18 01:04:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\upe.exe [2011/07/18 01:04:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\rmx.exe [2011/07/18 01:04:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\rgd.exe [2011/07/18 01:04:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pmb.exe [2011/07/18 01:04:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\gnf.exe [2011/07/18 01:04:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\wdq.exe [2011/07/18 01:04:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\kbv.exe [2011/07/18 01:04:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\ehe.exe [2011/07/09 07:15:22 | 000,016,126 | -HS- | C] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\im5e62l026uv [2011/07/09 07:15:22 | 000,016,126 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\im5e62l026uv

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

THEN

Please read carefully and follow these steps.

[*]DownloadTDSSKiller and save it to your Desktop.
[*]Extract its contents to your desktop.
[*]Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

http://i1224.photobucket.com/albums/ee362/Essexboy3/TDSSKiller%20shots/TDSSKillermain.png

[*]If an infected file is detected, the default action will be Cure, click on Continue.

http://i1224.photobucket.com/albums/ee362/Essexboy3/TDSSKiller%20shots/TDSSKillerMal-1.png

[*]If a suspicious file is detected, the default action will be Skip, click on Continue.

http://i1224.photobucket.com/albums/ee362/Essexboy3/TDSSKiller%20shots/TDSSKillerSuspicious.png

[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.

http://i1224.photobucket.com/albums/ee362/Essexboy3/TDSSKiller%20shots/TDSSKillerCompleted.png

[*]If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
[*]If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste the contents of that file here.

Ah I can’t reply with Extras sorries For some reason the connection keeps “Timing Out” when it is attached. My last post was a test

That can happen if the TDL 3 is present

Here are the quick scan results, I’ll follow the rest of the steps now!

Could you confirm that you pressed run fix on OTL after you pasted the script in as the files did not go

I am pretty sure I hit Run Fix but I ran it again just in case and here is the log. Also he is the log from TDSS, it said it found something and “cured” it.

What are the current problems ?

Please download Malwarebytes’ Anti-Malware

Double Click mbam-setup.exe to install the application.
[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]The scan may take some time to finish, so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Scanning right now, this was the first thing I installed per your sticky Post.

Everything is going a lot better with the computer although I still get that sort of harmful website attack thing coming up, just FAR less often. Also Avast isn’t blocking it anymore, MBAM has been.

Could you grab a screenshot of that - It may be MBAM blocking Avast - it is a bit sad that way

Successfully blocked access to a potentially malicious website: 89.28.16.213 type: outgoing

I’ll try to grab a SS next time, the little bubble pops up with the above though.

Here is the log of that MBAM quickscan

Could I have a fresh OTL scan please with all users selected

Here is the latest OTL. Sorry I didn’t see you responded and thought that I would be good with that last quick scan report. The problem has come back with MBAM blocking it more frequently.

OK lets remove the suspect toolbar, you do have a few

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll () O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll () [2011/07/18 01:04:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\thc.exe

:Files
ipconfig /flushdns /c
C:\Program Files\Search Toolbar

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

Here is the quick scan after applying that fix

Still alerting ? If so I may need to use a deeper analysis tool

I have only received one notice since the fix, and I’m not 100% sure if it was blocking the same thing. So far I’ve noticed no problems