Solved 8 steps here.In need of fast help

[cschrille]

There is no reason to worry, what Eset firewall is blocking. It only means, it works

Ok thats good to hear but, a while ago my dad had like a rootkit and around 14 trojans/trojandroppers and he got the same ip's being blocked and now i got it too.. how has this happened? same ip's from same country (Netherlands) it has done something to all pc's in the home network?

EDIT scan done

QuickScan Beta 32-bit v0.9.9.23
-------------------------------
Scan date: Sun Jul 18 21:37:26 2010
Machine ID: 26D96C20



No infection found.
-------------------



Processes
---------
<unsigned> TeaTimer.exe 2292 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

<verified> DAEMON Tools Lite 2416 C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
<verified> ESET Smart Security 1480 C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
<verified> Firefox 27984 D:\Program Files (x86)\Mozilla Firefox\firefox.exe
<verified> Firefox 28080 D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
<verified> IObit Security 360 3332 C:\Program Files (x86)\IObit\IObit Security 360\is360.exe
<verified> IObit Security 360 1656 C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe
<verified> IObit Security 360 2668 C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe
<verified> Java(TM) Platform SE Auto Updater 2 0 2708 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
<verified> Malwarebytes' Anti-Malware 2644 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
<verified> Malwarebytes' Anti-Malware 3572 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
<verified> SMSASvc Application 1808 C:\Program Files (x86)\Spam Monitor\SMSASvc.exe
<verified> Spy Sweeper SDK 1992 C:\Program Files (x86)\Webroot\Spy Sweeper\SpySweeper.exe
<verified> Spybot - Search & Destroy 1144 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
<verified> StartMan Application 1860 C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
<verified> Steam 2244 E:\Program Files (x86)\Steam\Steam.exe


Network activity
----------------
Process firefox.exe (27984) connected on port 80 (HTTP) --> 69.63.190.18
Process firefox.exe (27984) connected on port 80 (HTTP) --> 93.158.110.137
Process firefox.exe (27984) connected on port 80 (HTTP) --> 209.85.129.139
Process firefox.exe (27984) connected on port 80 (HTTP) --> 82.96.58.48
Process firefox.exe (27984) connected on port 80 (HTTP) --> 92.123.155.140
Process firefox.exe (27984) connected on port 80 (HTTP) --> 92.123.155.140
Process firefox.exe (27984) connected on port 80 (HTTP) --> 92.123.155.140
Process firefox.exe (27984) connected on port 80 (HTTP) --> 92.123.155.140
Process firefox.exe (27984) connected on port 80 (HTTP) --> 92.123.155.140
Process firefox.exe (27984) connected on port 80 (HTTP) --> 95.100.5.115
Process firefox.exe (27984) connected on port 80 (HTTP) --> 95.101.92.74
Process firefox.exe (27984) connected on port 80 (HTTP) --> 95.100.12.20
Process firefox.exe (27984) connected on port 80 (HTTP) --> 209.85.135.148
Process firefox.exe (27984) connected on port 80 (HTTP) --> 66.220.145.40
Process firefox.exe (27984) connected on port 80 (HTTP) --> 66.235.142.24



Autoruns and critical files
---------------------------
<unsigned> ParetoLogic Update Application C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
<unsigned> TeaTimer.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

<verified> BootRacer C:\Program Files (x86)\BootRacer\Bootrace.exe
<verified> DAEMON Tools Lite C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
<verified> DriverCure C:\Program Files (x86)\ParetoLogic\DriverCure\DriverCure.exe
<verified> IObit Security 360 C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe
<verified> Java(TM) Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
<verified> Malwarebytes' Anti-Malware C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
<verified> Operativsystemet Microsoft® Windows® C:\Windows\system32\rundll32.exe
<verified> Operativsystemet Microsoft® Windows® c:\windows\system32\userinit.exe
<verified> Sandboxie C:\Program Files\Sandboxie\SbieCtrl.exe
<verified> Spy Sweeper C:\Program Files (x86)\Webroot\Spy Sweeper\SpySweeperUI.exe
<verified> Steam E:\Program Files (x86)\Steam\Steam.exe


Browser plugins
---------------
<unsigned> Java(TM) Platform SE 6 U21 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
<unsigned> Silverlight Plug-In C:\Program Files (x86)\Microsoft Silverlight\4.0.50524.0\npctrl.dll

<verified> BitDefender QuickScan C:\Users\Chrille\AppData\Roaming\Mozilla\Firefox\Profiles\0g7io5fs.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan C:\Users\Chrille\AppData\Roaming\Mozilla\Firefox\Profiles\0g7io5fs.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> Flash® Player Installer/Uninstaller C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
<verified> Java(TM) Platform SE 6 U21 c:\program files (x86)\java\jre6\bin\jp2ssv.dll
<verified> Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
<verified> NPSWF32.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
<verified> Operativsystemet Microsoft® Windows® C:\Windows\System32\mswsock.dll
<verified> Operativsystemet Microsoft® Windows® C:\Windows\system32\napinsp.dll
<verified> Operativsystemet Microsoft® Windows® C:\Windows\system32\pnrpnsp.dll
<verified> PC Tools Content Filter C:\Program Files (x86)\Common Files\PC Tools\LSP\PCTLsp.dll
<verified> Picasa C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
<verified> sdhelper.dll c:\program files (x86)\spybot - search & destroy\sdhelper.dll
<verified> Windows® Internet Explorer C:\Windows\SysWOW64\ieframe.dll


Missing files
-------------
File not found: disabled
referenced in: HLKM\Software\MozillaPlugins\@microsoft.com/GENUINE\"Path"


Scan
----
<unsigned> MD5: e920d64e84e04bf05643e16f21db309c C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
<unsigned> MD5: fcc244da361936e8186a2cf24df7d7e7 C:\Program Files (x86)\DAEMON Tools Lite\mfc80u.dll
<unsigned> MD5: 80f2765699c830afac48b9c8212d3485 C:\Program Files (x86)\IObit\IObit Security 360\is360mon.dll
<unsigned> MD5: fb5200b314747963d1530d166755aa89 C:\Program Files (x86)\IObit\IObit Security 360\madbasic_.bpl
<unsigned> MD5: 155734ba4f8408328656f35269b9eb83 C:\Program Files (x86)\IObit\IObit Security 360\maddisAsm_.bpl
<unsigned> MD5: dd82eb68d97944b192c7803eb585b03c C:\Program Files (x86)\IObit\IObit Security 360\rtl120.bpl
<unsigned> MD5: 773ebd87010a6f644869a59d98792c9c C:\Program Files (x86)\IObit\IObit Security 360\vcl120.bpl
<unsigned> MD5: a30e72106d943a9fd7b4ed21b71533cb C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
<unsigned> MD5: 2cb7c019a1ab8ea3d281c9606d097331 C:\Program Files (x86)\Microsoft Silverlight\4.0.50524.0\npctrl.dll
<unsigned> MD5: 390679f7a217a5e73d756276c40ae887 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
<unsigned> MD5: 623c9754952a35b018f2448af8184075 C:\Program Files (x86)\Webroot\Spy Sweeper\dbghelp.dll
<unsigned> MD5: 6f9b85c270d7287011670411801c9dbf D:\Program Files (x86)\Mozilla Firefox\freebl3.dll
<unsigned> MD5: a0b507e037c3d2369f42a7bbfd08d878 D:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
<unsigned> MD5: 7206da15f187595389741f85dc47d2a5 D:\Program Files (x86)\Mozilla Firefox\softokn3.dll
<unsigned> MD5: c720f2a93d592398c646bd34d913af1a E:\Program Files (x86)\Steam\bin\icudt42.dll


No file uploaded.

Scan finished - communication took 1 sec
Total traffic - 0.06 MB sent, 1.45 KB recvd
Scanned 576 files and modules - 18 seconds

==============================================================================

 

[Broni]

Every security program on every computer blocks hundreds of IPs every day.
This is, what it's designed for.

 

[cschrille]

*waiting for reply on log*

 

[Broni]

Oh, sorry about that

OTL Clean-Up
Clean up with OTL:

* Double-click OTL.exe to start the program.
* Close all other programs apart from OTL as this step will require a reboot
* On the OTL main screen, press the CLEANUP button
* Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

=======================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run defrag at your convenience.

8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

9. Please, let me know, how is your computer doing.

 

[cschrille]

Ok i will do that when i go to bed anyhow was I infected? If so, with what?

 

[Broni]

I really didn't see anything malicious on your computer.
How is your computer doing right now?

 

[cschrille]

Well most things are working except some .dll files

 

[Broni]

If some programs are not working, you may need to reinstall them.

I still don't understand, what you mean by not working dll.
Give me some example and a full error message, if present.

 

[cschrille]

Lets say a cheat, an executable file. When i load the cheat it should load the dll to make it work. It doesnt load the dll file=it doesnt work. What message do you get when you double click any .dll file? I get a message saying that it it NOT a dll or ocx file

 

[Broni]

OK. I have no clue about cheats and any kind of programs like that.
Maybe bad download, bad file, or....whatever.
At this point, your computer is free of any malware and garbage, so regarding cheats and likes, you'll have to start new topic in some other forum on this site.

 

[cschrille]

Thank you anyways

 

[Broni]

You're very welcome