strykersteve

Thanks Chris, appreciate the heads up.

attach.zip

Hi there, Getting a ton of IP blocks on my PC when nothing is running, so I'm assuming I've got some hidden nasty lurking on my system and was hoping for an assist. They are of both the incoming and outgoing variety, and most seem to be originating from China. Hopefully, this is the information you need. Here is a look at the latest Protection Log from MalwareBytes to see what I mean... 07:48:55 (null) MESSAGE Protection started successfully 07:49:04 (null) MESSAGE IP Protection started successfully 17:02:48 (null) MESSAGE Scheduled update executed successfully 17:02:50 (null) MESSAGE IP Protection stopped 17:05:29 (null) MESSAGE Database updated successfully 17:05:46 (null) MESSAGE IP Protection started successfully 17:05:58 (null) IP-BLOCK 58.240.254.60 (Type: outgoing) 17:21:52 (null) IP-BLOCK 58.240.254.60 (Type: outgoing) 17:21:59 (null) IP-BLOCK 219.146.254.216 (Type: outgoing) 17:28:32 (null) IP-BLOCK 206.53.54.74 (Type: incoming) 17:35:50 (null) IP-BLOCK 222.69.218.253 (Type: incoming) 17:42:30 (null) IP-BLOCK 77.78.236.4 (Type: incoming) 17:49:21 (null) IP-BLOCK 98.142.246.107 (Type: incoming) 17:49:39 (null) IP-BLOCK 98.142.246.107 (Type: incoming) 17:50:58 (null) IP-BLOCK 222.65.150.239 (Type: incoming) 17:54:26 (null) IP-BLOCK 98.142.246.107 (Type: incoming) 17:54:42 (null) IP-BLOCK 98.142.246.107 (Type: incoming) 17:55:28 (null) IP-BLOCK 98.142.246.107 (Type: incoming) 17:56:09 (null) IP-BLOCK 98.142.246.107 (Type: incoming) 18:00:06 (null) IP-BLOCK 98.142.246.107 (Type: incoming) 18:00:36 (null) IP-BLOCK 98.142.246.107 (Type: incoming) 18:01:03 (null) IP-BLOCK 98.142.246.107 (Type: incoming) 18:03:08 (null) IP-BLOCK 218.10.86.148 (Type: incoming) 18:06:10 (null) IP-BLOCK 98.142.246.107 (Type: outgoing) 18:12:41 (null) IP-BLOCK 219.151.170.89 (Type: incoming) 18:22:05 (null) IP-BLOCK 213.55.114.195 (Type: incoming) 18:22:06 (null) IP-BLOCK 218.7.74.121 (Type: outgoing) 18:23:04 (null) IP-BLOCK 83.128.56.36 (Type: outgoing) 18:28:06 (null) IP-BLOCK 222.65.150.239 (Type: incoming) 18:28:16 (null) IP-BLOCK 222.65.150.239 (Type: incoming) 18:28:21 (null) IP-BLOCK 222.65.150.239 (Type: incoming) 18:29:05 (null) IP-BLOCK 222.65.150.239 (Type: incoming) 18:32:11 (null) IP-BLOCK 222.76.133.250 (Type: incoming) 18:32:11 (null) IP-BLOCK 222.76.133.250 (Type: incoming) 18:32:14 (null) IP-BLOCK 222.76.133.250 (Type: incoming) 18:32:15 (null) IP-BLOCK 222.76.133.250 (Type: incoming) 18:32:16 (null) IP-BLOCK 58.241.165.208 (Type: incoming) 18:37:21 (null) IP-BLOCK 98.142.246.107 (Type: incoming) 18:39:13 (null) IP-BLOCK 212.113.46.68 (Type: incoming) 18:49:03 (null) IP-BLOCK 222.65.150.239 (Type: incoming) 19:07:40 (null) IP-BLOCK 89.28.15.78 (Type: outgoing) 19:15:43 (null) IP-BLOCK 89.28.123.20 (Type: incoming) 19:31:07 (null) IP-BLOCK 109.235.49.39 (Type: outgoing) 19:31:10 (null) IP-BLOCK 109.235.49.39 (Type: outgoing) 19:31:16 (null) IP-BLOCK 109.235.49.39 (Type: outgoing) 19:31:20 (null) IP-BLOCK 109.235.49.39 (Type: outgoing) 19:31:22 (null) IP-BLOCK 109.235.49.39 (Type: outgoing) 19:31:28 (null) IP-BLOCK 109.235.49.39 (Type: outgoing) 19:33:09 (null) IP-BLOCK 83.233.165.43 (Type: outgoing) 19:33:11 (null) IP-BLOCK 109.235.55.11 (Type: outgoing) 19:33:12 (null) IP-BLOCK 83.233.165.43 (Type: outgoing) 19:33:14 (null) IP-BLOCK 109.235.55.11 (Type: outgoing) 19:33:18 (null) IP-BLOCK 83.233.165.43 (Type: outgoing) 19:33:20 (null) IP-BLOCK 109.235.55.11 (Type: outgoing) 19:33:33 (null) IP-BLOCK 83.233.165.43 (Type: outgoing) 19:33:35 (null) IP-BLOCK 109.235.55.11 (Type: outgoing) 19:33:36 (null) IP-BLOCK 83.233.165.43 (Type: outgoing) 19:33:38 (null) IP-BLOCK 109.235.55.11 (Type: outgoing) 19:33:42 (null) IP-BLOCK 83.233.165.43 (Type: outgoing) 19:33:44 (null) IP-BLOCK 109.235.55.11 (Type: outgoing) 19:33:57 (null) IP-BLOCK 83.233.165.43 (Type: outgoing) 19:33:59 (null) IP-BLOCK 109.235.55.11 (Type: outgoing) 19:34:00 (null) IP-BLOCK 83.233.165.43 (Type: outgoing) 19:34:01 (null) IP-BLOCK 109.235.55.11 (Type: outgoing) 19:34:06 (null) IP-BLOCK 83.233.165.43 (Type: outgoing) 19:34:08 (null) IP-BLOCK 109.235.55.11 (Type: outgoing) 19:34:45 (null) IP-BLOCK 83.233.165.43 (Type: outgoing) 19:34:47 (null) IP-BLOCK 109.235.55.11 (Type: outgoing) 19:34:48 (null) IP-BLOCK 83.233.165.43 (Type: outgoing) 19:34:50 (null) IP-BLOCK 109.235.55.11 (Type: outgoing) 19:34:50 (null) IP-BLOCK 62.45.1.169 (Type: outgoing) 19:34:54 (null) IP-BLOCK 83.233.165.43 (Type: outgoing) 19:34:56 (null) IP-BLOCK 109.235.55.11 (Type: outgoing) 19:35:02 (null) IP-BLOCK 121.125.5.31 (Type: incoming) 19:36:09 (null) IP-BLOCK 83.233.165.43 (Type: outgoing) 19:36:11 (null) IP-BLOCK 109.235.55.11 (Type: outgoing) 19:36:12 (null) IP-BLOCK 83.233.165.43 (Type: outgoing) 19:36:14 (null) IP-BLOCK 109.235.55.11 (Type: outgoing) 19:36:17 (null) IP-BLOCK 83.233.165.43 (Type: outgoing) 19:36:20 (null) IP-BLOCK 109.235.55.11 (Type: outgoing) 19:38:57 (null) IP-BLOCK 83.233.165.43 (Type: outgoing) 19:38:59 (null) IP-BLOCK 109.235.55.11 (Type: outgoing) 19:39:00 (null) IP-BLOCK 83.233.165.43 (Type: outgoing) 19:39:02 (null) IP-BLOCK 109.235.55.11 (Type: outgoing) 19:39:06 (null) IP-BLOCK 83.233.165.43 (Type: outgoing) 19:39:08 (null) IP-BLOCK 109.235.55.11 (Type: outgoing) 19:44:21 (null) IP-BLOCK 83.233.165.43 (Type: outgoing) 19:44:23 (null) IP-BLOCK 109.235.55.11 (Type: outgoing) 19:44:24 (null) IP-BLOCK 83.233.165.43 (Type: outgoing) 19:44:26 (null) IP-BLOCK 109.235.55.11 (Type: outgoing) 19:44:30 (null) IP-BLOCK 83.233.165.43 (Type: outgoing) 19:44:32 (null) IP-BLOCK 109.235.55.11 (Type: outgoing) 19:50:37 (null) IP-BLOCK 58.240.121.67 (Type: outgoing) 19:53:26 (null) IP-BLOCK 62.45.213.151 (Type: incoming) 19:53:29 (null) IP-BLOCK 62.45.213.151 (Type: incoming) 19:53:35 (null) IP-BLOCK 62.45.213.151 (Type: incoming) 19:54:06 (null) IP-BLOCK 62.45.213.151 (Type: incoming) 19:54:23 (null) IP-BLOCK 62.45.213.151 (Type: incoming) 19:55:09 (null) IP-BLOCK 83.233.165.43 (Type: outgoing) 19:55:11 (null) IP-BLOCK 109.235.55.11 (Type: outgoing) 19:55:12 (null) IP-BLOCK 83.233.165.43 (Type: outgoing) 19:55:14 (null) IP-BLOCK 109.235.55.11 (Type: outgoing) 19:55:18 (null) IP-BLOCK 83.233.165.43 (Type: outgoing) 19:55:20 (null) IP-BLOCK 109.235.55.11 (Type: outgoing) 19:56:07 (null) IP-BLOCK 58.240.130.2 (Type: incoming) 19:59:20 (null) IP-BLOCK 62.45.179.202 (Type: incoming) 20:00:05 (null) IP-BLOCK 77.78.237.231 (Type: incoming) 20:01:54 (null) IP-BLOCK 83.233.165.43 (Type: outgoing) 20:01:54 (null) IP-BLOCK 109.235.55.11 (Type: outgoing) 20:01:57 (null) IP-BLOCK 83.233.165.43 (Type: outgoing) 20:01:57 (null) IP-BLOCK 109.235.55.11 (Type: outgoing) 20:02:03 (null) IP-BLOCK 83.233.165.43 (Type: outgoing) 20:02:09 (null) IP-BLOCK 109.235.55.11 (Type: outgoing) 20:26:00 (null) IP-BLOCK 58.240.130.2 (Type: incoming) 20:33:57 (null) IP-BLOCK 222.70.55.58 (Type: incoming) 20:37:38 (null) IP-BLOCK 121.10.120.182 (Type: incoming) 21:08:25 (null) MESSAGE IP Protection stopped 21:14:45 (null) MESSAGE IP Protection started successfully I've also done a System Scan and MB found no malicious items. Here is the DDS log as requested. . DDS (Ver_2011-06-11.01) - NTFSx86 Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_24 Run by Owner at 21:07:30 on 2011-06-10 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.64 [GMT -7:00] . AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Multimedia Card Reader\shwicon2k.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Owner\Desktop\39x4u0xr.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = localhost;*.local uInternet Settings,ProxyServer = 0.0.0.0:80 uSearchURL,(Default) = hxxp://www.google.com/keyword/%s BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray uPolicies-explorer: NoSMHelp = 01000000 IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{84081A5F-35C0-4D7B-B076-EF69C260AFED} : DhcpNameServer = 192.168.1.254 Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\tv0e6jmo.default\ FF - prefs.js: browser.startup.homepage - hxxp://othersi.freeforums.org/search.php?search_id=newposts&sid=196ca0a2ca084e3c7660345c1bab0f6d FF - prefs.js: network.proxy.type - 0 FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\tv0e6jmo.default\extensions\twitternotifier@naan.net\platform\winnt\components\nsTwitterFoxSign.dll FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: BitTorrent WebUI em:optionsURL=chrome://bittorrent_webui/content/options.xul em:version=0.2.1>: BitTorrent_WebUI@firefox.alexisbrunet.com - %profile%\extensions\BitTorrent_WebUI@firefox.alexisbrunet.com FF - Ext: Chromin Frame: ChrominFrame@zero.fire - %profile%\extensions\ChrominFrame@zero.fire FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} FF - Ext: Strata Aero: {269FB356-C69F-7349-D092-AB28AF836D0E} - %profile%\extensions\{269FB356-C69F-7349-D092-AB28AF836D0E} FF - Ext: Compact Menu 2: {57068FBE-1506-42ee-AB02-BD183E7999E4} - %profile%\extensions\{57068FBE-1506-42ee-AB02-BD183E7999E4} FF - Ext: Echofon: twitternotifier@naan.net - %profile%\extensions\twitternotifier@naan.net FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} FF - Ext: Paste and Go 3: omiazad@msn.com - %profile%\extensions\omiazad@msn.com FF - Ext: Text2Link: {E9AE265A-1885-4143-BDC3-2783D9124418} - %profile%\extensions\{E9AE265A-1885-4143-BDC3-2783D9124418} FF - Ext: Toggle Private Browsing: toggleprivatebrowsing@supernova00.biz - %profile%\extensions\toggleprivatebrowsing@supernova00.biz FF - Ext: Imgur Uploader: giorgio@gilestro.tk - %profile%\extensions\giorgio@gilestro.tk FF - Ext: Smart Stop/Reload: stop-reload@design-noir.de - %profile%\extensions\stop-reload@design-noir.de FF - Ext: TinEye Reverse Image Search: tineye@ideeinc.com - %profile%\extensions\tineye@ideeinc.com FF - Ext: TotalToolbar: totaltoolbar@mozdev.org - %profile%\extensions\totaltoolbar@mozdev.org FF - Ext: Glazoom (anciennement Zoom It!): zoomit@disruptive-innovations.com - %profile%\extensions\zoomit@disruptive-innovations.com FF - Ext: Glazoom (formerly known as Zoom It!): zoomit@disruptive-innovations.com - %profile%\extensions\zoomit@disruptive-innovations.com FF - Ext: Element Hiding Helper for Adblock Plus: elemhidehelper@adblockplus.org - %profile%\extensions\elemhidehelper@adblockplus.org FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff . ============= SERVICES / DRIVERS =============== . R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-7-7 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-7 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-7 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-30 56816] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-7 366640] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-7 22712] S3 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?] . =============== File Associations =============== . .txt=CrimsonEditor.txt . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2011-05-29 16:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 16:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 21:09:53.37 =============== I have also attached the ARK and attach files, as requested here. Thank you for any help you can provide.