"Successfully blocked access to a potentially malicious website"?

[alwaysthinking]

Yes, they are still happening.

 

2014/03/07 00:37:18 -0600 TIM-PC Timothy IP-BLOCK 60.173.10.177 (Type: incoming, Port: 8088, Process: svchost.exe)

2014/03/07 01:58:59 -0600 TIM-PC Timothy IP-BLOCK 93.174.93.67 (Type: incoming, Port: 21320, Process: svchost.exe)

2014/03/07 02:23:35 -0600 TIM-PC Timothy IP-BLOCK 93.174.93.67 (Type: incoming, Port: 21320, Process: svchost.exe)

2014/03/07 11:45:01 -0600 TIM-PC Timothy IP-BLOCK 93.174.93.67 (Type: incoming, Port: 21320, Process: svchost.exe)

2014/03/07 12:07:44 -0600 TIM-PC Timothy IP-BLOCK 93.174.93.67 (Type: incoming, Port: 21320, Process: svchost.exe)

2014/03/07 12:16:36 -0600 TIM-PC Timothy MESSAGE Executing scheduled update:  Daily

2014/03/07 12:16:41 -0600 TIM-PC Timothy MESSAGE Scheduled update executed successfully:  database updated from version v2014.03.04.09 to version v2014.03.07.07

2014/03/07 12:16:41 -0600 TIM-PC Timothy MESSAGE Starting database refresh

2014/03/07 12:16:41 -0600 TIM-PC Timothy MESSAGE Stopping IP protection

2014/03/07 12:16:41 -0600 TIM-PC Timothy MESSAGE IP Protection stopped successfully

2014/03/07 12:17:10 -0600 TIM-PC Timothy MESSAGE Database refreshed successfully

2014/03/07 12:17:10 -0600 TIM-PC Timothy MESSAGE Starting IP protection

2014/03/07 12:17:11 -0600 TIM-PC Timothy MESSAGE IP Protection started successfully

2014/03/07 14:44:06 -0600 TIM-PC Timothy IP-BLOCK 222.186.38.116 (Type: incoming, Port: 22, Process: svchost.exe)

2014/03/07 14:44:06 -0600 TIM-PC Timothy IP-BLOCK 222.186.38.116 (Type: incoming, Port: 22, Process: svchost.exe)

2014/03/07 15:21:31 -0600 TIM-PC Timothy IP-BLOCK 80.82.70.117 (Type: incoming, Port: 21320, Process: svchost.exe)

2014/03/07 16:15:07 -0600 TIM-PC Timothy IP-BLOCK 93.174.93.67 (Type: incoming, Port: 21320, Process: svchost.exe)

2014/03/07 16:15:07 -0600 TIM-PC Timothy IP-BLOCK 93.174.93.67 (Type: incoming, Port: 21320, Process: svchost.exe)

2014/03/07 16:57:45 -0600 TIM-PC Timothy IP-BLOCK 93.174.93.67 (Type: incoming, Port: 21320, Process: svchost.exe)

2014/03/07 21:03:32 -0600 TIM-PC Timothy IP-BLOCK 93.174.93.67 (Type: incoming, Port: 21320, Process: svchost.exe)

2014/03/07 21:38:45 -0600 TIM-PC (null) MESSAGE Starting protection

2014/03/07 21:38:46 -0600 TIM-PC (null) MESSAGE Protection started successfully

2014/03/07 21:38:46 -0600 TIM-PC (null) MESSAGE Starting IP protection

2014/03/07 21:38:48 -0600 TIM-PC (null) MESSAGE IP Protection started successfully

2014/03/07 22:08:26 -0600 TIM-PC (null) MESSAGE Starting protection

2014/03/07 22:08:26 -0600 TIM-PC (null) MESSAGE Protection started successfully

2014/03/07 22:08:26 -0600 TIM-PC (null) MESSAGE Starting IP protection

2014/03/07 22:08:27 -0600 TIM-PC (null) MESSAGE IP Protection started successfully

2014/03/07 23:43:31 -0600 TIM-PC Timothy IP-BLOCK 93.174.93.67 (Type: incoming, Port: 21320, Process: svchost.exe)

2014/03/07 23:43:31 -0600 TIM-PC Timothy IP-BLOCK 93.174.93.67 (Type: incoming, Port: 21320, Process: svchost.exe)

 

 

 

2014/03/08 00:47:40 -0600 TIM-PC Timothy IP-BLOCK 93.174.93.67 (Type: incoming, Port: 21320, Process: svchost.exe)

2014/03/08 01:15:13 -0600 TIM-PC Timothy IP-BLOCK 93.174.93.67 (Type: incoming, Port: 21320, Process: svchost.exe)

2014/03/08 01:15:13 -0600 TIM-PC Timothy IP-BLOCK 93.174.93.67 (Type: incoming, Port: 21320, Process: svchost.exe)

2014/03/08 01:51:01 -0600 TIM-PC Timothy IP-BLOCK 94.102.53.194 (Type: incoming, Port: 123, Process: svchost.exe)

2014/03/08 01:51:09 -0600 TIM-PC Timothy IP-BLOCK 94.102.53.194 (Type: incoming, Port: 123, Process: svchost.exe)

2014/03/08 01:51:17 -0600 TIM-PC Timothy IP-BLOCK 94.102.53.194 (Type: incoming, Port: 123, Process: svchost.exe)

 

 

[AdvancedSetup]

Those are incoming IP blocks from being scanned by someone.  You might try doing a factory reset on your router and release its IP and leave it off for the day with no power on.   Then turn it back on and hopefully you'll get a  new IP address from your ISP and then maybe these incoming probes will stop.

[alwaysthinking]

The IP blocks were happening when I was in my apartment, using the apartment building's internet service. But now that I am back home for spring break using my parents' internet service, the IP blocks seem to have stopped.

[AdvancedSetup]

Great.  Glad that was resolved.  

 

Please download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• If you get Unsupported operating system. Aborting now, just reboot and try again.
• A Notepad document should open automatically called checkup.txt.
• Please Post the contents of that document.
• Do Not Attach It!!!
  

 

[alwaysthinking]

 Results of screen317's Security Check version 0.99.80  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

avast! Antivirus   

 Antivirus out of date!  

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Adobe Reader XI  

 Google Chrome 33.0.1750.146  

 Google Chrome 33.0.1750.154  

````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 Malwarebytes' Anti-Malware mbamscheduler.exe   

 AVAST Software Avast AvastSvc.exe  

 AVAST Software Avast AvastUI.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 2% 

````````````````````End of Log`````````````````````` 

[alwaysthinking]

Also, when I go back to my apartment and the IP blocks continue to happen, should I be concerned?

[alwaysthinking]

 Results of screen317's Security Check version 0.99.80  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

avast! Antivirus   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Adobe Reader XI  

 Google Chrome 33.0.1750.146  

 Google Chrome 33.0.1750.154  

````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 Malwarebytes' Anti-Malware mbamscheduler.exe   

 AVAST Software Avast AvastSvc.exe  

 AVAST Software Avast AvastUI.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 2% 

````````````````````End of Log`````````````````````` 

[alwaysthinking]

^The first checkup.txt said my Antivirus was out of date because I turned it off before running SecurityCheck. The second time I ran SecurityCheck I kept the Antivirus on. I wasn't sure if I was supposed to keep it on or not, because previously you said to turn it off before scanning.

[alwaysthinking]

Okay there is definitely still a problem. I just received this notification:

 

[AdvancedSetup]

Please visit this webpage and read the ComboFix User's Guide:

• Once you've read the article and are ready to use the program you can download it directly from the link below.
• Important! - Please make sure you save combofix to your desktop and do not run it from your browser
• Direct download link for: ComboFix.exe
• Please make sure you disable your security applications before running ComboFix.
• Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
• Please attach that log file to your next reply.
• If needed the file can be located here:  C:\combofix.txt
• NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
  

 

[alwaysthinking]

When it says "disable your security applications", that means disable both the antivirus and Malwarebytes, right?

[AdvancedSetup]

Just your antivirus is okay. The program is aware of MBAM

[alwaysthinking]

ComboFix.txt

[AdvancedSetup]

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.

If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.
 

[alwaysthinking]

When I ran TDSSKiller, there was a third option under "change preferences" that was not in the video. The third option was "Use KSN to scan objects" and I left the box unchecked before I scanned, because I didn't know if I was supposed to check that box or not.

TDSSKiller.3.0.0.25_18.03.2014_07.30.35_log.txt

[alwaysthinking]

Also, my mouse pointer keeps flashing its loading symbol (the spinning blue circle, similar to the hourglass symbol) even though my Task Manager says the only application running is my web browser, which is not loading anything. Does this mean that someone is trying to remotely make my computer do things?

[AdvancedSetup]

No how you ran it was fine. Nothing was found.

 

Please try the following link and reset Internet Explorer again

http://support.microsoft.com/kb/923737

[alwaysthinking]

Okay, I reset Internet Explorer again.

[alwaysthinking]

Should I be concerned about the mouse pointer constantly showing the loading symbol even when I'm not loading anything?

[AdvancedSetup]

Well it certainly should not be doing that but so far we've not found a reason for it.

Let me have you run this

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts
• List IP configuration
• List Winsock Entries
• List last 10 Event Viewer log
• List Installed Programs
• List Devices
• List Users, Partitions and Memory size.
• List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.


Then get me a new FRST log

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply as well.
  

 

[alwaysthinking]

Result.txt

 

FRST.txt

 

Addition.txt

[AdvancedSetup]

Lets stop STEAM and a couple other items from loading and see if that helps.

 

Please go into your Control Panel, Add/Remove and uninstall ALL versions of Java.
 
Then run the following as it still shows old versions of Java installed.
 
Please download JavaRa-1.16 and save it to your computer.

• Double click to open the zip file and then select all and choose Copy.
• Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
• Quit all browsers and other running applications.
• Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
• From the drop-down menu, choose English and click on Select.
• JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
• Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
• A logfile will pop up. Please save it to a convenient location and post it in your next reply.

Then run this tool
 
Please Run TFC by OldTimer to clear temporary files:

• Download TFC from here and save it to your desktop.
• http://oldtimer.geekstogo.com/TFC.exe
• Close any open programs and Internet browsers.
• Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
• Please be patient as clearing out temp files may take a while.
• Once it completes you may be prompted to restart your computer, please do so.
• Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Then restart the computer and run this
 
Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

[alwaysthinking]

Should I close my web browser while running all of these programs? Also, can I re-install Java after removing it? I'm a computer science major, and I need Java for the course that I am taking right now.

[AdvancedSetup]

Yes please close your browsers, once done you can install the latest version of Java.

[alwaysthinking]

How am I supposed to read the instructions if I close my browser?