Jump to content

malicious website blocked: 193.106.173.46


Recommended Posts

Well, here I am again.

I have previously worked with MalwareBytes support regarding the exact same IP: 193.106.173.46.

Then, I had run the following clean up tools to no avail

  • Farbar Recovery Scan Tool
  • Dr.Web CureIt!
  • ComboFix
  • TDSSKiller
  • Tigzy's RogueKiller
  • Junkware Removal Tool
  • AdwCleaner

However whenever I ran internet explorer, or even firefox, I would from time to time receive the exact same malicious website IP blocked message.

Always 193.106.173.46.

 

I ended up backing up my stuff, reformatting my hdd and reinstalling my OS, then most of my programs.

I do my fair bit of downloading so my system probably needed a good clean out.

--------------

After installing only the most value-able of my programs and games, I again started receiving the exact same blocked IP: 193.106.173.46 !

At this point I hadn't done any downloading, so either im getting something from normal web surfing, or something malicious is bundled into one of the things I install...

-------------

So YESTERDAY, I again reformatted my HDD, and re-installed my OS.

Once again when doing some normal websurfing I again got the same blocked IP message: 

2013/10/06 12:42:13 +0100     IP-BLOCK 193.106.173.46 (Type: outgoing, Port: 51482, Process: iexplore.exe)

 

At this point I have only installed a couple of programs besides running Windows Updates.

-MalwareBytes Pro

-MS Office 2010 (legit version)

-Adobe Reader

-DVD Flick (it's an open source free but very popular legit program)

-FreeMake Video Converter (open source, free program that has some bundlded toolbars that I don't install)

-VLC Player (free, legit program)

 

Now I know that people will cite FreeMake Video Converter, but I really don't think it's the cause.

For one, I started getting this blocked IP before I had that program installed (after my first hdd re-format).

 

What would you advise I do?

 

DDS.TXT

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16686
Run by joe at 14:02:46 on 2013-10-06
Microsoft Windows 7 Professional   6.1.7601.1.1252.353.1033.18.16382.14813 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{53C27CC2-BCB0-4782-96E8-D58D48808EA1} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-5 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-5 701512]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-9-12 414496]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-5 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-6 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-10-6 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-10-5 1255736]
.
=============== Created Last 30 ================
.
2013-10-06 10:29:42 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C142F37F-FB73-4AA0-B7A0-92539745B42B}\offreg.dll
2013-10-06 10:26:48 -------- d-----w- C:\ProgramData\Freemake
2013-10-06 10:26:44 -------- d-----w- C:\Program Files (x86)\Freemake
2013-10-06 10:22:19 662288 ----a-w- C:\Windows\SysWow64\mscomct2.ocx
2013-10-06 10:22:19 609824 ----a-w- C:\Windows\SysWow64\comctl32.ocx
2013-10-06 10:22:19 40960 ----a-w- C:\Windows\SysWow64\ssubtmr6.dll
2013-10-06 10:22:19 36864 ----a-w- C:\Windows\SysWow64\trayicon_handler.ocx
2013-10-06 10:22:19 28672 ----a-w- C:\Windows\SysWow64\mousewheel.ocx
2013-10-06 10:22:19 212240 ----a-w- C:\Windows\SysWow64\richtx32.ocx
2013-10-06 10:22:19 164144 ----a-w- C:\Windows\SysWow64\comct232.ocx
2013-10-06 10:22:19 -------- d-----w- C:\Program Files (x86)\DVD Flick
2013-10-06 09:37:42 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2013-10-06 09:37:34 -------- d-----w- C:\Windows\PCHEALTH
2013-10-06 09:37:34 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-10-06 09:35:51 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2013-10-06 09:35:19 -------- d-----w- C:\Users\joe\AppData\Local\Microsoft Help
2013-10-06 09:19:15 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-10-06 09:19:15 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2013-10-06 09:19:15 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-10-06 09:19:15 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-10-06 09:19:15 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-10-06 09:19:15 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-10-06 09:19:15 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2013-10-06 09:19:11 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-10-06 09:19:11 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-10-06 09:12:52 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-10-06 09:12:52 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-10-06 08:16:43 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-10-06 08:16:42 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-10-05 22:57:35 -------- d-----w- C:\Windows\Panther
2013-10-05 20:54:25 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-05 20:27:23 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-10-05 20:26:01 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-10-05 20:26:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-10-05 20:26:01 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-10-05 20:26:01 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 20:26:01 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-10-05 20:26:01 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-10-05 20:26:01 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-05 20:26:01 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-10-05 20:23:56 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-10-05 20:22:55 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-10-05 20:22:51 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-10-05 20:22:50 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-10-05 20:22:50 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-10-05 20:22:50 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-10-05 20:22:50 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-10-05 20:22:50 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-10-05 20:21:16 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-10-05 20:21:15 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-10-05 20:21:15 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-10-05 20:20:44 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-10-05 20:20:44 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-10-05 20:20:39 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-10-05 20:20:39 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-10-05 20:20:39 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-10-05 20:20:39 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-10-05 17:08:40 -------- d-----w- C:\Windows\System32\SPReview
2013-10-05 17:08:32 -------- d-----w- C:\Windows\System32\EventProviders
2013-10-05 17:05:59 94208 ----a-w- C:\Windows\SysWow64\eappgnui.dll
2013-10-05 16:31:46 96768 ----a-w- C:\Windows\System32\fsutil.exe
2013-10-05 16:31:46 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2013-10-05 16:31:46 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2013-10-05 16:31:46 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2013-10-05 16:31:46 2565632 ----a-w- C:\Windows\System32\esent.dll
2013-10-05 16:31:46 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2013-10-05 16:31:46 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2013-10-05 16:31:46 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2013-10-05 16:31:46 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2013-10-05 16:31:46 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2013-10-05 16:30:59 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-10-05 16:30:59 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-10-05 16:30:59 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-10-05 16:30:59 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-10-05 16:30:59 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-10-05 16:30:59 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-10-05 16:30:59 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-10-05 16:25:45 -------- d-sh--w- C:\Windows\Installer
2013-10-05 16:20:40 -------- d-----w- C:\Windows\SysWow64\Wat
2013-10-05 16:20:40 -------- d-----w- C:\Windows\System32\Wat
2013-10-05 15:47:35 -------- d-----w- C:\Windows\System32\MRT
2013-10-05 15:34:46 920864 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-10-05 15:34:46 6599968 ----a-w- C:\Windows\System32\nvcpl.dll
2013-10-05 15:34:46 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-10-05 15:34:46 3452192 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-10-05 15:34:46 3361114 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-10-05 15:34:46 2559776 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-10-05 15:34:46 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-10-05 15:34:35 61216 ----a-w- C:\Windows\System32\OpenCL.dll
2013-10-05 15:34:35 53024 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-10-05 15:34:29 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2013-10-05 15:34:26 -------- d-----w- C:\Program Files\NVIDIA Corporation
2013-10-05 15:34:26 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2013-10-05 15:31:51 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-10-05 15:31:51 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-10-05 15:31:51 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-10-05 15:31:51 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-10-05 15:23:15 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2013-10-05 15:08:21 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2013-10-05 15:08:21 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-10-05 15:08:21 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-10-05 15:08:21 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-10-05 15:08:21 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-10-05 15:08:21 100864 ----a-w- C:\Windows\System32\fontsub.dll
2013-10-05 15:07:20 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-10-05 15:07:20 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-10-05 15:07:20 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-10-05 15:07:20 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-10-05 15:07:19 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-10-05 15:07:19 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-10-05 15:07:19 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-10-05 15:02:59 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-05 15:02:59 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-10-05 15:02:59 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-10-05 15:02:59 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-10-05 15:02:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-05 14:38:54 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C142F37F-FB73-4AA0-B7A0-92539745B42B}\mpengine.dll
2013-10-05 14:38:54 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-10-05 14:36:59 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-10-05 14:35:59 95744 ----a-w- C:\Windows\System32\synceng.dll
2013-10-05 14:35:59 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2013-10-05 14:35:56 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-10-05 14:35:54 478208 ----a-w- C:\Windows\System32\dpnet.dll
2013-10-05 14:35:54 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2013-10-05 14:35:54 3072 ----a-w- C:\Windows\System32\dpnaddr.dll
2013-10-05 14:35:54 2560 ----a-w- C:\Windows\SysWow64\dpnaddr.dll
2013-10-05 14:32:57 956928 ----a-w- C:\Windows\System32\localspl.dll
2013-10-05 14:27:40 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2013-10-05 14:27:39 723456 ----a-w- C:\Windows\System32\EncDec.dll
2013-10-05 14:27:39 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2013-10-05 14:27:38 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2013-10-05 14:27:38 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2013-10-05 14:27:38 331776 ----a-w- C:\Windows\System32\oleacc.dll
2013-10-05 14:27:38 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2013-10-05 14:27:37 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2013-10-05 14:27:37 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2013-10-05 14:26:06 77312 ----a-w- C:\Windows\System32\packager.dll
2013-10-05 14:26:06 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2013-10-05 14:11:56 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-10-05 14:11:56 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-10-05 14:11:56 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-10-05 14:10:49 -------- d-----w- C:\Users\joe\AppData\Roaming\Malwarebytes
2013-10-05 14:10:43 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-10-05 14:10:43 -------- d-----w- C:\ProgramData\Malwarebytes
2013-10-05 14:10:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-05 14:10:36 -------- d-----w- C:\Users\joe\AppData\Local\Programs
2013-10-05 14:09:27 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2013-10-05 14:09:20 -------- d-----w- C:\Intel
2013-10-05 14:06:41 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-10-05 14:06:38 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-10-05 14:06:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-10-05 14:06:12 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-09-12 00:17:50 571168 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
.
==================== Find3M  ====================
.
2013-10-05 20:54:25 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-05 18:35:23 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-10-05 18:35:22 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
.
============= FINISH: 14:03:23.13 ===============

 

ATTACH.TXT

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 05/10/2013 15:05:06
System Uptime: 06/10/2013 10:22:04 (4 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | P5Q3
Processor: Intel® Core2 Duo CPU     E8500  @ 3.16GHz | LGA 775 | 3166/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 931 GiB total, 871.984 GiB free.
D: is FIXED (NTFS) - 233 GiB total, 73.112 GiB free.
E: is FIXED (NTFS) - 373 GiB total, 10.856 GiB free.
F: is FIXED (NTFS) - 699 GiB total, 52.712 GiB free.
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP4: 05/10/2013 17:19:50 - Windows Update
RP5: 05/10/2013 17:24:22 - Windows Update
RP6: 05/10/2013 18:07:28 - Windows Update
RP7: 05/10/2013 19:45:40 - Windows Update
RP8: 05/10/2013 21:05:38 - Windows Update
RP9: 05/10/2013 21:39:33 - Windows Update
RP10: 06/10/2013 09:53:14 - Windows Update
RP11: 06/10/2013 10:12:54 - Windows Update
RP12: 06/10/2013 10:19:21 - Windows Update
RP13: 06/10/2013 10:25:35 - Windows Update
RP14: 06/10/2013 10:34:57 - Installed Microsoft Office Professional Plus 2010
RP15: 06/10/2013 11:20:44 - Installed Adobe Reader XI.
.
==== Installed Programs ======================
.
Adobe Reader XI (11.0.04)
DVD Flick 1.3.0.7
Freemake Video Converter version 4.0.4
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
NVIDIA 3D Vision Driver 327.23
NVIDIA Control Panel 327.23
NVIDIA Graphics Driver 327.23
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.14.17
NVIDIA Update Components
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
VLC media player 2.0.8
.
==== Event Viewer Messages From Past Week ========
.
06/10/2013 10:26:08, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070103: NVIDIA Corporation - Audio Device, Other hardware - NVIDIA High Definition Audio.
06/10/2013 09:15:08, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2834140).
05/10/2013 21:10:15, Error: Service Control Manager [7023]  - The Server service terminated with the following error:  The service has not been started.
05/10/2013 21:10:15, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  A system shutdown is in progress.
05/10/2013 19:42:18, Error: Service Control Manager [7023]  - The Windows Update service terminated with the following error:  %%-2147467243
05/10/2013 19:41:55, Error: Microsoft-Windows-DistributedCOM [10016]  - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63AA156-D534-4BAC-9BF1-55359CF5EC30}  and APPID  {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}  to the user noir\UpdatusUser SID (S-1-5-21-424518113-1425401859-4196426302-1003) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
05/10/2013 17:16:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2598845).
05/10/2013 17:15:19, Error: Service Control Manager [7023]  -
05/10/2013 17:06:05, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CryptSvc service.
05/10/2013 17:05:14, Error: Service Control Manager [7034]  - The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).
05/10/2013 17:05:13, Error: Service Control Manager [7034]  - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly.  It has done this 1 time(s).
.
==== End Of File ===========================

 

Link to post
Share on other sites

Download Zoek.zip from here http://www.hijackthis.nl/smeenk/220813/zoek.zip and save that zip file to your Desktop.

 

Double click zip file and extract to your  Desktop:

 

 

Zoekd.jpg

 

 

you will now have 3 versions of the tool on the Desktop:

 

 

Zoeke.jpg

 

Before running Zoek make sure all Browsers are closed and Security is turned OFF. Check at the following link: http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html[/url

 

Double click on each in turn until one version of Zoek will run (accept UAC) The following window will open:

 

 

Zoekb.jpg

 

 

Copy and paste the following script from the code box and paste into the field.

Process;emptyclsid;firefoxlook;FFdefaultsChromelook;CHRdefaults;autoclean;iedefaults;filesrcm;startupall;silentrunners;

Select the "Run Script" tab. The following window will open:

 

 

 

Zoekc.jpg

 

 

 

Please be patient and do not use the PC when the scan is in progress.

 

When complete you maybe asked to re-boot your PC, if so please do

 

Zoekf.jpg

 

Post the produced log in your next reply…..

Link to post
Share on other sites

Since running Zoek what is status of the system, do you still see the same issue with IP Bock?

 

Run this please and post the log:

 

download RogueKiller from here:

 

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe  <- 32 bit version

 

http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe  <- 64 bit version

                                     

  • Make sure to get the correct version for your system.
  • Quit all running programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • Wait until Prescan has finished...
  • The following EULA will appear, please select accept
     
    RKLicence.png
     
  • Ensure MBR scan, Check faked and AntiRootkit are checked
  • Select Scan
     
    RK1A.png
     
  • When the scan completes select Report, copy and paste that to your reply.
     
    RK2A.png
     
  • The log should be found in RKreport[?].txt on your Desktop
  • Exit/Close RogueKiller

Link to post
Share on other sites

No I haven't seen that IP Block message since.

After rebuilding my pc yesterday and today, I've been surfing to see if it comes up.

I saw that IP after typing www.ebay.co.uk into my browser and loaded the page.

Since that is the same IP I've been seeing previously, it makes me concerned something is still not right with my system.

 

I'd love to find out if that IP is actually nothing to worry about.

But until it is, i'm only acting on the fact that MalwareBytes is reporting it as a blocked potentially malicious website...

Link to post
Share on other sites

It doesn't mean anything to me.

The only times I've seen this IP is when I'm surfing the internet, it's always iexplore.exe or firefox.exe

Why would it always be outgoing process from those?

Would that indicate an attempted browser hijack?

 

I see someone left a comment on that website, but how could they know it as a "hack attempt"?

Link to post
Share on other sites

The hijack is to connect from your system to the IP Address, it could be via an extension or plugin via your Browser. When Zoek was ran I E was set to default setting same with FF... Are you still seeing the IP block issue since we`ve ran Zoek, a previous reply appeared to say that then after appeared different.

Link to post
Share on other sites

If no more issues you can delete the tools we`ve used and any produced logs. Run Security Checks to check on security, java, adobe etc....

 

Download Security Check by screen317 from either of the following:

 

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

 

Save it to your Desktop.

 

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Link to post
Share on other sites

Yeah everything seems ok, I haven't had that blocked IP message.

And with so few things installed this system really SHOULD be clean.

 

 Results of screen317's Security Check version 0.99.74 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Adobe Reader XI 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Yes everything looks good, no issues..One point, you have no Anti-Virus program installed, Malwarebytes does not offer AV protection. Here is my own set up, maybe useful:

 

My own security set up is :-

 

Windows own Firewall, Microsoft Security Essentials and Malwarebytes Pro. Windows FW and MSE are free, MB does also have a free version, however I prefer the pro version as it provides auto updates and realtime protection. Cost is about £20 for a lifetime license.

 

As an extra layer I also use WinPatrol, the free version is adeqaute for general home use. Available here: http://www.winpatrol.com/download.html

 

For my browser I use Firefox with these addons: Web of Trust, Adblock Plus, Flash Block, NoScipt, Ghostery. When Firefox is open select these keys together :- Ctrl - Shift - A that will access Addons manger, this gives access to find addons, use, start, stop or disable those features etc....

Before using NoScript read from this link http://noscript.net/ makes it easy to understand....

 

Understanding Windows 7 Firewall - http://windows.microsoft.com/en-GB/windows7/Understanding-Windows-Firewall-settings

 

Understanding Microsoft Security Essentials - http://www.microsoft.com/en-gb/security/pc-security/mse.aspx

 

Understanding Malwarebytes, how to create an exclusion in MSE - http://forums.malwarebytes.org/index.php?showtopic=10138&st=0&p=162100entry162100

 

Understanding WinPatrol - http://www.winpatrol.com/features.html

 

I also use the Professional version of Sandboxie, I believe there is also free version available. Visit this link http://www.sandboxie.com/ for access to d/l, also make sure to use the "Help and FAQ" option to understand its uses, specifically how to run your browser sandboxed!.

 

Any good?

Link to post
Share on other sites

OK, you can delete Security Checks and logs, If all is ok with no issues here are some tips to reduce the potential for malware infection in the future:

 

Make proper use of your antivirus and firewall

 

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

 

You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

 

Install and use WinPatrol from here http://www.winpatrol.com/download.html  This will inform you of any attempted unauthorized changes to your system.

 

WinPatrol features explained here http://www.winpatrol.com/features.html

 

Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates. (Use stand alone version, not a full install)

If Java or Adobe are updated please check under Start > Control Panel > Add/Remove Programs, ensure any old versions are removed. <--- Very important

 

Use a safer web browser

 

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

 

FireFox http://www.mozilla.com/en-US/,

 

Opera http://www.opera.com/, and

 

Chrome http://www.google.com/chrome.

 

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here http://www.bleepingcomputer.com/tutorials/tutorial102.html which will help you to make IE MUCH safer.

 

These browser add-ons will help to make your browser safer:

 

Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

 

Available for Firefox and Internet Explorer.

 

Green to go,

Yellow for caution, and

Red to stop.

 

 

Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

 

These are just a couple of the most popular add-ons, if you're interested in more, take a look at this article:

http://browsers.about.com/od/addonsplugi2/tp/browser_security_privacy.htm

 

Here a couple of links by two security experts that will give some excellent tips and advice.

 

So how did I get infected in the first place by Tony Klein from here: http://www.spywareinfoforum.com/index.php?/topic/60955-so-how-did-i-get-infected-in-the-first-place/

 

How to prevent Malware by Miekiemoes from here: http://users.telenet.be/bluepatchy/miekiemoes/prevention.html

 

Finally this link http://www.geekstogo.com/forum/topic/38-free-antivirus-and-antispyware-software will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

 

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

 

Let me know when its OK to close out your thread....

 

Take care,

 

Kevin

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.