fffsee.com being blocked. And PC going SO SLOW

[momitch]

Hi  I am experiencing a malicious website blocked (fffsee.com) or 95.215.1.97 or searcnet.blinkcxcore.co ip  66.45.56.109 and other like every 2 seconds. I am not very computer savvy so if you could give this information to me in easy to understand terms that would be appreciated J

 

 

I also noticed this happened on both my computers last night. desktop and a laptop. So I first want to try and fix this on my laptop.

I am getting the same pop up error on both, but when I pull up my task manger on my laptop it is running several dlhosts and at times consuming almost all the CPU usage.  Both are VERY SLOW

And just on my laptop I have also noticed and error message saying poweshell has stopped working.

What logs do you need to see the info for this problem? and how do I get them? I attached the scan logs as a txt file (laptop)

not sure if I did it right? 

 

I also have eset  node 32and on both and I am getting the same website blocked message with the same IP.

Here is the message from eset:

195.2.240.79/query?version=1.6&sid=7792&builddate=071114&q=best+cream+for+wrinkles&ua=Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko〈=en-US&wt=8&lr=6&ls=0       Blocked by internal blacklist                C:\Windows\SysWOW64\dllhost.exe

 

I have ran eset and malware bytes for I think 3 years now and NEVER any issue like this before please Help thank you

laptop.txt

[Psychotic]

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

• First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
• Perform everything in the correct order. Sometimes one step requires the previous one.
• If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
• Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
• Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
• Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
• My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  

• Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.
  

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 

• Run FRST.
• Don´t change one of the checkboxes and hit Scan.
• Logfiles are created on your desktop.
• Poste the FRST.txt and (after the first scan only!) the Addition.txt.
  

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

• Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  
  • Sections
  • IAT/EAT
  • Show All ( should be unchecked by default )
    

  [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.
  

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

• Execute TDSSKiller.exe by doubleclicking on it.
• Press Start Scan
  
• If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  
• Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt
  

Please attach this file to your next reply.
 

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!