Jump to content

IP-Blocks keep popping up.


Recommended Posts

07:17:13 Brianna Kirk MESSAGE Protection started successfully

07:17:18 Brianna Kirk MESSAGE IP Protection started successfully

08:16:26 Brianna Kirk IP-BLOCK 218.8.245.123

11:15:41 Brianna Kirk IP-BLOCK 222.186.25.17

12:28:24 Brianna Kirk IP-BLOCK 221.192.199.35

12:28:24 Brianna Kirk IP-BLOCK 221.192.199.35

12:28:24 Brianna Kirk IP-BLOCK 221.192.199.35

12:28:24 Brianna Kirk IP-BLOCK 221.192.199.35

12:28:24 Brianna Kirk IP-BLOCK 221.192.199.35

15:10:30 Brianna Kirk IP-BLOCK 94.96.141.112

15:33:49 Brianna Kirk IP-BLOCK 221.192.199.35

15:50:57 Brianna Kirk MESSAGE IP Protection stopped

15:51:21 Brianna Kirk MESSAGE Database updated successfully

15:51:24 Brianna Kirk MESSAGE IP Protection started successfully

15:51:49 Brianna Kirk MESSAGE IP Protection stopped

15:51:53 Brianna Kirk MESSAGE IP Protection started successfully

15:51:53 Brianna Kirk MESSAGE IP Protection stopped

15:51:57 Brianna Kirk MESSAGE IP Protection started successfully

15:52:01 Brianna Kirk MESSAGE IP Protection stopped

15:52:05 Brianna Kirk MESSAGE IP Protection started successfully

15:52:05 Brianna Kirk MESSAGE IP Protection stopped

15:52:09 Brianna Kirk MESSAGE IP Protection started successfully

15:52:26 Brianna Kirk MESSAGE IP Protection stopped

15:52:30 Brianna Kirk MESSAGE IP Protection started successfully

16:17:08 Brianna Kirk IP-BLOCK 218.8.245.123

19:31:27 Brianna Kirk MESSAGE Protection started successfully

19:31:32 Brianna Kirk MESSAGE IP Protection started successfully

19:34:30 Brianna Kirk IP-BLOCK 94.96.114.175

19:39:32 Brianna Kirk IP-BLOCK 95.168.183.192

19:42:59 Brianna Kirk IP-BLOCK 89.28.27.129

19:43:14 Brianna Kirk IP-BLOCK 78.159.121.124

19:51:00 Brianna Kirk IP-BLOCK 212.117.160.100

19:52:57 Brianna Kirk IP-BLOCK 58.241.245.20

19:54:22 Brianna Kirk IP-BLOCK 222.71.211.17

19:58:25 Brianna Kirk IP-BLOCK 219.152.79.242

20:00:05 Brianna Kirk IP-BLOCK 89.28.80.14

20:03:42 Brianna Kirk IP-BLOCK 121.8.70.154

20:05:52 Brianna Kirk IP-BLOCK 94.96.114.175

20:15:40 Brianna Kirk IP-BLOCK 121.10.120.182

20:45:46 Brianna Kirk IP-BLOCK 218.8.245.123

20:52:44 Brianna Kirk IP-BLOCK 121.10.120.182

DDS (Ver_10-03-17.01) - NTFSx86

Run by Brianna Kirk at 20:33:26.89 on Mon 07/05/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1024.548 [GMT -4:00]

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\umonit.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Airlink101\AWLC3028 & AWLH3028\RtWLan.exe

C:\Program Files\Billeo\billeo.exe

C:\Program Files\Motherboard Monitor 5\MBM5.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Brianna Kirk\My Documents\Downloads\Defogger.exe

C:\Documents and Settings\Brianna Kirk\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = <local>

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Billeo: {465e08e7-f005-4389-980f-1d8764b3486c} - c:\program files\billeo\billeo.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: Billeo: {6adb0f93-1aa5-4bcf-9df4-cea689a3c111} - c:\program files\billeo\billeo.dll

EB: Billeo: {6576ebaa-b570-4345-98e4-96153c77cf24} - c:\program files\billeo\billeo.dll

uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\nero\data\xtras\mssysmgr.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [uMonit] c:\windows\system32\umonit.exe

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\briann~1\startm~1\programs\startup\mbm5~1.lnk - c:\program files\motherboard monitor 5\MBM5.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\airlin~1.lnk - c:\program files\airlink101\awlc3028 & awlh3028\RtWLan.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\billeo.lnk - c:\program files\billeo\billeo.exe

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe

IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1254568461046

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242872733265

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242872696703

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-12-14 304464]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-5-6 24652]

R3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [2009-1-23 6016]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-12-14 20952]

S3 cpuz132;cpuz132;\??\c:\docume~1\briann~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\briann~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]

S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

============== File Associations ===============

scrfile="%1" /S "%3"

=============== Created Last 30 ================

2010-07-06 00:27:18 0 ----a-w- c:\documents and settings\brianna kirk\defogger_reenable

2010-07-02 21:43:09 0 d-----w- c:\windows\system32\QuickTime

2010-07-02 21:43:06 0 d-----w- c:\program files\3ivx

2010-07-02 21:42:39 0 d-----w- c:\program files\common files\muvee Technologies

2010-07-02 21:42:38 0 d-----w- c:\program files\muvee Technologies

2010-06-27 18:38:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Driver Whiz

2010-06-27 18:14:16 0 d-----w- c:\program files\ATT-HSI

2010-06-27 14:15:54 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters

2010-06-26 14:53:58 0 d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation

2010-06-26 14:53:53 217180 ----a-w- c:\windows\system32\nvdrsdb0.bin

2010-06-26 14:53:49 217180 ----a-w- c:\windows\system32\nvdrsdb1.bin

2010-06-26 14:53:49 1 ----a-w- c:\windows\system32\nvdrssel.bin

2010-06-26 14:53:49 0 ----a-w- c:\windows\system32\nvdrswr.lk

2010-06-26 14:53:32 0 d-----w- c:\program files\NVIDIA Corporation

2010-06-26 14:52:51 7959 ----a-w- c:\windows\system32\nvinfo.pb

2010-06-26 14:52:51 61440 ----a-w- c:\windows\system32\OpenCL.dll

2010-06-26 14:52:48 4554752 ----a-w- c:\windows\system32\nvcuda.dll

2010-06-26 14:52:48 2632296 ----a-w- c:\windows\system32\nvcuvenc.dll

2010-06-26 14:52:48 2165352 ----a-w- c:\windows\system32\nvcuvid.dll

2010-06-26 14:52:47 2186342 ----a-w- c:\windows\system32\nvdata.bin

2010-06-26 14:52:47 10256384 ----a-w- c:\windows\system32\nvcompiler.dll

2010-06-26 14:52:33 0 d-----w- C:\NVIDIA

2010-06-26 14:30:32 0 d-----w- c:\program files\SystemRequirementsLab

2010-06-26 14:18:53 81191 ----a-w- c:\windows\system32\nvapps.xml

2010-06-26 14:18:18 0 d-----w- c:\windows\nview

2010-06-26 14:18:17 25836 ----a-w- c:\windows\system32\nvdisp.nvu

2010-06-26 14:18:16 600680 ----a-w- c:\windows\system32\nvudisp.exe

2010-06-26 14:17:37 600680 ----a-w- c:\windows\system32\NVUNINST.EXE

2010-06-20 00:38:29 0 d-----w- c:\windows\pss

2010-06-19 22:41:12 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys

2010-06-19 22:41:12 0 d-----w- c:\program files\Belarc

2010-06-19 22:31:54 0 d-----w- c:\windows\system32\NtmsData

2010-06-19 15:50:29 0 d-----w- c:\windows\Performance

2010-06-19 15:49:23 0 d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor

2010-06-19 02:32:09 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-06-12 07:17:55 0 dc-h--w- c:\windows\ie8

2010-06-12 07:14:16 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-07 21:34:52 81920 ----a-w- c:\windows\system32\nvwddi.dll

2010-06-07 21:34:42 277608 ----a-w- c:\windows\system32\nvmccs.dll

2010-06-07 21:34:42 13902440 ----a-w- c:\windows\system32\nvcpl.dll

2010-06-07 21:34:42 110696 ----a-w- c:\windows\system32\nvmctray.dll

2010-06-07 21:34:40 154728 ----a-w- c:\windows\system32\nvsvc32.exe

2010-06-07 21:34:40 145000 ----a-w- c:\windows\system32\nvcolor.exe

==================== Find3M ====================

2010-06-07 23:57:00 6300544 ----a-w- c:\windows\system32\nv4_disp.dll

2010-06-07 23:57:00 232040 ----a-w- c:\windows\system32\nvcodins.dll

2010-06-07 23:57:00 232040 ----a-w- c:\windows\system32\nvcod.dll

2010-06-07 23:57:00 15192064 ----a-w- c:\windows\system32\nvoglnt.dll

2010-06-07 23:57:00 1359872 ----a-w- c:\windows\system32\nvapi.dll

2010-06-07 23:57:00 10531200 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll

2009-05-21 04:02:57 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

2009-05-21 16:40:24 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009052120090522\index.dat

2009-10-11 00:12:49 16384 --sha-w- c:\windows\temp\cookies\index.dat

2009-10-11 00:12:49 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat

2009-10-11 00:12:49 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 20:34:17.40 ===============

Attach.zip

ark.zip

Link to post
Share on other sites

Hello ,

And :D My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.