Jump to content

Constant "blocked IP"


Recommended Posts

Hello, i need some help with this. iv ran avast, super Anti-spyware, any Malwarebytes, they aren't coming up with anything, but i keep getting blocked IP. iv tried combo fix, didn't work, ill give u the log on the u ip blocks and the combofix's though, and hijack this

this is combofix

ComboFix 10-09-09.03 - Jeremy 09/09/2010 15:31:24.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.1320 [GMT -7:00]

Running from: c:\users\Jeremy\Desktop\ComboFix.exe

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Thumbs.db

c:\windows\7Loader.TAG

.

((((((((((((((((((((((((( Files Created from 2010-08-09 to 2010-09-09 )))))))))))))))))))))))))))))))

.

2010-09-09 22:40 . 2010-09-09 22:40 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-09-09 22:28 . 2010-09-09 22:28 -------- d-----w- C:\32788R22FWJFW

2010-09-07 04:40 . 2010-09-07 04:41 -------- d-----w- c:\programdata\SecTaskMan

2010-09-07 04:40 . 2010-09-07 04:40 -------- d-----w- c:\program files\Security Task Manager

2010-09-06 01:13 . 2010-09-06 02:19 -------- d-----w- c:\users\Jeremy\AppData\Local\Google

2010-09-03 01:46 . 2010-09-03 01:46 -------- d-----w- c:\users\Jeremy\AppData\Local\LocalMS

2010-08-30 23:58 . 2010-08-30 23:58 -------- d-----w- c:\users\Jeremy\AppData\Roaming\Leawo

2010-08-30 23:54 . 2010-08-30 23:54 -------- d-----w- c:\program files\Leawo

2010-08-30 22:38 . 2010-08-30 22:38 -------- d-----w- c:\users\Jeremy\AppData\Local\HandBrake

2010-08-30 22:38 . 2010-08-30 22:38 -------- d-----w- c:\users\Jeremy\AppData\Roaming\HandBrake

2010-08-30 03:05 . 2010-08-30 03:07 -------- d-----w- c:\users\Jeremy\dwhelper

2010-08-25 21:52 . 2010-08-25 21:52 -------- d-----w- c:\users\Jeremy\AppData\Local\Activision

2010-08-21 20:36 . 2010-08-21 20:37 -------- d-----w- c:\program files\PCSX2 0.9.7

2010-08-21 05:43 . 2010-08-21 05:50 -------- d-----w- c:\users\Jeremy\AppData\Roaming\PhotoScape

2010-08-21 05:43 . 2010-08-21 05:43 -------- d-----w- c:\program files\PhotoScape

2010-08-18 20:48 . 2010-08-21 20:39 -------- d-----w- c:\users\Jeremy\AppData\Local\pcsx2

2010-08-15 18:23 . 2010-08-17 19:44 -------- d-----w- c:\program files\StarCraft II

2010-08-14 07:01 . 2003-03-16 04:15 90112 ----a-w- c:\windows\unvise32.exe

2010-08-14 07:00 . 2008-11-18 15:56 54784 ----a-w- c:\windows\system32\MSSTDFMT.DLL

2010-08-12 22:29 . 2010-08-12 22:29 -------- d-----w- c:\users\Jeremy\AppData\Roaming\Nexon

2010-08-11 19:08 . 2010-08-11 19:08 -------- d-----w- C:\Nexon

2010-08-11 19:08 . 2010-08-11 19:08 -------- d-----w- c:\programdata\NexonUS

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-09 22:31 . 2010-05-28 17:53 -------- d-----w- c:\users\Jeremy\AppData\Roaming\BitTorrent

2010-09-09 22:21 . 2010-05-23 15:54 -------- d-----w- c:\programdata\NVIDIA

2010-09-09 22:20 . 2010-06-23 14:21 0 ----a-w- c:\windows\system32\Access.dat

2010-09-09 08:30 . 2010-05-23 22:11 -------- d-----w- c:\program files\Heroes of Newerth

2010-09-08 05:18 . 2010-05-24 23:19 -------- d-----w- c:\program files\Steam

2010-09-08 01:03 . 2010-05-24 23:19 -------- d-----w- c:\program files\Common Files\Steam

2010-09-05 01:25 . 2010-05-23 13:39 -------- d-----w- c:\program files\Diablo II

2010-09-04 06:49 . 2010-05-23 15:29 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-09-04 05:02 . 2010-05-28 17:53 -------- d-----w- c:\program files\BitTorrent

2010-09-04 01:04 . 2010-05-23 15:29 117760 ----a-w- c:\users\Jeremy\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-09-03 04:44 . 2010-07-31 04:00 -------- d-----w- c:\users\Jeremy\AppData\Roaming\Skype

2010-09-03 02:26 . 2010-07-31 04:02 -------- d-----w- c:\users\Jeremy\AppData\Roaming\skypePM

2010-09-01 22:04 . 2010-05-23 16:14 -------- d-----w- c:\program files\Just Cause 2

2010-09-01 21:56 . 2010-09-01 21:56 46852 ----a-w- c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll

2010-09-01 21:20 . 2010-05-23 14:05 -------- d-----w- c:\program files\World of Warcraft

2010-08-21 20:05 . 2010-06-11 02:51 -------- d-----w- c:\program files\Cheat Engine

2010-08-15 18:51 . 2010-05-24 00:01 -------- d-----w- c:\programdata\Blizzard Entertainment

2010-08-15 18:37 . 2010-05-23 20:42 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment

2010-08-11 22:49 . 2010-08-11 19:08 765952 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll

2010-08-11 19:08 . 2010-08-11 19:08 98304 ----a-w- c:\programdata\NexonUS\NGM\npNxGameUS.dll

2010-08-11 19:08 . 2010-08-11 19:08 401408 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll

2010-08-11 19:08 . 2010-08-11 19:08 258352 ----a-w- c:\programdata\NexonUS\NGM\unicows.dll

2010-08-11 19:08 . 2010-08-11 19:08 126976 ----a-w- c:\programdata\NexonUS\NGM\nxgameus.dll

2010-08-11 19:08 . 2010-08-11 19:08 172032 ----a-w- c:\programdata\NexonUS\NGM\NGM.exe

2010-08-11 18:40 . 2010-06-14 09:13 -------- d-----w- c:\programdata\PMB Files

2010-07-31 19:09 . 2010-06-14 22:03 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-07-31 18:29 . 2010-07-31 18:28 -------- d-----w- c:\users\Jeremy\AppData\Roaming\acccore

2010-07-31 18:27 . 2010-07-31 18:27 -------- d-----w- c:\programdata\AIM

2010-07-31 18:27 . 2010-07-31 18:27 -------- d-----w- c:\program files\AIM

2010-07-31 18:27 . 2010-07-31 18:27 -------- d-----w- c:\program files\Common Files\AOL

2010-07-31 05:52 . 2010-07-31 05:51 -------- d-----w- c:\users\Jeremy\AppData\Roaming\vlc

2010-07-31 05:50 . 2010-07-31 05:50 -------- d-----w- c:\program files\VideoLAN

2010-07-31 04:36 . 2010-07-31 04:36 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2010-07-31 04:36 . 2010-07-31 04:36 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2010-07-31 04:35 . 2010-07-31 04:35 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2010-07-31 04:35 . 2010-07-31 04:35 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2010-07-31 04:02 . 2010-07-31 04:02 56 ---ha-w- c:\programdata\ezsidmv.dat

2010-07-31 03:59 . 2010-07-31 03:59 -------- d-----w- c:\program files\Common Files\Skype

2010-07-31 03:59 . 2010-07-31 03:59 -------- d-----r- c:\program files\Skype

2010-07-31 03:59 . 2010-07-31 03:59 -------- d-----w- c:\programdata\Skype

2010-07-03 20:39 . 2010-06-18 00:12 137480 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2010-06-23 14:22 . 2010-05-23 13:43 57944 ----a-w- c:\users\Jeremy\AppData\Local\GDIPFONTCACHEV1.DAT

2010-06-14 22:06 . 2010-06-14 22:18 38784 ----a-w- c:\users\Jeremy\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-06-14 22:06 . 2010-06-14 22:18 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat

2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-07 2002160]

"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-06-14 2938552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2010-6-13 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 GarenaPEngine;GarenaPEngine;c:\users\Jeremy\AppData\Local\Temp\FDEFAB3.tmp [x]

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-01-05 7408]

R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]

R4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]

R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-05-23 691696]

S1 aswSP;avast! Self Protection; [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-01-05 9968]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-01-05 74480]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]

S2 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2010-03-24 704760]

S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2006-12-31 31616]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]

.

.

------- Supplementary Scan -------

.

FF - ProfilePath - c:\users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\h60og3eh.default\

FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

AddRemove-{AEC81925-9C76-4707-84A9-40696C613ED3} - c:\program files (x86)\Common Files\BioWare\Uninstall Dragon Age.exe

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GarenaPEngine]

"ImagePath"="\??\c:\users\Jeremy\AppData\Local\Temp\FDEFAB3.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2010-09-09 15:45:31

ComboFix-quarantined-files.txt 2010-09-09 22:45

Pre-Run: 185,606,627,328 bytes free

Post-Run: 185,594,478,592 bytes free

- - End Of File - - D95777AA93CD759F69AA5C31FAE44F95

this is the malwarebyes

00:14:41 Jeremy IP-BLOCK 66.150.14.58

00:14:41 Jeremy IP-BLOCK 66.150.14.58

02:57:49 Jeremy IP-BLOCK 213.174.157.3

02:58:40 Jeremy IP-BLOCK 67.212.93.242

02:59:12 Jeremy IP-BLOCK 79.135.146.69

03:15:48 Jeremy IP-BLOCK 218.10.86.129

03:16:53 Jeremy IP-BLOCK 89.28.110.109

03:44:19 Jeremy IP-BLOCK 94.96.233.229

03:46:28 Jeremy IP-BLOCK 94.96.210.15

03:47:00 Jeremy IP-BLOCK 218.8.249.139

04:01:27 Jeremy IP-BLOCK 89.28.109.69

04:01:43 Jeremy IP-BLOCK 58.240.213.229

04:02:23 Jeremy IP-BLOCK 222.68.162.49

04:31:00 Jeremy IP-BLOCK 121.11.168.214

04:31:16 Jeremy IP-BLOCK 58.240.121.183

04:32:05 Jeremy IP-BLOCK 94.96.95.194

04:46:07 Jeremy IP-BLOCK 212.117.168.12

05:15:00 Jeremy IP-BLOCK 79.135.146.69

05:29:19 Jeremy IP-BLOCK 58.240.213.229

05:43:13 Jeremy IP-BLOCK 218.9.57.83

06:16:48 Jeremy IP-BLOCK 222.64.139.93

06:30:26 Jeremy IP-BLOCK 62.45.205.191

06:30:26 Jeremy IP-BLOCK 62.45.205.191

06:30:26 Jeremy IP-BLOCK 62.45.205.191

06:30:26 Jeremy IP-BLOCK 62.45.205.191

06:30:35 Jeremy IP-BLOCK 62.45.205.191

06:31:39 Jeremy IP-BLOCK 62.45.205.191

06:43:01 Jeremy IP-BLOCK 94.96.68.9

06:43:09 Jeremy IP-BLOCK 89.28.109.69

06:56:47 Jeremy IP-BLOCK 62.45.121.115

06:57:04 Jeremy IP-BLOCK 121.11.255.37

06:57:20 Jeremy IP-BLOCK 121.9.183.85

06:57:52 Jeremy IP-BLOCK 89.28.33.119

07:12:43 Jeremy IP-BLOCK 94.96.22.58

07:12:51 Jeremy IP-BLOCK 121.9.183.85

07:13:31 Jeremy IP-BLOCK 212.117.178.110

07:13:31 Jeremy IP-BLOCK 222.76.230.3

07:13:39 Jeremy IP-BLOCK 91.188.50.163

07:29:18 Jeremy IP-BLOCK 79.135.146.69

07:29:34 Jeremy IP-BLOCK 203.93.208.189

07:43:37 Jeremy IP-BLOCK 79.135.146.69

07:58:51 Jeremy IP-BLOCK 89.28.31.116

08:45:56 Jeremy IP-BLOCK 91.188.52.69

09:01:03 Jeremy IP-BLOCK 79.135.150.98

09:27:57 Jeremy IP-BLOCK 89.28.91.190

09:28:05 Jeremy IP-BLOCK 94.96.68.22

09:28:29 Jeremy IP-BLOCK 219.146.254.216

09:31:10 Jeremy IP-BLOCK 62.45.205.191

09:31:10 Jeremy IP-BLOCK 62.45.205.191

09:31:10 Jeremy IP-BLOCK 62.45.205.191

09:31:10 Jeremy IP-BLOCK 62.45.205.191

09:31:18 Jeremy IP-BLOCK 62.45.205.191

09:31:58 Jeremy IP-BLOCK 62.45.205.191

09:31:58 Jeremy IP-BLOCK 62.45.205.191

09:32:22 Jeremy IP-BLOCK 62.45.205.191

09:32:30 Jeremy IP-BLOCK 62.45.205.191

09:32:38 Jeremy IP-BLOCK 62.45.205.191

09:32:46 Jeremy IP-BLOCK 62.45.205.191

09:32:46 Jeremy IP-BLOCK 62.45.205.191

09:34:22 Jeremy IP-BLOCK 62.45.205.191

09:34:22 Jeremy IP-BLOCK 62.45.205.191

09:34:31 Jeremy IP-BLOCK 62.45.205.191

09:38:08 Jeremy IP-BLOCK 62.45.205.191

09:38:08 Jeremy IP-BLOCK 62.45.205.191

09:38:08 Jeremy IP-BLOCK 62.45.205.191

09:38:08 Jeremy IP-BLOCK 62.45.205.191

09:38:16 Jeremy IP-BLOCK 62.45.205.191

09:40:56 Jeremy IP-BLOCK 62.45.205.191

09:40:56 Jeremy IP-BLOCK 62.45.205.191

09:41:04 Jeremy IP-BLOCK 62.45.205.191

09:41:04 Jeremy IP-BLOCK 62.45.205.191

09:41:04 Jeremy IP-BLOCK 62.45.205.191

09:43:21 Jeremy IP-BLOCK 218.9.105.23

09:45:53 Jeremy IP-BLOCK 62.45.205.191

09:45:53 Jeremy IP-BLOCK 62.45.205.191

09:46:01 Jeremy IP-BLOCK 62.45.205.191

09:55:47 Jeremy IP-BLOCK 62.45.205.191

09:55:47 Jeremy IP-BLOCK 62.45.205.191

09:55:55 Jeremy IP-BLOCK 62.45.205.191

09:56:27 Jeremy IP-BLOCK 62.45.205.191

09:56:35 Jeremy IP-BLOCK 62.45.205.191

09:57:32 Jeremy IP-BLOCK 62.45.205.191

09:57:32 Jeremy IP-BLOCK 62.45.205.191

09:57:32 Jeremy IP-BLOCK 62.45.205.191

09:57:32 Jeremy IP-BLOCK 62.45.205.191

09:57:40 Jeremy IP-BLOCK 62.45.205.191

09:59:00 Jeremy IP-BLOCK 62.45.205.191

09:59:08 Jeremy IP-BLOCK 62.45.205.191

09:59:08 Jeremy IP-BLOCK 62.45.205.191

09:59:56 Jeremy IP-BLOCK 62.45.205.191

09:59:56 Jeremy IP-BLOCK 62.45.205.191

10:00:12 Jeremy IP-BLOCK 62.45.205.191

10:00:12 Jeremy IP-BLOCK 62.45.205.191

10:00:20 Jeremy IP-BLOCK 62.45.205.191

10:01:09 Jeremy IP-BLOCK 62.45.205.191

10:01:09 Jeremy IP-BLOCK 62.45.205.191

10:02:05 Jeremy IP-BLOCK 62.45.205.191

10:02:13 Jeremy IP-BLOCK 62.45.205.191

10:02:13 Jeremy IP-BLOCK 62.45.205.191

10:14:31 Jeremy IP-BLOCK 83.128.21.134

10:29:14 Jeremy IP-BLOCK 212.113.33.230

10:39:48 Jeremy IP-BLOCK 94.96.71.113

11:12:51 Jeremy IP-BLOCK 212.113.33.230

11:26:46 Jeremy IP-BLOCK 62.45.153.106

11:43:14 Jeremy IP-BLOCK 89.28.8.80

11:59:26 Jeremy IP-BLOCK 85.234.182.156

11:59:34 Jeremy IP-BLOCK 89.28.15.190

12:13:20 Jeremy IP-BLOCK 94.96.145.52

12:29:32 Jeremy IP-BLOCK 89.28.123.185

12:29:48 Jeremy IP-BLOCK 218.9.105.23

12:30:36 Jeremy IP-BLOCK 58.240.100.220

12:45:11 Jeremy IP-BLOCK 220.248.233.82

13:00:02 Jeremy IP-BLOCK 89.28.118.55

13:00:02 Jeremy IP-BLOCK 62.45.205.1

13:00:10 Jeremy IP-BLOCK 94.96.102.8

13:01:06 Jeremy IP-BLOCK 94.96.83.141

13:01:06 Jeremy IP-BLOCK 94.96.40.139

13:16:53 Jeremy IP-BLOCK 94.96.216.28

13:42:10 Jeremy IP-BLOCK 213.174.157.2

13:59:01 Jeremy IP-BLOCK 58.241.71.240

14:13:52 Jeremy IP-BLOCK 219.152.79.113

14:14:16 Jeremy IP-BLOCK 222.69.225.156

14:14:32 Jeremy IP-BLOCK 94.96.27.69

14:15:04 Jeremy IP-BLOCK 89.28.48.49

14:34:12 Jeremy IP-BLOCK 83.128.22.219

14:43:10 Jeremy IP-BLOCK 94.96.195.153

14:45:43 Jeremy IP-BLOCK 194.165.0.6

14:58:09 Jeremy IP-BLOCK 58.240.239.66

14:58:41 Jeremy IP-BLOCK 89.28.48.246

15:15:11 Jeremy IP-BLOCK 94.96.30.221

15:23:20 Jeremy MESSAGE Protection started successfully

15:23:24 Jeremy MESSAGE IP Protection started successfully

15:23:39 Jeremy IP-BLOCK 213.174.157.2

15:25:33 Jeremy MESSAGE IP Protection stopped

15:25:35 Jeremy MESSAGE IP Protection started successfully

15:50:48 Jeremy MESSAGE Protection started successfully

15:50:52 Jeremy MESSAGE IP Protection started successfully

15:52:03 Jeremy IP-BLOCK 213.174.157.2

And finally, the hijack this

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 4:10:10 PM, on 9/9/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Pando Networks\Media Booster\PMB.exe

C:\Program Files\Rainmeter\Rainmeter.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\taskhost.exe

C:\Users\Jeremy\Desktop\Other\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [Pando Media Booster] "C:\Program Files\Pando Networks\Media Booster\PMB.exe"

O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files\Tunngle\TnglCtrl.exe

--

End of file - 3526 bytes

hope u can help :)

Link to post
Share on other sites

The likely culprit is bit torrent. Those are legitimate blocks Make sure you do not have Bit torrent configured to automatically launch at start up. By default most P2P programs are configured to allow other P2P users on the network to openly access a shared directory on your computer. Look into your settings and adjust them if this is the case, because above all, You do not want to maintain a shared directory on your PC - it leaves you open to thousands of anonymous computers and you can be accused of distributing copyrighted content (a serious offense). These connections could very well be occurring because of that. Skype is another possibility because I see You have that running as well, and any program that is running in the background and whose sole purpose is to connect to other computers, may be causing this. I suggest You also set Skype not to autmatically run in the background - ie only start it when You want to use it and close it afterward.

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.