Jump to content

Recommended Posts

Hi there,

Getting a ton of IP blocks on my PC when nothing is running, so I'm assuming I've got some hidden nasty lurking on my system and was hoping for an assist. They are of both the incoming and outgoing variety, and most seem to be originating from China. Hopefully, this is the information you need. Here is a look at the latest Protection Log from MalwareBytes to see what I mean...

07:48:55 (null) MESSAGE Protection started successfully

07:49:04 (null) MESSAGE IP Protection started successfully

17:02:48 (null) MESSAGE Scheduled update executed successfully

17:02:50 (null) MESSAGE IP Protection stopped

17:05:29 (null) MESSAGE Database updated successfully

17:05:46 (null) MESSAGE IP Protection started successfully

17:05:58 (null) IP-BLOCK 58.240.254.60 (Type: outgoing)

17:21:52 (null) IP-BLOCK 58.240.254.60 (Type: outgoing)

17:21:59 (null) IP-BLOCK 219.146.254.216 (Type: outgoing)

17:28:32 (null) IP-BLOCK 206.53.54.74 (Type: incoming)

17:35:50 (null) IP-BLOCK 222.69.218.253 (Type: incoming)

17:42:30 (null) IP-BLOCK 77.78.236.4 (Type: incoming)

17:49:21 (null) IP-BLOCK 98.142.246.107 (Type: incoming)

17:49:39 (null) IP-BLOCK 98.142.246.107 (Type: incoming)

17:50:58 (null) IP-BLOCK 222.65.150.239 (Type: incoming)

17:54:26 (null) IP-BLOCK 98.142.246.107 (Type: incoming)

17:54:42 (null) IP-BLOCK 98.142.246.107 (Type: incoming)

17:55:28 (null) IP-BLOCK 98.142.246.107 (Type: incoming)

17:56:09 (null) IP-BLOCK 98.142.246.107 (Type: incoming)

18:00:06 (null) IP-BLOCK 98.142.246.107 (Type: incoming)

18:00:36 (null) IP-BLOCK 98.142.246.107 (Type: incoming)

18:01:03 (null) IP-BLOCK 98.142.246.107 (Type: incoming)

18:03:08 (null) IP-BLOCK 218.10.86.148 (Type: incoming)

18:06:10 (null) IP-BLOCK 98.142.246.107 (Type: outgoing)

18:12:41 (null) IP-BLOCK 219.151.170.89 (Type: incoming)

18:22:05 (null) IP-BLOCK 213.55.114.195 (Type: incoming)

18:22:06 (null) IP-BLOCK 218.7.74.121 (Type: outgoing)

18:23:04 (null) IP-BLOCK 83.128.56.36 (Type: outgoing)

18:28:06 (null) IP-BLOCK 222.65.150.239 (Type: incoming)

18:28:16 (null) IP-BLOCK 222.65.150.239 (Type: incoming)

18:28:21 (null) IP-BLOCK 222.65.150.239 (Type: incoming)

18:29:05 (null) IP-BLOCK 222.65.150.239 (Type: incoming)

18:32:11 (null) IP-BLOCK 222.76.133.250 (Type: incoming)

18:32:11 (null) IP-BLOCK 222.76.133.250 (Type: incoming)

18:32:14 (null) IP-BLOCK 222.76.133.250 (Type: incoming)

18:32:15 (null) IP-BLOCK 222.76.133.250 (Type: incoming)

18:32:16 (null) IP-BLOCK 58.241.165.208 (Type: incoming)

18:37:21 (null) IP-BLOCK 98.142.246.107 (Type: incoming)

18:39:13 (null) IP-BLOCK 212.113.46.68 (Type: incoming)

18:49:03 (null) IP-BLOCK 222.65.150.239 (Type: incoming)

19:07:40 (null) IP-BLOCK 89.28.15.78 (Type: outgoing)

19:15:43 (null) IP-BLOCK 89.28.123.20 (Type: incoming)

19:31:07 (null) IP-BLOCK 109.235.49.39 (Type: outgoing)

19:31:10 (null) IP-BLOCK 109.235.49.39 (Type: outgoing)

19:31:16 (null) IP-BLOCK 109.235.49.39 (Type: outgoing)

19:31:20 (null) IP-BLOCK 109.235.49.39 (Type: outgoing)

19:31:22 (null) IP-BLOCK 109.235.49.39 (Type: outgoing)

19:31:28 (null) IP-BLOCK 109.235.49.39 (Type: outgoing)

19:33:09 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:33:11 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:33:12 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:33:14 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:33:18 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:33:20 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:33:33 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:33:35 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:33:36 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:33:38 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:33:42 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:33:44 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:33:57 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:33:59 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:34:00 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:34:01 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:34:06 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:34:08 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:34:45 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:34:47 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:34:48 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:34:50 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:34:50 (null) IP-BLOCK 62.45.1.169 (Type: outgoing)

19:34:54 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:34:56 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:35:02 (null) IP-BLOCK 121.125.5.31 (Type: incoming)

19:36:09 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:36:11 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:36:12 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:36:14 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:36:17 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:36:20 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:38:57 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:38:59 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:39:00 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:39:02 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:39:06 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:39:08 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:44:21 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:44:23 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:44:24 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:44:26 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:44:30 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:44:32 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:50:37 (null) IP-BLOCK 58.240.121.67 (Type: outgoing)

19:53:26 (null) IP-BLOCK 62.45.213.151 (Type: incoming)

19:53:29 (null) IP-BLOCK 62.45.213.151 (Type: incoming)

19:53:35 (null) IP-BLOCK 62.45.213.151 (Type: incoming)

19:54:06 (null) IP-BLOCK 62.45.213.151 (Type: incoming)

19:54:23 (null) IP-BLOCK 62.45.213.151 (Type: incoming)

19:55:09 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:55:11 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:55:12 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:55:14 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:55:18 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:55:20 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:56:07 (null) IP-BLOCK 58.240.130.2 (Type: incoming)

19:59:20 (null) IP-BLOCK 62.45.179.202 (Type: incoming)

20:00:05 (null) IP-BLOCK 77.78.237.231 (Type: incoming)

20:01:54 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

20:01:54 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

20:01:57 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

20:01:57 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

20:02:03 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

20:02:09 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

20:26:00 (null) IP-BLOCK 58.240.130.2 (Type: incoming)

20:33:57 (null) IP-BLOCK 222.70.55.58 (Type: incoming)

20:37:38 (null) IP-BLOCK 121.10.120.182 (Type: incoming)

21:08:25 (null) MESSAGE IP Protection stopped

21:14:45 (null) MESSAGE IP Protection started successfully

I've also done a System Scan and MB found no malicious items. Here is the DDS log as requested.

.

DDS (Ver_2011-06-11.01) - NTFSx86

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_24

Run by Owner at 21:07:30 on 2011-06-10

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.64 [GMT -7:00]

.

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Multimedia Card Reader\shwicon2k.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Owner\Desktop\39x4u0xr.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = localhost;*.local

uInternet Settings,ProxyServer = 0.0.0.0:80

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll

TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

uPolicies-explorer: NoSMHelp = 01000000

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{84081A5F-35C0-4D7B-B076-EF69C260AFED} : DhcpNameServer = 192.168.1.254

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\tv0e6jmo.default\

FF - prefs.js: browser.startup.homepage - hxxp://othersi.freeforums.org/search.php?search_id=newposts&sid=196ca0a2ca084e3c7660345c1bab0f6d

FF - prefs.js: network.proxy.type - 0

FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\tv0e6jmo.default\extensions\twitternotifier@naan.net\platform\winnt\components\nsTwitterFoxSign.dll

FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: BitTorrent WebUI em:optionsURL=chrome://bittorrent_webui/content/options.xul em:version=0.2.1>: BitTorrent_WebUI@firefox.alexisbrunet.com - %profile%\extensions\BitTorrent_WebUI@firefox.alexisbrunet.com

FF - Ext: Chromin Frame: ChrominFrame@zero.fire - %profile%\extensions\ChrominFrame@zero.fire

FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}

FF - Ext: Strata Aero: {269FB356-C69F-7349-D092-AB28AF836D0E} - %profile%\extensions\{269FB356-C69F-7349-D092-AB28AF836D0E}

FF - Ext: Compact Menu 2: {57068FBE-1506-42ee-AB02-BD183E7999E4} - %profile%\extensions\{57068FBE-1506-42ee-AB02-BD183E7999E4}

FF - Ext: Echofon: twitternotifier@naan.net - %profile%\extensions\twitternotifier@naan.net

FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: Paste and Go 3: omiazad@msn.com - %profile%\extensions\omiazad@msn.com

FF - Ext: Text2Link: {E9AE265A-1885-4143-BDC3-2783D9124418} - %profile%\extensions\{E9AE265A-1885-4143-BDC3-2783D9124418}

FF - Ext: Toggle Private Browsing: toggleprivatebrowsing@supernova00.biz - %profile%\extensions\toggleprivatebrowsing@supernova00.biz

FF - Ext: Imgur Uploader: giorgio@gilestro.tk - %profile%\extensions\giorgio@gilestro.tk

FF - Ext: Smart Stop/Reload: stop-reload@design-noir.de - %profile%\extensions\stop-reload@design-noir.de

FF - Ext: TinEye Reverse Image Search: tineye@ideeinc.com - %profile%\extensions\tineye@ideeinc.com

FF - Ext: TotalToolbar: totaltoolbar@mozdev.org - %profile%\extensions\totaltoolbar@mozdev.org

FF - Ext: Glazoom (anciennement Zoom It!): zoomit@disruptive-innovations.com - %profile%\extensions\zoomit@disruptive-innovations.com

FF - Ext: Glazoom (formerly known as Zoom It!): zoomit@disruptive-innovations.com - %profile%\extensions\zoomit@disruptive-innovations.com

FF - Ext: Element Hiding Helper for Adblock Plus: elemhidehelper@adblockplus.org - %profile%\extensions\elemhidehelper@adblockplus.org

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

.

============= SERVICES / DRIVERS ===============

.

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-7-7 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-7 108289]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-7 185089]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-30 56816]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-7 366640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-7 22712]

S3 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]

.

=============== File Associations ===============

.

.txt=CrimsonEditor.txt

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

2011-05-29 16:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 16:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 21:09:53.37 ===============

I have also attached the ARK and attach files, as requested here. Thank you for any help you can provide.

Link to post
Share on other sites

Hi there,

Getting a ton of IP blocks on my PC when nothing is running, so I'm assuming I've got some hidden nasty lurking on my system and was hoping for an assist. They are of both the incoming and outgoing variety, and most seem to be originating from China. Hopefully, this is the information you need. Here is a look at the latest Protection Log from MalwareBytes to see what I mean...

07:48:55 (null) MESSAGE Protection started successfully

07:49:04 (null) MESSAGE IP Protection started successfully

17:02:48 (null) MESSAGE Scheduled update executed successfully

17:02:50 (null) MESSAGE IP Protection stopped

17:05:29 (null) MESSAGE Database updated successfully

17:05:46 (null) MESSAGE IP Protection started successfully

17:05:58 (null) IP-BLOCK 58.240.254.60 (Type: outgoing)

17:21:52 (null) IP-BLOCK 58.240.254.60 (Type: outgoing)

17:21:59 (null) IP-BLOCK 219.146.254.216 (Type: outgoing)

17:28:32 (null) IP-BLOCK 206.53.54.74 (Type: incoming)

17:35:50 (null) IP-BLOCK 222.69.218.253 (Type: incoming)

17:42:30 (null) IP-BLOCK 77.78.236.4 (Type: incoming)

17:49:21 (null) IP-BLOCK 98.142.246.107 (Type: incoming)

17:49:39 (null) IP-BLOCK 98.142.246.107 (Type: incoming)

17:50:58 (null) IP-BLOCK 222.65.150.239 (Type: incoming)

17:54:26 (null) IP-BLOCK 98.142.246.107 (Type: incoming)

17:54:42 (null) IP-BLOCK 98.142.246.107 (Type: incoming)

17:55:28 (null) IP-BLOCK 98.142.246.107 (Type: incoming)

17:56:09 (null) IP-BLOCK 98.142.246.107 (Type: incoming)

18:00:06 (null) IP-BLOCK 98.142.246.107 (Type: incoming)

18:00:36 (null) IP-BLOCK 98.142.246.107 (Type: incoming)

18:01:03 (null) IP-BLOCK 98.142.246.107 (Type: incoming)

18:03:08 (null) IP-BLOCK 218.10.86.148 (Type: incoming)

18:06:10 (null) IP-BLOCK 98.142.246.107 (Type: outgoing)

18:12:41 (null) IP-BLOCK 219.151.170.89 (Type: incoming)

18:22:05 (null) IP-BLOCK 213.55.114.195 (Type: incoming)

18:22:06 (null) IP-BLOCK 218.7.74.121 (Type: outgoing)

18:23:04 (null) IP-BLOCK 83.128.56.36 (Type: outgoing)

18:28:06 (null) IP-BLOCK 222.65.150.239 (Type: incoming)

18:28:16 (null) IP-BLOCK 222.65.150.239 (Type: incoming)

18:28:21 (null) IP-BLOCK 222.65.150.239 (Type: incoming)

18:29:05 (null) IP-BLOCK 222.65.150.239 (Type: incoming)

18:32:11 (null) IP-BLOCK 222.76.133.250 (Type: incoming)

18:32:11 (null) IP-BLOCK 222.76.133.250 (Type: incoming)

18:32:14 (null) IP-BLOCK 222.76.133.250 (Type: incoming)

18:32:15 (null) IP-BLOCK 222.76.133.250 (Type: incoming)

18:32:16 (null) IP-BLOCK 58.241.165.208 (Type: incoming)

18:37:21 (null) IP-BLOCK 98.142.246.107 (Type: incoming)

18:39:13 (null) IP-BLOCK 212.113.46.68 (Type: incoming)

18:49:03 (null) IP-BLOCK 222.65.150.239 (Type: incoming)

19:07:40 (null) IP-BLOCK 89.28.15.78 (Type: outgoing)

19:15:43 (null) IP-BLOCK 89.28.123.20 (Type: incoming)

19:31:07 (null) IP-BLOCK 109.235.49.39 (Type: outgoing)

19:31:10 (null) IP-BLOCK 109.235.49.39 (Type: outgoing)

19:31:16 (null) IP-BLOCK 109.235.49.39 (Type: outgoing)

19:31:20 (null) IP-BLOCK 109.235.49.39 (Type: outgoing)

19:31:22 (null) IP-BLOCK 109.235.49.39 (Type: outgoing)

19:31:28 (null) IP-BLOCK 109.235.49.39 (Type: outgoing)

19:33:09 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:33:11 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:33:12 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:33:14 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:33:18 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:33:20 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:33:33 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:33:35 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:33:36 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:33:38 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:33:42 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:33:44 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:33:57 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:33:59 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:34:00 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:34:01 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:34:06 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:34:08 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:34:45 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:34:47 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:34:48 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:34:50 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:34:50 (null) IP-BLOCK 62.45.1.169 (Type: outgoing)

19:34:54 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:34:56 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:35:02 (null) IP-BLOCK 121.125.5.31 (Type: incoming)

19:36:09 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:36:11 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:36:12 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:36:14 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:36:17 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:36:20 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:38:57 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:38:59 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:39:00 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:39:02 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:39:06 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:39:08 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:44:21 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:44:23 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:44:24 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:44:26 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:44:30 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:44:32 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:50:37 (null) IP-BLOCK 58.240.121.67 (Type: outgoing)

19:53:26 (null) IP-BLOCK 62.45.213.151 (Type: incoming)

19:53:29 (null) IP-BLOCK 62.45.213.151 (Type: incoming)

19:53:35 (null) IP-BLOCK 62.45.213.151 (Type: incoming)

19:54:06 (null) IP-BLOCK 62.45.213.151 (Type: incoming)

19:54:23 (null) IP-BLOCK 62.45.213.151 (Type: incoming)

19:55:09 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:55:11 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:55:12 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:55:14 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:55:18 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:55:20 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:56:07 (null) IP-BLOCK 58.240.130.2 (Type: incoming)

19:59:20 (null) IP-BLOCK 62.45.179.202 (Type: incoming)

20:00:05 (null) IP-BLOCK 77.78.237.231 (Type: incoming)

20:01:54 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

20:01:54 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

20:01:57 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

20:01:57 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

20:02:03 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

20:02:09 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

20:26:00 (null) IP-BLOCK 58.240.130.2 (Type: incoming)

20:33:57 (null) IP-BLOCK 222.70.55.58 (Type: incoming)

20:37:38 (null) IP-BLOCK 121.10.120.182 (Type: incoming)

21:08:25 (null) MESSAGE IP Protection stopped

21:14:45 (null) MESSAGE IP Protection started successfully

I've also done a System Scan and MB found no malicious items. Here is the DDS log as requested.

.

DDS (Ver_2011-06-11.01) - NTFSx86

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_24

Run by Owner at 21:07:30 on 2011-06-10

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.64 [GMT -7:00]

.

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Multimedia Card Reader\shwicon2k.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Owner\Desktop\39x4u0xr.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = localhost;*.local

uInternet Settings,ProxyServer = 0.0.0.0:80

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll

TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

uPolicies-explorer: NoSMHelp = 01000000

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{84081A5F-35C0-4D7B-B076-EF69C260AFED} : DhcpNameServer = 192.168.1.254

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\tv0e6jmo.default\

FF - prefs.js: browser.startup.homepage - hxxp://othersi.freeforums.org/search.php?search_id=newposts&sid=196ca0a2ca084e3c7660345c1bab0f6d

FF - prefs.js: network.proxy.type - 0

FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\tv0e6jmo.default\extensions\twitternotifier@naan.net\platform\winnt\components\nsTwitterFoxSign.dll

FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: BitTorrent WebUI em:optionsURL=chrome://bittorrent_webui/content/options.xul em:version=0.2.1>: BitTorrent_WebUI@firefox.alexisbrunet.com - %profile%\extensions\BitTorrent_WebUI@firefox.alexisbrunet.com

FF - Ext: Chromin Frame: ChrominFrame@zero.fire - %profile%\extensions\ChrominFrame@zero.fire

FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}

FF - Ext: Strata Aero: {269FB356-C69F-7349-D092-AB28AF836D0E} - %profile%\extensions\{269FB356-C69F-7349-D092-AB28AF836D0E}

FF - Ext: Compact Menu 2: {57068FBE-1506-42ee-AB02-BD183E7999E4} - %profile%\extensions\{57068FBE-1506-42ee-AB02-BD183E7999E4}

FF - Ext: Echofon: twitternotifier@naan.net - %profile%\extensions\twitternotifier@naan.net

FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: Paste and Go 3: omiazad@msn.com - %profile%\extensions\omiazad@msn.com

FF - Ext: Text2Link: {E9AE265A-1885-4143-BDC3-2783D9124418} - %profile%\extensions\{E9AE265A-1885-4143-BDC3-2783D9124418}

FF - Ext: Toggle Private Browsing: toggleprivatebrowsing@supernova00.biz - %profile%\extensions\toggleprivatebrowsing@supernova00.biz

FF - Ext: Imgur Uploader: giorgio@gilestro.tk - %profile%\extensions\giorgio@gilestro.tk

FF - Ext: Smart Stop/Reload: stop-reload@design-noir.de - %profile%\extensions\stop-reload@design-noir.de

FF - Ext: TinEye Reverse Image Search: tineye@ideeinc.com - %profile%\extensions\tineye@ideeinc.com

FF - Ext: TotalToolbar: totaltoolbar@mozdev.org - %profile%\extensions\totaltoolbar@mozdev.org

FF - Ext: Glazoom (anciennement Zoom It!): zoomit@disruptive-innovations.com - %profile%\extensions\zoomit@disruptive-innovations.com

FF - Ext: Glazoom (formerly known as Zoom It!): zoomit@disruptive-innovations.com - %profile%\extensions\zoomit@disruptive-innovations.com

FF - Ext: Element Hiding Helper for Adblock Plus: elemhidehelper@adblockplus.org - %profile%\extensions\elemhidehelper@adblockplus.org

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

.

============= SERVICES / DRIVERS ===============

.

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-7-7 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-7 108289]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-7 185089]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-30 56816]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-7 366640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-7 22712]

S3 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]

.

=============== File Associations ===============

.

.txt=CrimsonEditor.txt

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

2011-05-29 16:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 16:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 21:09:53.37 ===============

I have also attached the ARK and attach files, as requested here. Thank you for any help you can provide.

attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please see:

HijackThis Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

This goes for BitTorrent and anything else you may have installed. They're also probably the source of your issues.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.