Continuous IP blocks incoming/outgoing

strykersteve · June 11, 2011

Hi there,

Getting a ton of IP blocks on my PC when nothing is running, so I'm assuming I've got some hidden nasty lurking on my system and was hoping for an assist. They are of both the incoming and outgoing variety, and most seem to be originating from China. Hopefully, this is the information you need. Here is a look at the latest Protection Log from MalwareBytes to see what I mean...

07:48:55 (null) MESSAGE Protection started successfully

07:49:04 (null) MESSAGE IP Protection started successfully

17:02:48 (null) MESSAGE Scheduled update executed successfully

17:02:50 (null) MESSAGE IP Protection stopped

17:05:29 (null) MESSAGE Database updated successfully

17:05:46 (null) MESSAGE IP Protection started successfully

17:05:58 (null) IP-BLOCK 58.240.254.60 (Type: outgoing)

17:21:52 (null) IP-BLOCK 58.240.254.60 (Type: outgoing)

17:21:59 (null) IP-BLOCK 219.146.254.216 (Type: outgoing)

17:28:32 (null) IP-BLOCK 206.53.54.74 (Type: incoming)

17:35:50 (null) IP-BLOCK 222.69.218.253 (Type: incoming)

17:42:30 (null) IP-BLOCK 77.78.236.4 (Type: incoming)

17:49:21 (null) IP-BLOCK 98.142.246.107 (Type: incoming)

17:49:39 (null) IP-BLOCK 98.142.246.107 (Type: incoming)

17:50:58 (null) IP-BLOCK 222.65.150.239 (Type: incoming)

17:54:26 (null) IP-BLOCK 98.142.246.107 (Type: incoming)

17:54:42 (null) IP-BLOCK 98.142.246.107 (Type: incoming)

17:55:28 (null) IP-BLOCK 98.142.246.107 (Type: incoming)

17:56:09 (null) IP-BLOCK 98.142.246.107 (Type: incoming)

18:00:06 (null) IP-BLOCK 98.142.246.107 (Type: incoming)

18:00:36 (null) IP-BLOCK 98.142.246.107 (Type: incoming)

18:01:03 (null) IP-BLOCK 98.142.246.107 (Type: incoming)

18:03:08 (null) IP-BLOCK 218.10.86.148 (Type: incoming)

18:06:10 (null) IP-BLOCK 98.142.246.107 (Type: outgoing)

18:12:41 (null) IP-BLOCK 219.151.170.89 (Type: incoming)

18:22:05 (null) IP-BLOCK 213.55.114.195 (Type: incoming)

18:22:06 (null) IP-BLOCK 218.7.74.121 (Type: outgoing)

18:23:04 (null) IP-BLOCK 83.128.56.36 (Type: outgoing)

18:28:06 (null) IP-BLOCK 222.65.150.239 (Type: incoming)

18:28:16 (null) IP-BLOCK 222.65.150.239 (Type: incoming)

18:28:21 (null) IP-BLOCK 222.65.150.239 (Type: incoming)

18:29:05 (null) IP-BLOCK 222.65.150.239 (Type: incoming)

18:32:11 (null) IP-BLOCK 222.76.133.250 (Type: incoming)

18:32:14 (null) IP-BLOCK 222.76.133.250 (Type: incoming)

18:32:15 (null) IP-BLOCK 222.76.133.250 (Type: incoming)

18:32:16 (null) IP-BLOCK 58.241.165.208 (Type: incoming)

18:37:21 (null) IP-BLOCK 98.142.246.107 (Type: incoming)

18:39:13 (null) IP-BLOCK 212.113.46.68 (Type: incoming)

18:49:03 (null) IP-BLOCK 222.65.150.239 (Type: incoming)

19:07:40 (null) IP-BLOCK 89.28.15.78 (Type: outgoing)

19:15:43 (null) IP-BLOCK 89.28.123.20 (Type: incoming)

19:31:07 (null) IP-BLOCK 109.235.49.39 (Type: outgoing)

19:31:10 (null) IP-BLOCK 109.235.49.39 (Type: outgoing)

19:31:16 (null) IP-BLOCK 109.235.49.39 (Type: outgoing)

19:31:20 (null) IP-BLOCK 109.235.49.39 (Type: outgoing)

19:31:22 (null) IP-BLOCK 109.235.49.39 (Type: outgoing)

19:31:28 (null) IP-BLOCK 109.235.49.39 (Type: outgoing)

19:33:09 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:33:11 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:33:12 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:33:14 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:33:18 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:33:20 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:33:33 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:33:35 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:33:36 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:33:38 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:33:42 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:33:44 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:33:57 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:33:59 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:34:00 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:34:01 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:34:06 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:34:08 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:34:45 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:34:47 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:34:48 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:34:50 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:34:50 (null) IP-BLOCK 62.45.1.169 (Type: outgoing)

19:34:54 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:34:56 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:35:02 (null) IP-BLOCK 121.125.5.31 (Type: incoming)

19:36:09 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:36:11 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:36:12 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:36:14 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:36:17 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:36:20 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:38:57 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:38:59 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:39:00 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:39:02 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:39:06 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:39:08 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:44:21 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:44:23 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:44:24 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:44:26 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:44:30 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:44:32 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:50:37 (null) IP-BLOCK 58.240.121.67 (Type: outgoing)

19:53:26 (null) IP-BLOCK 62.45.213.151 (Type: incoming)

19:53:29 (null) IP-BLOCK 62.45.213.151 (Type: incoming)

19:53:35 (null) IP-BLOCK 62.45.213.151 (Type: incoming)

19:54:06 (null) IP-BLOCK 62.45.213.151 (Type: incoming)

19:54:23 (null) IP-BLOCK 62.45.213.151 (Type: incoming)

19:55:09 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:55:11 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:55:12 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:55:14 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:55:18 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

19:55:20 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

19:56:07 (null) IP-BLOCK 58.240.130.2 (Type: incoming)

19:59:20 (null) IP-BLOCK 62.45.179.202 (Type: incoming)

20:00:05 (null) IP-BLOCK 77.78.237.231 (Type: incoming)

20:01:54 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

20:01:54 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

20:01:57 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

20:01:57 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

20:02:03 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)

20:02:09 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)

20:26:00 (null) IP-BLOCK 58.240.130.2 (Type: incoming)

20:33:57 (null) IP-BLOCK 222.70.55.58 (Type: incoming)

20:37:38 (null) IP-BLOCK 121.10.120.182 (Type: incoming)

21:08:25 (null) MESSAGE IP Protection stopped

21:14:45 (null) MESSAGE IP Protection started successfully

I've also done a System Scan and MB found no malicious items. Here is the DDS log as requested.

.

DDS (Ver_2011-06-11.01) - NTFSx86

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_24

Run by Owner at 21:07:30 on 2011-06-10

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.64 [GMT -7:00]

.

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Multimedia Card Reader\shwicon2k.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Owner\Desktop\39x4u0xr.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = localhost;*.local

uInternet Settings,ProxyServer = 0.0.0.0:80

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll

TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

uPolicies-explorer: NoSMHelp = 01000000

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{84081A5F-35C0-4D7B-B076-EF69C260AFED} : DhcpNameServer = 192.168.1.254

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\tv0e6jmo.default\

FF - prefs.js: browser.startup.homepage - hxxp://othersi.freeforums.org/search.php?search_id=newposts&sid=196ca0a2ca084e3c7660345c1bab0f6d

FF - prefs.js: network.proxy.type - 0

FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\tv0e6jmo.default\extensions\twitternotifier@naan.net\platform\winnt\components\nsTwitterFoxSign.dll

FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: BitTorrent WebUI em:optionsURL=chrome://bittorrent_webui/content/options.xul em:version=0.2.1>: BitTorrent_WebUI@firefox.alexisbrunet.com - %profile%\extensions\BitTorrent_WebUI@firefox.alexisbrunet.com

FF - Ext: Chromin Frame: ChrominFrame@zero.fire - %profile%\extensions\ChrominFrame@zero.fire

FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}

FF - Ext: Strata Aero: {269FB356-C69F-7349-D092-AB28AF836D0E} - %profile%\extensions\{269FB356-C69F-7349-D092-AB28AF836D0E}

FF - Ext: Compact Menu 2: {57068FBE-1506-42ee-AB02-BD183E7999E4} - %profile%\extensions\{57068FBE-1506-42ee-AB02-BD183E7999E4}

FF - Ext: Echofon: twitternotifier@naan.net - %profile%\extensions\twitternotifier@naan.net

FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: Paste and Go 3: omiazad@msn.com - %profile%\extensions\omiazad@msn.com

FF - Ext: Text2Link: {E9AE265A-1885-4143-BDC3-2783D9124418} - %profile%\extensions\{E9AE265A-1885-4143-BDC3-2783D9124418}

FF - Ext: Toggle Private Browsing: toggleprivatebrowsing@supernova00.biz - %profile%\extensions\toggleprivatebrowsing@supernova00.biz

FF - Ext: Imgur Uploader: giorgio@gilestro.tk - %profile%\extensions\giorgio@gilestro.tk

FF - Ext: Smart Stop/Reload: stop-reload@design-noir.de - %profile%\extensions\stop-reload@design-noir.de

FF - Ext: TinEye Reverse Image Search: tineye@ideeinc.com - %profile%\extensions\tineye@ideeinc.com

FF - Ext: TotalToolbar: totaltoolbar@mozdev.org - %profile%\extensions\totaltoolbar@mozdev.org

FF - Ext: Glazoom (anciennement Zoom It!): zoomit@disruptive-innovations.com - %profile%\extensions\zoomit@disruptive-innovations.com

FF - Ext: Glazoom (formerly known as Zoom It!): zoomit@disruptive-innovations.com - %profile%\extensions\zoomit@disruptive-innovations.com

FF - Ext: Element Hiding Helper for Adblock Plus: elemhidehelper@adblockplus.org - %profile%\extensions\elemhidehelper@adblockplus.org

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

.

============= SERVICES / DRIVERS ===============

.

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-7-7 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-7 108289]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-7 185089]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-30 56816]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-7 366640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-7 22712]

S3 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]

.

=============== File Associations ===============

.

.txt=CrimsonEditor.txt

.

=============== Created Last 30 ================

.

==================== Find3M ====================

.

2011-05-29 16:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 16:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 21:09:53.37 ===============

I have also attached the ARK and attach files, as requested here. Thank you for any help you can provide.

strykersteve · June 11, 2011

Hi there,
Getting a ton of IP blocks on my PC when nothing is running, so I'm assuming I've got some hidden nasty lurking on my system and was hoping for an assist. They are of both the incoming and outgoing variety, and most seem to be originating from China. Hopefully, this is the information you need. Here is a look at the latest Protection Log from MalwareBytes to see what I mean...
07:48:55 (null) MESSAGE Protection started successfully
07:49:04 (null) MESSAGE IP Protection started successfully
17:02:48 (null) MESSAGE Scheduled update executed successfully
17:02:50 (null) MESSAGE IP Protection stopped
17:05:29 (null) MESSAGE Database updated successfully
17:05:46 (null) MESSAGE IP Protection started successfully
17:05:58 (null) IP-BLOCK 58.240.254.60 (Type: outgoing)
17:21:52 (null) IP-BLOCK 58.240.254.60 (Type: outgoing)
17:21:59 (null) IP-BLOCK 219.146.254.216 (Type: outgoing)
17:28:32 (null) IP-BLOCK 206.53.54.74 (Type: incoming)
17:35:50 (null) IP-BLOCK 222.69.218.253 (Type: incoming)
17:42:30 (null) IP-BLOCK 77.78.236.4 (Type: incoming)
17:49:21 (null) IP-BLOCK 98.142.246.107 (Type: incoming)
17:49:39 (null) IP-BLOCK 98.142.246.107 (Type: incoming)
17:50:58 (null) IP-BLOCK 222.65.150.239 (Type: incoming)
17:54:26 (null) IP-BLOCK 98.142.246.107 (Type: incoming)
17:54:42 (null) IP-BLOCK 98.142.246.107 (Type: incoming)
17:55:28 (null) IP-BLOCK 98.142.246.107 (Type: incoming)
17:56:09 (null) IP-BLOCK 98.142.246.107 (Type: incoming)
18:00:06 (null) IP-BLOCK 98.142.246.107 (Type: incoming)
18:00:36 (null) IP-BLOCK 98.142.246.107 (Type: incoming)
18:01:03 (null) IP-BLOCK 98.142.246.107 (Type: incoming)
18:03:08 (null) IP-BLOCK 218.10.86.148 (Type: incoming)
18:06:10 (null) IP-BLOCK 98.142.246.107 (Type: outgoing)
18:12:41 (null) IP-BLOCK 219.151.170.89 (Type: incoming)
18:22:05 (null) IP-BLOCK 213.55.114.195 (Type: incoming)
18:22:06 (null) IP-BLOCK 218.7.74.121 (Type: outgoing)
18:23:04 (null) IP-BLOCK 83.128.56.36 (Type: outgoing)
18:28:06 (null) IP-BLOCK 222.65.150.239 (Type: incoming)
18:28:16 (null) IP-BLOCK 222.65.150.239 (Type: incoming)
18:28:21 (null) IP-BLOCK 222.65.150.239 (Type: incoming)
18:29:05 (null) IP-BLOCK 222.65.150.239 (Type: incoming)
18:32:11 (null) IP-BLOCK 222.76.133.250 (Type: incoming)
18:32:11 (null) IP-BLOCK 222.76.133.250 (Type: incoming)
18:32:14 (null) IP-BLOCK 222.76.133.250 (Type: incoming)
18:32:15 (null) IP-BLOCK 222.76.133.250 (Type: incoming)
18:32:16 (null) IP-BLOCK 58.241.165.208 (Type: incoming)
18:37:21 (null) IP-BLOCK 98.142.246.107 (Type: incoming)
18:39:13 (null) IP-BLOCK 212.113.46.68 (Type: incoming)
18:49:03 (null) IP-BLOCK 222.65.150.239 (Type: incoming)
19:07:40 (null) IP-BLOCK 89.28.15.78 (Type: outgoing)
19:15:43 (null) IP-BLOCK 89.28.123.20 (Type: incoming)
19:31:07 (null) IP-BLOCK 109.235.49.39 (Type: outgoing)
19:31:10 (null) IP-BLOCK 109.235.49.39 (Type: outgoing)
19:31:16 (null) IP-BLOCK 109.235.49.39 (Type: outgoing)
19:31:20 (null) IP-BLOCK 109.235.49.39 (Type: outgoing)
19:31:22 (null) IP-BLOCK 109.235.49.39 (Type: outgoing)
19:31:28 (null) IP-BLOCK 109.235.49.39 (Type: outgoing)
19:33:09 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)
19:33:11 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
19:33:12 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)
19:33:14 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
19:33:18 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)
19:33:20 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
19:33:33 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)
19:33:35 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
19:33:36 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)
19:33:38 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
19:33:42 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)
19:33:44 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
19:33:57 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)
19:33:59 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
19:34:00 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)
19:34:01 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
19:34:06 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)
19:34:08 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
19:34:45 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)
19:34:47 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
19:34:48 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)
19:34:50 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
19:34:50 (null) IP-BLOCK 62.45.1.169 (Type: outgoing)
19:34:54 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)
19:34:56 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
19:35:02 (null) IP-BLOCK 121.125.5.31 (Type: incoming)
19:36:09 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)
19:36:11 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
19:36:12 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)
19:36:14 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
19:36:17 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)
19:36:20 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
19:38:57 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)
19:38:59 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
19:39:00 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)
19:39:02 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
19:39:06 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)
19:39:08 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
19:44:21 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)
19:44:23 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
19:44:24 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)
19:44:26 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
19:44:30 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)
19:44:32 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
19:50:37 (null) IP-BLOCK 58.240.121.67 (Type: outgoing)
19:53:26 (null) IP-BLOCK 62.45.213.151 (Type: incoming)
19:53:29 (null) IP-BLOCK 62.45.213.151 (Type: incoming)
19:53:35 (null) IP-BLOCK 62.45.213.151 (Type: incoming)
19:54:06 (null) IP-BLOCK 62.45.213.151 (Type: incoming)
19:54:23 (null) IP-BLOCK 62.45.213.151 (Type: incoming)
19:55:09 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)
19:55:11 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
19:55:12 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)
19:55:14 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
19:55:18 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)
19:55:20 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
19:56:07 (null) IP-BLOCK 58.240.130.2 (Type: incoming)
19:59:20 (null) IP-BLOCK 62.45.179.202 (Type: incoming)
20:00:05 (null) IP-BLOCK 77.78.237.231 (Type: incoming)
20:01:54 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)
20:01:54 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
20:01:57 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)
20:01:57 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
20:02:03 (null) IP-BLOCK 83.233.165.43 (Type: outgoing)
20:02:09 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
20:26:00 (null) IP-BLOCK 58.240.130.2 (Type: incoming)
20:33:57 (null) IP-BLOCK 222.70.55.58 (Type: incoming)
20:37:38 (null) IP-BLOCK 121.10.120.182 (Type: incoming)
21:08:25 (null) MESSAGE IP Protection stopped
21:14:45 (null) MESSAGE IP Protection started successfully
I've also done a System Scan and MB found no malicious items. Here is the DDS log as requested.
.
DDS (Ver_2011-06-11.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_24
Run by Owner at 21:07:30 on 2011-06-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.64 [GMT -7:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\39x4u0xr.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
uInternet Settings,ProxyServer = 0.0.0.0:80
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
uPolicies-explorer: NoSMHelp = 01000000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{84081A5F-35C0-4D7B-B076-EF69C260AFED} : DhcpNameServer = 192.168.1.254
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\tv0e6jmo.default\
FF - prefs.js: browser.startup.homepage - hxxp://othersi.freeforums.org/search.php?search_id=newposts&sid=196ca0a2ca084e3c7660345c1bab0f6d
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\tv0e6jmo.default\extensions\twitternotifier@naan.net\platform\winnt\components\nsTwitterFoxSign.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: BitTorrent WebUI em:optionsURL=chrome://bittorrent_webui/content/options.xul em:version=0.2.1>: BitTorrent_WebUI@firefox.alexisbrunet.com - %profile%\extensions\BitTorrent_WebUI@firefox.alexisbrunet.com
FF - Ext: Chromin Frame: ChrominFrame@zero.fire - %profile%\extensions\ChrominFrame@zero.fire
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: Strata Aero: {269FB356-C69F-7349-D092-AB28AF836D0E} - %profile%\extensions\{269FB356-C69F-7349-D092-AB28AF836D0E}
FF - Ext: Compact Menu 2: {57068FBE-1506-42ee-AB02-BD183E7999E4} - %profile%\extensions\{57068FBE-1506-42ee-AB02-BD183E7999E4}
FF - Ext: Echofon: twitternotifier@naan.net - %profile%\extensions\twitternotifier@naan.net
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Paste and Go 3: omiazad@msn.com - %profile%\extensions\omiazad@msn.com
FF - Ext: Text2Link: {E9AE265A-1885-4143-BDC3-2783D9124418} - %profile%\extensions\{E9AE265A-1885-4143-BDC3-2783D9124418}
FF - Ext: Toggle Private Browsing: toggleprivatebrowsing@supernova00.biz - %profile%\extensions\toggleprivatebrowsing@supernova00.biz
FF - Ext: Imgur Uploader: giorgio@gilestro.tk - %profile%\extensions\giorgio@gilestro.tk
FF - Ext: Smart Stop/Reload: stop-reload@design-noir.de - %profile%\extensions\stop-reload@design-noir.de
FF - Ext: TinEye Reverse Image Search: tineye@ideeinc.com - %profile%\extensions\tineye@ideeinc.com
FF - Ext: TotalToolbar: totaltoolbar@mozdev.org - %profile%\extensions\totaltoolbar@mozdev.org
FF - Ext: Glazoom (anciennement Zoom It!): zoomit@disruptive-innovations.com - %profile%\extensions\zoomit@disruptive-innovations.com
FF - Ext: Glazoom (formerly known as Zoom It!): zoomit@disruptive-innovations.com - %profile%\extensions\zoomit@disruptive-innovations.com
FF - Ext: Element Hiding Helper for Adblock Plus: elemhidehelper@adblockplus.org - %profile%\extensions\elemhidehelper@adblockplus.org
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-7-7 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-7 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-7 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-30 56816]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-7 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-7 22712]
S3 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
.
=============== File Associations ===============
.
.txt=CrimsonEditor.txt
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2011-05-29 16:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 16:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 21:09:53.37 ===============
I have also attached the ARK and attach files, as requested here. Thank you for any help you can provide.

attach.zip

screen317 · June 13, 2011

Hi and welcome to Malwarebytes.

Please see:

HijackThis Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

This goes for BitTorrent and anything else you may have installed. They're also probably the source of your issues.

strykersteve · June 14, 2011

Thanks Chris, appreciate the heads up.

screen317 · June 17, 2011

If you remove it, I can continue helping. If not, I will not be able to...

screen317 · June 30, 2011

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Sign In

Continuous IP blocks incoming/outgoing

Recommended Posts

strykersteve

Link to post

Share on other sites

strykersteve

Link to post

Share on other sites

screen317

Link to post

Share on other sites

strykersteve

Link to post

Share on other sites

screen317

Link to post

Share on other sites

screen317

Link to post

Share on other sites

Recently Browsing 0 members

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information