Jump to content

need help with virus removal


Recommended Posts

Sorry for double posting, Attach.zip didn't get uploaded the first time.

virus couldn't be removed by AVG, Malwarebytes, or Hijack This. Malwarebytes recognizes it, but can't remove it.

every 5-30 seconds i get a message from Malwarebytes:

Successfully Blocked Access To a Potentially Malicious Site: [ip address here]

Type: outgoing

Port: [always different]

Process: svchost.exe

when doing google searches from Internet Explorer or Firefox, I am redirected to a malicious page when i click on a link. I can still get to the pages by copy and pasting the url into the browser.

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_20

Run by adam at 15:47:48 on 2011-06-25

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2038.620 [GMT -7:00]

.

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Users\adam\Desktop\SysProt\SysProt.exe

C:\Windows\system32\taskeng.exe

C:\Users\adam\Desktop\Defogger.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjA5MzU3MTA3LVhPMTArMi1RSVgxKzQtWDIwMTArMi1WSVAxMCsxLUYxME0xMEQrMS1MSUMrMjItRkwxMCsxLVNQMSsxLVNQMVRCKzEtU1VEKzEtUzFJKzEtU1UzKzEtRERUKzA"&"prod=90"&"ver=10.0.1388

mPolicies-system: EnableLUA = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{2F8ACF08-1B65-4D9D-8DC7-ADDDA66777CF} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{71F4864C-3E1B-4428-887C-1AB243388E53} : DhcpNameServer = 209.18.47.61 209.18.47.62

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\adam\appdata\roaming\mozilla\firefox\profiles\ow1o97yw.default\

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

FF - Ext: Flash and Video Download: {bee6eb20-01e0-ebd1-da83-080329fb9a3a} - %profile%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}

FF - Ext: KeepTube Downloader: webmaster@keep-tube.com - %profile%\extensions\webmaster@keep-tube.com

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: FlashFirebug: flashfirebug@o-minds.com - %profile%\extensions\flashfirebug@o-minds.com

.

============= SERVICES / DRIVERS ===============

.

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-25 366640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-25 22712]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2010-3-31 350720]

R3 SysProtDrv.sys;SysProtDrv.sys;c:\users\adam\desktop\sysprot\SysProtDrv.sys [2011-6-25 44288]

S3 ps_1394;ps_1394;c:\windows\system32\drivers\ps_1394.sys [2010-12-11 71936]

S3 ps_avs;ps_avs;c:\windows\system32\drivers\ps_avs.sys [2010-12-11 24576]

S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

.

=============== Created Last 30 ================

.

2011-06-25 22:15:45 388096 ----a-r- c:\users\adam\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-06-25 22:15:44 -------- d-----w- c:\program files\Trend Micro

2011-06-25 21:19:58 -------- d-----w- c:\users\adam\appdata\local\temp

2011-06-25 21:19:04 -------- d-sh--w- C:\$RECYCLE.BIN

2011-06-25 17:55:17 -------- d-----w- c:\users\adam\appdata\roaming\Malwarebytes

2011-06-25 17:55:09 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-25 17:55:08 -------- d-----w- c:\programdata\Malwarebytes

2011-06-25 17:55:05 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-25 17:55:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-25 08:15:16 98816 ----a-w- c:\windows\sed.exe

2011-06-25 08:15:16 518144 ----a-w- c:\windows\SWREG.exe

2011-06-25 08:15:16 256512 ----a-w- c:\windows\PEV.exe

2011-06-25 08:15:16 208896 ----a-w- c:\windows\MBR.exe

2011-06-11 22:32:46 -------- d-----w- c:\program files\EasyPHP-5.3.6.0

2011-06-11 21:46:19 -------- d-----w- c:\program files\Apache Software Foundation

2011-06-11 21:30:07 -------- d-----w- C:\$UPGRADE.~OS

2011-06-04 22:07:28 -------- d-----w- c:\users\adam\appdata\roaming\FreeFileSync

2011-06-04 22:07:05 -------- d-----w- c:\program files\FreeFileSync

.

==================== Find3M ====================

.

2011-04-30 05:05:53 338432 ----a-w- c:\windows\system32\REX Shared Library.dll

2011-04-30 05:05:17 406528 ----a-w- c:\windows\system32\ReWire.dll

2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr

.

============= FINISH: 15:49:02.91 ===============

Malwarebytes Protecton log

-----------------------------------------

10:56:32 adam MESSAGE Protection started successfully

10:56:39 adam MESSAGE IP Protection started successfully

10:57:16 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 51251, Process: svchost.exe)

10:57:24 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 51253, Process: svchost.exe)

10:57:24 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 51131, Process: svchost.exe)

10:57:48 adam IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 51329, Process: svchost.exe)

10:58:12 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 51372, Process: svchost.exe)

10:58:12 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 51376, Process: svchost.exe)

10:58:21 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 51394, Process: svchost.exe)

11:15:16 adam IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 52224, Process: svchost.exe)

11:15:16 adam IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 52225, Process: svchost.exe)

11:16:12 adam IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 52343, Process: svchost.exe)

11:16:28 adam IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 52369, Process: svchost.exe)

11:16:36 adam IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 52376, Process: svchost.exe)

11:16:44 adam IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 52378, Process: svchost.exe)

11:17:33 adam IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 52418, Process: svchost.exe)

11:18:38 adam IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 52523, Process: svchost.exe)

11:18:46 adam IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 52550, Process: svchost.exe)

11:19:35 adam IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 52651, Process: svchost.exe)

11:19:43 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 52660, Process: svchost.exe)

11:19:43 adam IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 52691, Process: svchost.exe)

11:20:15 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 52711, Process: svchost.exe)

11:20:15 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 52719, Process: svchost.exe)

11:20:23 adam IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 52726, Process: svchost.exe)

11:22:08 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 52754, Process: svchost.exe)

11:25:06 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 52756, Process: svchost.exe)

11:28:11 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 52758, Process: svchost.exe)

11:31:08 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 52760, Process: svchost.exe)

11:34:14 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 53187, Process: svchost.exe)

11:37:19 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54459, Process: svchost.exe)

11:37:19 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54460, Process: svchost.exe)

11:37:19 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 54466, Process: svchost.exe)

11:38:00 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54765, Process: svchost.exe)

11:38:32 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54992, Process: svchost.exe)

11:38:32 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54993, Process: svchost.exe)

11:40:16 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 55545, Process: svchost.exe)

11:42:58 adam IP-BLOCK 109.235.55.11 (Type: outgoing, Port: 55995, Process: utorrent.exe)

11:43:22 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 56068, Process: svchost.exe)

11:43:22 adam IP-BLOCK 121.10.137.71 (Type: outgoing, Port: 30768, Process: utorrent.exe)

11:43:30 adam IP-BLOCK 193.107.16.156 (Type: outgoing, Port: 56116, Process: utorrent.exe)

11:44:02 adam IP-BLOCK 121.10.137.71 (Type: outgoing, Port: 30768, Process: utorrent.exe)

11:44:02 adam IP-BLOCK 121.10.137.71 (Type: outgoing, Port: 30768, Process: utorrent.exe)

11:44:27 adam IP-BLOCK 78.140.152.61 (Type: outgoing, Port: 56170, Process: svchost.exe)

11:46:29 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 56362, Process: svchost.exe)

11:47:02 adam IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 56490, Process: svchost.exe)

11:49:13 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 56733, Process: svchost.exe)

11:52:10 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 56735, Process: svchost.exe)

11:55:07 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 56737, Process: svchost.exe)

11:58:13 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 56739, Process: svchost.exe)

12:01:11 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 56987, Process: svchost.exe)

12:02:31 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 57034, Process: svchost.exe)

12:05:36 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 57036, Process: svchost.exe)

12:08:34 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 57038, Process: svchost.exe)

12:11:39 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 57040, Process: svchost.exe)

12:12:43 adam IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 57046, Process: svchost.exe)

12:13:32 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 57077, Process: svchost.exe)

12:13:32 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 57078, Process: svchost.exe)

12:14:12 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 57099, Process: svchost.exe)

12:14:12 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 57100, Process: svchost.exe)

12:14:36 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 57175, Process: svchost.exe)

12:14:44 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 57196, Process: svchost.exe)

12:14:56 adam MESSAGE IP Protection stopped

12:14:59 adam MESSAGE IP Protection started successfully

12:15:36 adam IP-BLOCK 195.3.145.110 (Type: outgoing, Port: 57350, Process: firefox.exe)

12:16:16 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 57381, Process: svchost.exe)

12:19:13 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 57388, Process: svchost.exe)

12:22:19 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 57416, Process: svchost.exe)

12:25:16 adam IP-BLOCK 195.3.145.105 (Type: outgoing, Port: 57456, Process: firefox.exe)

12:27:17 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 57589, Process: svchost.exe)

12:27:57 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 57634, Process: svchost.exe)

12:27:57 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 57637, Process: svchost.exe)

12:28:13 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 57698, Process: svchost.exe)

12:28:30 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 57726, Process: svchost.exe)

12:28:38 adam IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 57733, Process: svchost.exe)

13:42:37 adam MESSAGE Protection started successfully

13:42:42 adam MESSAGE IP Protection started successfully

13:43:28 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 49188, Process: svchost.exe)

13:45:13 adam IP-BLOCK 195.3.145.105 (Type: outgoing, Port: 49405, Process: firefox.exe)

13:45:29 adam IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49480, Process: svchost.exe)

13:45:29 adam IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49481, Process: svchost.exe)

13:46:25 adam IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49745, Process: svchost.exe)

13:46:33 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 49777, Process: svchost.exe)

13:46:49 adam IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49832, Process: svchost.exe)

13:47:38 adam IP-BLOCK 78.140.152.61 (Type: outgoing, Port: 50098, Process: svchost.exe)

13:48:18 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50281, Process: svchost.exe)

13:48:26 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50283, Process: svchost.exe)

13:48:50 adam IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 50363, Process: svchost.exe)

13:49:06 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50451, Process: svchost.exe)

13:49:06 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50454, Process: svchost.exe)

13:49:31 adam IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 50557, Process: svchost.exe)

13:49:31 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 50560, Process: svchost.exe)

13:49:39 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50586, Process: svchost.exe)

13:50:03 adam IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 50720, Process: svchost.exe)

13:50:11 adam IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 50731, Process: svchost.exe)

13:51:24 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 50773, Process: svchost.exe)

13:54:29 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 50800, Process: svchost.exe)

13:57:27 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 50803, Process: svchost.exe)

14:00:24 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 50805, Process: svchost.exe)

14:05:50 adam MESSAGE Protection started successfully

14:05:55 adam MESSAGE IP Protection started successfully

14:06:33 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 49159, Process: svchost.exe)

14:06:33 adam IP-BLOCK 195.3.145.110 (Type: outgoing, Port: 49160, Process: svchost.exe)

14:06:33 adam IP-BLOCK 188.95.52.161 (Type: outgoing, Port: 49161, Process: svchost.exe)

14:09:40 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 49163, Process: svchost.exe)

14:12:37 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 49165, Process: svchost.exe)

14:17:32 adam MESSAGE Protection started successfully

14:17:37 adam MESSAGE IP Protection started successfully

14:18:15 adam IP-BLOCK 195.3.145.110 (Type: outgoing, Port: 49159, Process: svchost.exe)

14:18:15 adam IP-BLOCK 188.95.52.161 (Type: outgoing, Port: 49160, Process: svchost.exe)

14:18:15 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 49161, Process: svchost.exe)

14:21:13 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 49165, Process: svchost.exe)

14:37:55 adam MESSAGE Protection started successfully

14:38:00 adam MESSAGE IP Protection started successfully

14:38:54 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 49184, Process: svchost.exe)

14:41:43 adam IP-BLOCK 195.3.145.105 (Type: outgoing, Port: 49191, Process: firefox.exe)

14:41:51 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 49195, Process: svchost.exe)

14:44:56 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 49201, Process: svchost.exe)

14:47:13 adam IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49392, Process: svchost.exe)

14:47:13 adam IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49393, Process: svchost.exe)

14:47:53 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 49479, Process: svchost.exe)

14:48:01 adam IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49514, Process: svchost.exe)

14:48:18 adam IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49601, Process: svchost.exe)

14:48:18 adam IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49602, Process: svchost.exe)

14:48:50 adam IP-BLOCK 195.3.145.111 (Type: outgoing, Port: 49680, Process: svchost.exe)

14:48:50 adam IP-BLOCK 188.95.52.160 (Type: outgoing, Port: 49681, Process: svchost.exe)

14:50:10 adam IP-BLOCK 78.140.152.61 (Type: outgoing, Port: 49843, Process: svchost.exe)

14:50:26 adam IP-BLOCK 78.140.152.61 (Type: outgoing, Port: 49872, Process: svchost.exe)

14:50:43 adam IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 49893, Process: svchost.exe)

14:50:51 adam IP-BLOCK 216.150.159.109 (Type: outgoing, Port: 49901, Process: svchost.exe)

14:50:51 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49911, Process: svchost.exe)

14:50:59 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 49918, Process: svchost.exe)

14:51:07 adam IP-BLOCK 216.150.159.109 (Type: outgoing, Port: 49933, Process: svchost.exe)

14:51:07 adam IP-BLOCK 78.140.152.61 (Type: outgoing, Port: 49934, Process: svchost.exe)

14:51:31 adam IP-BLOCK 216.150.159.109 (Type: outgoing, Port: 49962, Process: svchost.exe)

14:51:39 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49976, Process: svchost.exe)

14:51:47 adam IP-BLOCK 216.150.159.109 (Type: outgoing, Port: 49985, Process: svchost.exe)

14:51:55 adam IP-BLOCK 216.150.159.109 (Type: outgoing, Port: 50011, Process: svchost.exe)

14:52:03 adam IP-BLOCK 78.140.152.61 (Type: outgoing, Port: 50017, Process: svchost.exe)

14:52:11 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50025, Process: svchost.exe)

14:52:11 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50026, Process: svchost.exe)

14:52:20 adam IP-BLOCK 78.140.152.61 (Type: outgoing, Port: 50057, Process: svchost.exe)

14:53:56 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 50217, Process: svchost.exe)

14:56:13 adam IP-BLOCK 195.3.145.105 (Type: outgoing, Port: 50421, Process: firefox.exe)

14:56:53 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 50470, Process: svchost.exe)

14:59:59 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 50597, Process: svchost.exe)

15:01:36 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 50608, Process: svchost.exe)

15:04:41 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 50610, Process: svchost.exe)

15:07:38 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 50612, Process: svchost.exe)

15:10:43 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 50614, Process: svchost.exe)

15:13:16 adam IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 50739, Process: svchost.exe)

15:13:40 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 50749, Process: svchost.exe)

15:15:33 adam IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 51010, Process: svchost.exe)

15:16:37 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 51416, Process: svchost.exe)

15:19:42 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 52327, Process: svchost.exe)

15:20:06 adam IP-BLOCK 195.3.145.105 (Type: outgoing, Port: 52470, Process: iexplore.exe)

15:22:31 adam IP-BLOCK 195.3.145.105 (Type: outgoing, Port: 52808, Process: firefox.exe)

15:22:48 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 52837, Process: svchost.exe)

15:25:06 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 52902, Process: svchost.exe)

15:28:03 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 52921, Process: svchost.exe)

15:31:08 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 52945, Process: svchost.exe)

15:34:05 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 52984, Process: svchost.exe)

15:35:18 adam IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 53004, Process: svchost.exe)

15:37:03 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 53393, Process: svchost.exe)

15:37:35 adam IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 53440, Process: svchost.exe)

15:39:03 adam IP-BLOCK 195.3.145.110 (Type: outgoing, Port: 53787, Process: firefox.exe)

15:39:04 adam IP-BLOCK 188.95.52.161 (Type: outgoing, Port: 53788, Process: firefox.exe)

15:39:12 adam IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 53829, Process: svchost.exe)

15:39:28 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 53901, Process: svchost.exe)

15:40:00 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54014, Process: svchost.exe)

15:40:08 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 54032, Process: svchost.exe)

15:40:16 adam IP-BLOCK 188.72.198.206 (Type: outgoing, Port: 54054, Process: svchost.exe)

15:40:16 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54057, Process: svchost.exe)

15:40:48 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54120, Process: svchost.exe)

15:40:48 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54136, Process: svchost.exe)

15:40:48 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54142, Process: svchost.exe)

15:41:04 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54166, Process: svchost.exe)

15:41:04 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54170, Process: svchost.exe)

15:43:05 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 54303, Process: svchost.exe)

15:46:10 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 54470, Process: svchost.exe)

15:49:07 adam IP-BLOCK 195.3.145.111 (Type: outgoing, Port: 54583, Process: firefox.exe)

15:49:07 adam IP-BLOCK 188.95.52.160 (Type: outgoing, Port: 54584, Process: firefox.exe)

15:51:32 adam IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 54592, Process: svchost.exe)

16:16:52 adam MESSAGE Protection started successfully

16:17:00 adam MESSAGE IP Protection started successfully

16:17:44 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 49161, Process: svchost.exe)

16:20:49 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 49165, Process: svchost.exe)

16:23:46 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 49167, Process: svchost.exe)

16:25:38 adam IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 49177, Process: svchost.exe)

16:26:34 adam IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 49243, Process: svchost.exe)

16:26:50 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 49253, Process: svchost.exe)

16:27:07 adam IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 49260, Process: svchost.exe)

16:27:47 adam IP-BLOCK 195.3.145.111 (Type: outgoing, Port: 49331, Process: svchost.exe)

16:27:47 adam IP-BLOCK 188.95.52.160 (Type: outgoing, Port: 49332, Process: svchost.exe)

16:28:11 adam IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 49396, Process: svchost.exe)

16:29:40 adam IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 49694, Process: svchost.exe)

16:29:48 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 49746, Process: svchost.exe)

16:32:53 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 50231, Process: svchost.exe)

16:35:51 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 50357, Process: svchost.exe)

16:36:23 adam IP-BLOCK 195.3.145.105 (Type: outgoing, Port: 50371, Process: firefox.exe)

16:37:19 adam IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 50461, Process: svchost.exe)

16:37:52 adam IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 50490, Process: svchost.exe)

16:38:16 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50494, Process: svchost.exe)

16:38:16 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50495, Process: svchost.exe)

16:38:48 adam IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 50501, Process: svchost.exe)

16:38:56 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 50503, Process: svchost.exe)

16:39:12 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50511, Process: svchost.exe)

16:39:44 adam IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50584, Process: svchost.exe)

16:41:53 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 50788, Process: svchost.exe)

16:44:58 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 51033, Process: svchost.exe)

16:47:47 adam IP-BLOCK 68.168.212.18 (Type: outgoing, Port: 51134, Process: svchost.exe)

16:47:47 adam IP-BLOCK 93.114.40.221 (Type: outgoing, Port: 51135, Process: svchost.exe)

16:47:55 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 51138, Process: svchost.exe)

16:50:52 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 51166, Process: svchost.exe)

16:53:57 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 51168, Process: svchost.exe)

16:56:54 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 51171, Process: svchost.exe)

16:59:59 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 51254, Process: svchost.exe)

17:02:56 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 51353, Process: svchost.exe)

17:06:02 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 51518, Process: svchost.exe)

17:08:59 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 51528, Process: svchost.exe)

17:12:04 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 51533, Process: svchost.exe)

17:15:01 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 51539, Process: svchost.exe)

17:15:49 adam IP-BLOCK 195.3.145.105 (Type: outgoing, Port: 51542, Process: firefox.exe)

17:17:50 adam IP-BLOCK 68.168.212.21 (Type: outgoing, Port: 51665, Process: svchost.exe)

17:17:58 adam IP-BLOCK 195.3.145.110 (Type: outgoing, Port: 51670, Process: firefox.exe)

17:17:58 adam IP-BLOCK 188.95.52.161 (Type: outgoing, Port: 51671, Process: firefox.exe)

17:17:58 adam IP-BLOCK 83.133.127.85 (Type: outgoing, Port: 51688, Process: svchost.exe)

mbam-log-2011-06-25 (13-15-47).txt

Link to post
Share on other sites

:welcome:

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

  • If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.