Jump to content

IP BLOCK 208.73.210.29


lailah

Recommended Posts

16:14:52 Sheila IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 51320, Process: firefox.exe)

Website in question is in the text file. Only that specific page/thread triggers it as i browsed a few other section of the website with no problem. Logs of GMER, DDS, Malwarebytes are in the post/zip. I also scanned with eset nod32 smart security which is the virus protection i am using. The latest versions of all these were used.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Sheila at 18:48:41 on 2011-09-06

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2045.901 [GMT 1:00]

.

AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Windows\System32\CtHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice

mRun: [CTHelper] CTHELPER.EXE

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [DevconDefaultDB] c:\windows\system32\READREG /SILENT /FAIL=1

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{CB1B4EC2-547F-484D-B533-5405A31BB297} : DhcpNameServer = 192.168.0.1

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\sheila\appdata\roaming\mozilla\firefox\profiles\ybh6tc7h.default\

FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

.

============= SERVICES / DRIVERS ===============

.

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008]

R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-12-21 137144]

R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-1-12 810144]

R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2010-12-21 41336]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-22 366640]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-8-4 2214504]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-22 22712]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-09-06 13:28:05 -------- d-----w- c:\users\sheila\appdata\local\{5C066D35-1F27-4C22-991A-40AEC8AFB7A4}

2011-09-06 13:28:03 -------- d-----w- c:\users\sheila\appdata\local\{792D65D0-C02F-44F9-A28E-177E3484C005}

2011-09-06 13:00:28 7152464 ------w- c:\programdata\microsoft\windows defender\definition updates\{cd4e7895-7c88-4303-a7d5-2356a5acf1c8}\mpengine.dll

2011-09-06 12:54:00 -------- d-----w- c:\users\sheila\Tracing

2011-09-06 12:47:33 -------- d-----w- c:\windows\PCHEALTH

2011-09-06 12:42:19 6260088 ----a-w- c:\program files\common files\windows live\.cache\67d830d11cc6c9201\Silverlight.4.0.exe

2011-09-06 12:41:56 -------- d-----w- c:\users\sheila\appdata\local\Windows Live

2011-09-06 12:41:52 -------- d-----w- c:\program files\common files\Windows Live

2011-08-24 11:30:36 2048 ----a-w- c:\windows\system32\tzres.dll

2011-08-22 15:28:08 -------- d-----w- c:\program files\BinaryBiz

2011-08-22 15:16:29 -------- d-sh--w- c:\windows\system32\%APPDATA%

2011-08-22 01:32:50 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-22 01:32:45 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-21 23:09:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-08-21 23:09:19 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-08-21 22:47:12 -------- d-----w- c:\users\sheila\appdata\roaming\Malwarebytes

2011-08-21 22:47:07 -------- d-----w- c:\programdata\Malwarebytes

2011-08-21 22:47:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-20 13:54:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-10 10:38:48 375808 ----a-w- c:\windows\system32\winsrv.dll

2011-08-10 10:38:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-08-10 10:38:46 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2011-08-10 10:38:38 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-08-10 10:38:38 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-08-10 10:38:24 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

==================== Find3M ====================

.

2011-08-04 21:26:31 409600 ----a-w- c:\windows\system32\wrap_oal.dll

2011-08-04 21:26:31 114688 ----a-w- c:\windows\system32\OpenAL32.dll

2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb

.

============= FINISH: 18:49:20.18 ===============

Attach.zip

Website causing ip block.zip

Link to post
Share on other sites

  • 3 weeks later...
  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.