Jump to content

Repeated IP BLOCKS from Malwarebytes..PLEASE HELP


Surerus

Recommended Posts

I am having an issue with Malwarebytes always popping up showing that IP-BloCK type:Outgoing message hundreds of times throughout the day. It eventually stopped showing the yellow popup in the bottom corner of the screen so often, however looking at the Protection log for today, the hundreds of ip-blocks are still happening.

I also notice in the task manager that internet explorer iexplorer.exe is always running. Even if I end the process; a minute later it is running again. I use Firefox and never noticed internet explorer running before this problem started happening. The only sign of anything wrong with the computer other than the hundreds of IP blocks and IE running, is when i am surfing websites. Sometimes when I click on a link to a web page, Firefox automaticly continues on to open some other random site i am unfamiliar with. I need to keep hitting Back (Last Page) quickly on Firefox to get to the original linked page i was trying to get to. Im not sure if this is harmful to my computer but any help fixing this issue would be greatly appreciated.

Reading other forum posts on similar topics, I followed a couple steps taking no action on the computer but saving the logs.

Included below is:

1)Protection log from Malwarebytes

2)GMER 1.0.15.15641 scan results. (I used De-Frogger to Disable my CD Emulator Drivers before the scan.)

3)DDS Results (One pasted Below and one attached as a .ZIP file.)

I use: AVIRA ANTIVIR for my anti-virus, Malwarebytes, SUPERAntiSpyware v5.01128, and Windows Defender.

Thanks in Advance for the help. :)

--------------------------------------------------------------------------------------------------------------------------------------------------

--------------------------------------------------------------------------------------------------------------------------------------------------

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2011-09-28 19:57:43

Windows 5.1.2600 Service Pack 3

Running: ph8fr41d.exe; Driver: C:\DOCUME~1\dan\LOCALS~1\Temp\pgdyapog.sys

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\Temp\TMP000007F9F2A0D61AFFD197F0 524288 bytes

File C:\WINDOWS\Temp\TMP000007FA35518C330DA5711E 524288 bytes

File C:\WINDOWS\Temp\TMP000007FB1C6EDBFCED858388 524288 bytes

---- EOF - GMER 1.0.15 ----

-------------------------------------------------------------------------------------------------------------------------------------------------

-------------------------------------------------------------------------------------------------------------------------------------------------

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_26

Run by dan at 20:01:46 on 2011-09-28

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1236 [GMT -4:00]

.

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\dan\Desktop\ph8fr41d.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://yahoo.com/

uDefault_Page_URL = hxxp://www.dell4me.com/myway

mDefault_Page_URL = hxxp://www.dell4me.com/myway

mStart Page = hxxp://www.dell4me.com/myway

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3100v2\WNDA3100v2.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{63A7178D-85E8-4D1E-A247-79C8A85A9436} : DhcpNameServer = 192.168.1.1

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxdev.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\dan\application data\mozilla\firefox\profiles\9jg75wjs.default\

FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-4-6 11608]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-7-18 116608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-4-6 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-6 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-6 66616]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-25 366152]

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

R2 WSWNDA3100;WSWNDA3100;c:\program files\netgear\wnda3100v2\WifiSvc.exe [2011-8-12 272864]

R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [2011-8-12 642432]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-25 22216]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-24 136176]

S3 cpuz132;cpuz132;\??\c:\docume~1\dan\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\dan\locals~1\temp\cpuz132\cpuz132_x32.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-24 136176]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]

S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2011-8-12 50704]

S3 QCEmerald;Logitech QuickCam Web(PID_0850);c:\windows\system32\drivers\lvce.sys [2011-6-21 44544]

.

=============== Created Last 30 ================

.

2011-09-28 22:51:15 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{d1c2079a-448f-45f1-b2bb-c1fa76468118}\offreg.dll

2011-09-28 21:08:00 388096 ----a-r- c:\documents and settings\dan\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-09-28 21:07:59 -------- d-----w- c:\program files\Trend Micro

2011-09-27 07:18:27 7269712 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{d1c2079a-448f-45f1-b2bb-c1fa76468118}\mpengine.dll

2011-09-26 03:44:15 7269712 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\backup\mpengine.dll

2011-09-26 03:44:08 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-09-26 00:25:10 -------- d-----w- c:\program files\CCleaner

2011-09-26 00:06:37 -------- d-----w- c:\documents and settings\dan\application data\SUPERAntiSpyware.com

2011-09-26 00:06:10 -------- d-----w- c:\documents and settings\all users\application data\!SASCORE

2011-09-26 00:06:06 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-09-26 00:06:06 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

2011-09-25 23:48:37 -------- d-----w- c:\documents and settings\dan\application data\Resource Tuner

2011-09-25 10:18:38 -------- d-----w- c:\documents and settings\dan\application data\Malwarebytes

2011-09-25 10:18:24 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-09-25 10:18:18 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-25 10:18:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-25 10:02:55 -------- d-----w- c:\documents and settings\dan\application data\B2ibF3pnGaJdKfZ

2011-09-25 10:00:13 -------- d-----w- c:\documents and settings\dan\application data\YtzPNAAi2n4a5Jf

2011-09-25 10:00:13 -------- d-----w- c:\documents and settings\dan\application data\LWK8fRL9hXjClBz

2011-09-25 10:00:13 -------- d-----w- c:\documents and settings\dan\application data\dHHH5ssWJ

2011-09-25 09:59:56 -------- d-----w- c:\program files\common files\DivX Shared

2011-09-24 02:55:16 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-09-23 22:49:02 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-09-23 22:49:02 -------- d-----w- c:\windows\system32\wbem\Repository

2011-09-18 03:53:10 -------- d-----w- c:\program files\DivX

2011-09-15 22:56:37 -------- d-----w- c:\documents and settings\dan\local settings\application data\Corel

2011-09-05 02:37:24 -------- d-----w- c:\documents and settings\dan\application data\.minecraft

2011-09-03 10:17:37 599040 ------w- c:\windows\system32\dllcache\crypt32.dll

.

==================== Find3M ====================

.

2011-09-27 23:06:11 56 --sh--r- c:\windows\system32\9BAC6E5E1D.sys

2011-09-27 23:06:11 2620 --sha-w- c:\windows\system32\KGyGaAvL.sys

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-03 10:17:37 599040 ----a-w- c:\windows\system32\crypt32(3).dll

2011-08-17 20:41:07 1409 ----a-w- c:\windows\QTFont.for

2011-08-01 21:26:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

.

============= FINISH: 20:12:55.53 ===============

------------------------------------------------------------------------------------------------------------------------------------------------

------------------------------------------------------------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7811

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

9/28/2011 9:41:53 AM

mbam-log-2011-09-28 (09-41-53).txt

Scan type: Full scan (C:\|)

Objects scanned: 254182

Time elapsed: 1 hour(s), 44 minute(s), 26 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

00:06:21 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

00:06:24 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

00:06:30 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

00:08:20 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

00:08:23 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

00:08:29 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

00:10:20 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

00:10:23 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

00:10:29 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

00:55:45 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

00:55:48 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

00:55:54 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

00:57:44 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

00:57:47 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

00:57:53 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

00:59:44 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

00:59:47 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

00:59:53 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

02:01:10 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

02:01:13 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

02:01:19 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

02:03:09 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

02:03:12 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

02:03:18 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

02:05:09 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

02:05:12 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

02:05:18 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

02:57:12 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

02:57:14 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

02:57:20 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

02:59:10 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

02:59:13 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

02:59:19 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

03:01:10 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

03:01:13 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

03:01:19 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

03:45:49 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

03:45:52 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

03:45:58 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

03:47:48 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

03:47:51 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

03:47:57 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

03:49:48 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

03:49:51 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

03:49:57 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

04:33:52 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

04:33:54 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

04:34:01 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

04:35:51 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

04:35:54 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

04:36:00 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

04:37:51 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

04:37:54 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

04:37:59 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

05:48:36 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

05:48:39 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

05:48:45 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

05:50:34 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

05:50:37 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

05:50:43 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

05:52:34 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

05:52:37 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

05:52:43 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

06:10:10 dan IP-BLOCK 208.73.210.29 (Type: outgoing)

06:10:10 dan IP-BLOCK 208.73.210.29 (Type: outgoing)

06:10:13 dan IP-BLOCK 208.73.210.29 (Type: outgoing)

06:10:13 dan IP-BLOCK 208.73.210.29 (Type: outgoing)

06:10:19 dan IP-BLOCK 208.73.210.29 (Type: outgoing)

06:10:19 dan IP-BLOCK 208.73.210.29 (Type: outgoing)

06:16:57 dan IP-BLOCK 206.161.121.100 (Type: outgoing)

06:16:58 dan IP-BLOCK 206.161.121.100 (Type: outgoing)

06:16:59 dan IP-BLOCK 206.161.121.100 (Type: outgoing)

06:16:59 dan IP-BLOCK 206.161.121.100 (Type: outgoing)

06:17:00 dan IP-BLOCK 206.161.121.100 (Type: outgoing)

06:17:01 dan IP-BLOCK 206.161.121.100 (Type: outgoing)

06:17:02 dan IP-BLOCK 206.161.121.100 (Type: outgoing)

06:17:02 dan IP-BLOCK 206.161.121.100 (Type: outgoing)

06:17:07 dan IP-BLOCK 206.161.121.100 (Type: outgoing)

06:17:07 dan IP-BLOCK 206.161.121.100 (Type: outgoing)

06:17:08 dan IP-BLOCK 206.161.121.100 (Type: outgoing)

06:17:08 dan IP-BLOCK 206.161.121.100 (Type: outgoing)

06:33:22 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

06:33:25 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

06:33:31 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

06:35:21 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

06:35:24 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

06:35:30 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

06:37:21 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

06:37:24 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

06:37:30 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

07:18:07 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

07:18:10 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

07:18:16 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

07:20:06 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

07:20:09 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

07:20:15 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

07:22:06 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

07:22:09 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

07:22:15 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

07:37:09 dan IP-BLOCK 206.161.121.100 (Type: outgoing)

07:37:09 dan IP-BLOCK 206.161.121.100 (Type: outgoing)

07:37:12 dan IP-BLOCK 206.161.121.100 (Type: outgoing)

07:37:12 dan IP-BLOCK 206.161.121.100 (Type: outgoing)

07:37:18 dan IP-BLOCK 206.161.121.100 (Type: outgoing)

07:37:18 dan IP-BLOCK 206.161.121.100 (Type: outgoing)

08:02:54 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

08:02:57 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

08:03:03 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

08:04:53 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

08:04:56 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

08:05:02 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

08:06:52 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

08:06:55 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

08:07:02 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

08:58:53 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

08:58:56 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

08:59:02 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

09:00:50 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

09:00:53 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

09:00:59 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

09:02:50 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

09:02:53 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

09:02:59 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

09:43:48 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

09:43:51 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

09:43:58 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

09:45:45 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

09:45:48 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

09:45:54 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

09:47:45 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

09:47:48 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

09:47:54 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

10:28:34 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

10:28:37 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

10:28:43 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

10:30:33 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

10:30:36 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

10:30:42 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

10:32:33 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

10:32:36 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

10:32:42 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

11:13:22 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

11:13:25 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

11:13:31 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

11:15:19 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

11:15:22 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

11:15:28 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

11:17:19 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

11:17:22 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

11:17:28 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

12:20:27 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

12:20:30 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

12:20:37 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

12:22:26 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

12:22:30 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

12:22:36 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

12:24:27 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

12:24:30 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

12:24:36 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

13:05:14 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

13:05:17 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

13:05:23 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

13:07:12 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

13:07:15 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

13:07:21 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

13:09:12 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

13:09:15 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

13:09:22 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

13:49:59 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

13:50:01 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

13:50:07 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

13:51:58 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

13:52:00 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

13:52:07 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

13:53:58 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

13:54:01 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

13:54:07 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

14:34:45 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

14:34:48 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

14:34:54 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

14:36:44 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

14:36:47 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

14:36:53 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

14:38:44 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

14:38:47 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

14:38:53 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

15:30:38 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

15:30:41 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

15:30:47 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

15:32:37 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

15:32:40 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

15:32:46 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

15:34:37 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

15:34:40 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

15:34:46 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

16:15:23 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

16:15:26 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

16:15:32 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

16:17:21 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

16:17:24 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

16:17:30 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

16:19:22 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

16:19:25 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

16:19:31 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

17:03:35 (null) MESSAGE Protection started successfully

17:04:07 dan MESSAGE IP Protection started successfully

17:04:42 dan MESSAGE Scheduled update executed successfully

17:04:42 dan MESSAGE IP Protection stopped

17:04:50 dan MESSAGE Database updated successfully

17:04:56 dan MESSAGE IP Protection started successfully

18:34:04 (null) MESSAGE Protection started successfully

18:34:42 dan MESSAGE IP Protection started successfully

18:51:48 (null) MESSAGE Protection started successfully

18:52:17 dan MESSAGE IP Protection started successfully

19:25:48 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

19:25:51 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

19:25:57 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

19:27:47 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

19:27:50 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

19:27:56 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

19:29:47 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

19:29:50 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

19:29:56 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

20:10:30 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

20:10:33 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

20:10:39 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

20:12:30 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

20:12:33 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

20:12:39 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

20:14:30 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

20:14:33 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

20:14:39 dan IP-BLOCK 64.120.141.163 (Type: outgoing)

attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.