Jump to content

Malwarebytes

207.232.22.60

- - - - -
Started by SteveP25, Jul 26 2012 11:23 PM


16 replies to this topic

#1
SteveP25
Posted 26 July 2012 - 11:23 PM

    New Member

  • Members
  • Pip
  • 8 posts
I get a blank page when opening a new tab, and a Malwarebytes pop up that says blocked 207.232.22.60.

Here are my DDS and Attach reports.. I have Win7 and IE8.

Steve

Attached Files


#2
Maniac
Posted 27 July 2012 - 04:15 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,122 posts
  • Gender:Male
  • Location:Bulgaria, EU
Hello SteveP25 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Please uninstall the following application: ShopAtHome.com Toolbar


Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.


Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image


In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • aswMBR log

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#3
SteveP25
Posted 27 July 2012 - 11:53 AM

    New Member

  • Members
  • Pip
  • 8 posts
Thank you for your help. I followed the instructions. The Malwarebytes scan did not detect anything malicious. Attached are the logs.
Steve

Attached Files


#4
Maniac
Posted 27 July 2012 - 05:22 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,122 posts
  • Gender:Male
  • Location:Bulgaria, EU
Steve, read my instructions again:

Quote

Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Quote

Copy&Paste the entire report in your next reply.

Quote

On completion of the scan click save log, save it to your desktop and post in your next reply

Quote

In your next reply, post the following log files:

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#5
SteveP25
Posted 28 July 2012 - 11:58 AM

    New Member

  • Members
  • Pip
  • 8 posts
Here they are.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-27 12:47:47
-----------------------------
12:47:47.520 OS Version: Windows x64 6.1.7601 Service Pack 1
12:47:47.520 Number of processors: 2 586 0x170A
12:47:47.520 ComputerName: MAINHOMEPC UserName: Steve
12:47:49.501 Initialize success
12:48:19.090 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:48:19.090 Disk 0 Vendor: ST3320418AS CC45 Size: 305245MB BusType: 3
12:48:19.106 Disk 0 MBR read successfully
12:48:19.106 Disk 0 MBR scan
12:48:19.106 Disk 0 Windows VISTA default MBR code
12:48:19.106 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
12:48:19.106 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
12:48:19.121 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290204 MB offset 30801920
12:48:19.137 Disk 0 scanning C:\Windows\system32\drivers
12:48:27.795 Service scanning
12:48:44.222 Modules scanning
12:48:44.222 Disk 0 trace - called modules:
12:48:44.237 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
12:48:44.237 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80033e3060]
12:48:44.253 3 CLASSPNP.SYS[fffff88001b4d43f] -> nt!IofCallDriver -> [0xfffffa8002f89520]
12:48:44.253 5 ACPI.sys[fffff88000ed47a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002ee7060]
12:48:44.253 Scan finished successfully
12:49:13.784 Disk 0 MBR has been saved successfully to "C:\Users\Steve\Desktop\MBR.dat"
12:49:13.784 The log file has been saved successfully to "C:\Users\Steve\Desktop\aswMBR sp 7-27-2012.txt"






2012/07/27 00:20:28 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 56012, Process: ccsvchst.exe)
2012/07/27 00:20:28 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 56014, Process: ccsvchst.exe)
2012/07/27 00:20:28 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 56016, Process: ccsvchst.exe)
2012/07/27 00:20:28 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 56018, Process: ccsvchst.exe)
2012/07/27 00:20:28 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 56020, Process: ccsvchst.exe)
2012/07/27 00:20:28 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 56022, Process: ccsvchst.exe)
2012/07/27 00:20:28 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 56024, Process: ccsvchst.exe)
2012/07/27 00:20:28 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 56026, Process: ccsvchst.exe)
2012/07/27 00:20:28 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 56028, Process: ccsvchst.exe)
2012/07/27 00:20:28 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 56030, Process: ccsvchst.exe)
2012/07/27 00:20:28 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 56032, Process: ccsvchst.exe)
2012/07/27 00:20:28 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 56034, Process: ccsvchst.exe)
2012/07/27 10:39:26 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59457, Process: ccsvchst.exe)
2012/07/27 10:39:26 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59460, Process: ccsvchst.exe)
2012/07/27 10:39:26 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59462, Process: ccsvchst.exe)
2012/07/27 10:39:26 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59464, Process: ccsvchst.exe)
2012/07/27 10:39:26 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59466, Process: ccsvchst.exe)
2012/07/27 10:39:26 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59468, Process: ccsvchst.exe)
2012/07/27 10:39:26 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59470, Process: ccsvchst.exe)
2012/07/27 10:39:26 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59472, Process: ccsvchst.exe)
2012/07/27 10:39:26 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59474, Process: ccsvchst.exe)
2012/07/27 10:39:26 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59476, Process: ccsvchst.exe)
2012/07/27 10:39:26 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59478, Process: ccsvchst.exe)
2012/07/27 10:39:51 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59515, Process: ccsvchst.exe)
2012/07/27 10:39:51 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59517, Process: ccsvchst.exe)
2012/07/27 10:39:51 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59519, Process: ccsvchst.exe)
2012/07/27 10:39:51 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59521, Process: ccsvchst.exe)
2012/07/27 10:39:51 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59523, Process: ccsvchst.exe)
2012/07/27 10:39:51 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59525, Process: ccsvchst.exe)
2012/07/27 10:39:51 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59527, Process: ccsvchst.exe)
2012/07/27 10:39:51 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59529, Process: ccsvchst.exe)
2012/07/27 10:39:51 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 59531, Process: ccsvchst.exe)
2012/07/27 11:12:03 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49723, Process: ccsvchst.exe)
2012/07/27 11:12:03 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49726, Process: ccsvchst.exe)
2012/07/27 11:12:03 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49728, Process: ccsvchst.exe)
2012/07/27 11:12:03 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49730, Process: ccsvchst.exe)
2012/07/27 11:12:03 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49732, Process: ccsvchst.exe)
2012/07/27 11:12:03 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49734, Process: ccsvchst.exe)
2012/07/27 11:12:03 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49736, Process: ccsvchst.exe)
2012/07/27 11:12:03 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49738, Process: ccsvchst.exe)
2012/07/27 11:12:03 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49740, Process: ccsvchst.exe)
2012/07/27 11:12:03 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49742, Process: ccsvchst.exe)
2012/07/27 11:12:03 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49744, Process: ccsvchst.exe)
2012/07/27 11:12:03 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49746, Process: ccsvchst.exe)
2012/07/27 11:12:11 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49838, Process: ccsvchst.exe)
2012/07/27 11:12:11 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49840, Process: ccsvchst.exe)
2012/07/27 11:12:11 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49842, Process: ccsvchst.exe)
2012/07/27 11:12:11 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49844, Process: ccsvchst.exe)
2012/07/27 11:12:11 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49846, Process: ccsvchst.exe)
2012/07/27 11:12:11 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49848, Process: ccsvchst.exe)
2012/07/27 11:12:11 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49850, Process: ccsvchst.exe)
2012/07/27 11:12:11 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49852, Process: ccsvchst.exe)
2012/07/27 11:12:11 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49854, Process: ccsvchst.exe)
2012/07/27 11:12:11 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49856, Process: ccsvchst.exe)
2012/07/27 11:12:11 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49858, Process: ccsvchst.exe)
2012/07/27 11:12:11 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49860, Process: ccsvchst.exe)
2012/07/27 11:37:13 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53035, Process: ccsvchst.exe)
2012/07/27 11:37:13 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53038, Process: ccsvchst.exe)
2012/07/27 11:37:13 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53040, Process: ccsvchst.exe)
2012/07/27 11:37:13 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53042, Process: ccsvchst.exe)
2012/07/27 11:37:13 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53044, Process: ccsvchst.exe)
2012/07/27 11:37:13 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53046, Process: ccsvchst.exe)
2012/07/27 11:37:13 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53048, Process: ccsvchst.exe)
2012/07/27 11:37:13 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53050, Process: ccsvchst.exe)
2012/07/27 11:37:13 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53052, Process: ccsvchst.exe)
2012/07/27 11:37:13 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53054, Process: ccsvchst.exe)
2012/07/27 11:37:13 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53056, Process: ccsvchst.exe)
2012/07/27 11:37:13 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53058, Process: ccsvchst.exe)
2012/07/27 11:37:21 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53130, Process: ccsvchst.exe)
2012/07/27 11:37:21 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53132, Process: ccsvchst.exe)
2012/07/27 11:37:21 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53134, Process: ccsvchst.exe)
2012/07/27 11:37:21 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53136, Process: ccsvchst.exe)
2012/07/27 11:37:21 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53138, Process: ccsvchst.exe)
2012/07/27 11:37:21 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53140, Process: ccsvchst.exe)
2012/07/27 11:37:21 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53142, Process: ccsvchst.exe)
2012/07/27 11:37:21 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53144, Process: ccsvchst.exe)
2012/07/27 11:37:21 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53146, Process: ccsvchst.exe)
2012/07/27 11:37:21 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53148, Process: ccsvchst.exe)
2012/07/27 11:37:21 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53150, Process: ccsvchst.exe)
2012/07/27 11:37:21 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53152, Process: ccsvchst.exe)
2012/07/27 11:40:01 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53398, Process: ccsvchst.exe)
2012/07/27 11:40:01 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53401, Process: ccsvchst.exe)
2012/07/27 11:40:09 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53405, Process: ccsvchst.exe)
2012/07/27 11:40:09 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53407, Process: ccsvchst.exe)
2012/07/27 11:40:09 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53409, Process: ccsvchst.exe)
2012/07/27 11:40:09 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53411, Process: ccsvchst.exe)
2012/07/27 11:40:09 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53413, Process: ccsvchst.exe)
2012/07/27 11:40:09 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53415, Process: ccsvchst.exe)
2012/07/27 11:40:09 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53417, Process: ccsvchst.exe)
2012/07/27 11:40:09 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53419, Process: ccsvchst.exe)
2012/07/27 11:40:09 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53421, Process: ccsvchst.exe)
2012/07/27 11:40:17 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53479, Process: ccsvchst.exe)
2012/07/27 11:40:17 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53481, Process: ccsvchst.exe)
2012/07/27 11:40:17 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53483, Process: ccsvchst.exe)
2012/07/27 11:40:17 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53485, Process: ccsvchst.exe)
2012/07/27 11:40:17 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53487, Process: ccsvchst.exe)
2012/07/27 11:40:17 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53489, Process: ccsvchst.exe)
2012/07/27 11:40:17 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53491, Process: ccsvchst.exe)
2012/07/27 11:40:17 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53493, Process: ccsvchst.exe)
2012/07/27 11:40:17 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53495, Process: ccsvchst.exe)
2012/07/27 11:40:17 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53497, Process: ccsvchst.exe)
2012/07/27 11:40:17 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53499, Process: ccsvchst.exe)
2012/07/27 11:40:17 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 53501, Process: ccsvchst.exe)
2012/07/27 11:53:46 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 55512, Process: ccsvchst.exe)
2012/07/27 11:53:46 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 55514, Process: ccsvchst.exe)
2012/07/27 11:53:46 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 55516, Process: ccsvchst.exe)
2012/07/27 11:53:46 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 55518, Process: ccsvchst.exe)
2012/07/27 11:53:46 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 55520, Process: ccsvchst.exe)
2012/07/27 11:53:46 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 55522, Process: ccsvchst.exe)
2012/07/27 11:53:46 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 55524, Process: ccsvchst.exe)
2012/07/27 11:53:46 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 55526, Process: ccsvchst.exe)
2012/07/27 11:53:46 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 55528, Process: ccsvchst.exe)
2012/07/27 11:53:46 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 55530, Process: ccsvchst.exe)
2012/07/27 11:53:46 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 55532, Process: ccsvchst.exe)
2012/07/27 11:53:46 -0400 MAINHOMEPC Steve IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 55534, Process: ccsvchst.exe)
2012/07/27 12:36:32 -0400 MAINHOMEPC Steve MESSAGE Starting database refresh
2012/07/27 12:36:32 -0400 MAINHOMEPC Steve MESSAGE Stopping IP protection
2012/07/27 12:38:55 -0400 MAINHOMEPC Steve MESSAGE IP Protection stopped
2012/07/27 12:39:27 -0400 MAINHOMEPC Steve MESSAGE Database refreshed successfully
2012/07/27 12:39:27 -0400 MAINHOMEPC Steve MESSAGE Starting IP protection
2012/07/27 12:39:31 -0400 MAINHOMEPC Steve MESSAGE IP Protection started successfully

#6
Maniac
Posted 30 July 2012 - 05:25 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,122 posts
  • Gender:Male
  • Location:Bulgaria, EU
Please follow my instructions strictly. Read my instructions for step 2 again.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#7
SteveP25
Posted 31 July 2012 - 11:06 PM

    New Member

  • Members
  • Pip
  • 8 posts
  • I redid step 2 and here is the correct log. Still nothing detected.
Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.01.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Steve :: MAINHOMEPC [administrator]
Protection: Enabled
7/31/2012 11:43:52 PM
mbam-log-2012-07-31 (23-43-52).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198444
Time elapsed: 3 minute(s), 49 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-31 23:59:31
-----------------------------
23:59:31.412 OS Version: Windows x64 6.1.7601 Service Pack 1
23:59:31.412 Number of processors: 2 586 0x170A
23:59:31.412 ComputerName: MAINHOMEPC UserName: Steve
23:59:33.533 Initialize success
23:59:43.316 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:59:43.316 Disk 0 Vendor: ST3320418AS CC45 Size: 305245MB BusType: 3
23:59:43.332 Disk 0 MBR read successfully
23:59:43.332 Disk 0 MBR scan
23:59:43.332 Disk 0 Windows VISTA default MBR code
23:59:43.332 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
23:59:43.347 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
23:59:43.347 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290204 MB offset 30801920
23:59:43.378 Disk 0 scanning C:\Windows\system32\drivers
23:59:52.317 Service scanning
00:00:08.916 Modules scanning
00:00:08.916 Disk 0 trace - called modules:
00:00:08.947 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
00:00:08.947 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80033e4610]
00:00:09.462 3 CLASSPNP.SYS[fffff88001bca43f] -> nt!IofCallDriver -> [0xfffffa8002f1f9b0]
00:00:09.462 5 ACPI.sys[fffff88000f487a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002ef3680]
00:00:09.462 Scan finished successfully
00:00:35.202 Disk 0 MBR has been saved successfully to "C:\Users\Steve\Desktop\Malwarebytes July 2012\7-31\MBR.dat"
00:00:35.202 The log file has been saved successfully to "C:\Users\Steve\Desktop\Malwarebytes July 2012\7-31\aswMBR 7-31-12.txt"

#8
Maniac
Posted 02 August 2012 - 03:58 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,122 posts
  • Gender:Male
  • Location:Bulgaria, EU
Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#9
SteveP25
Posted 04 August 2012 - 07:25 PM

    New Member

  • Members
  • Pip
  • 8 posts
Here is the log. It appears to have worked.

ComboFix 12-08-04.02 - Steve 08/04/2012 19:58:01.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3071.1242 [GMT -4:00]
Running from: c:\users\Steve\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))
.
.
2012-08-05 00:03 . 2012-08-05 00:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-27 18:50 . 2012-07-27 18:50 -------- d-----w- c:\program files (x86)\Pandora
2012-07-27 14:29 . 2012-07-27 14:29 -------- d-----w- c:\windows\system32\drivers\NSMx64\0203000.016
2012-07-12 07:04 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 03:33 . 2012-07-06 03:33 -------- d-----w- c:\windows\en
2012-07-06 03:28 . 2012-03-08 22:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 10:23 . 2012-05-08 00:32 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 10:23 . 2011-08-29 18:01 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 07:01 . 2010-01-16 04:32 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 17:46 . 2010-04-20 03:32 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-02 22:19 . 2012-06-21 15:08 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 15:08 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 15:08 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 15:08 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 15:08 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 15:08 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 15:08 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 15:08 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 15:08 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-15 04:01 . 2012-06-13 19:27 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-13 19:27 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-13 19:27 981504 ----a-w- c:\windows\SysWow64\wininet.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-04_21.44.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-01-09 23:33 . 2012-08-04 21:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-09 23:33 . 2012-08-04 23:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-09 23:33 . 2012-08-04 23:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-09 23:33 . 2012-08-04 21:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-08-05 00:05 . 2012-08-05 00:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-04 21:43 . 2012-08-04 21:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-05 00:05 . 2012-08-05 00:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-04 21:43 . 2012-08-04 21:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-08-05 00:04 316988 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-04 21:42 316988 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-15 98304]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"HttpWatch_RegIEPlugin"="c:\program files (x86)\HttpWatch\regieplugin.exe" [2012-06-07 2283744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-07 559616]
.
c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-24 113120]
R3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Safety Minder;c:\windows\System32\Drivers\NSMx64\0203000.016\SymRdrS.SYS [2011-11-17 218232]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-26 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [2011-07-26 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-06-19 1161376]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [2011-11-29 167048]
S1 ccSet_NOF;Norton Online Settings Manager;c:\windows\system32\drivers\NOFx64\0203000.007\ccSetx64.sys [2011-11-04 167048]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120803.002\IDSvia64.sys [2012-07-04 509088]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [2012-03-29 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [2012-03-29 405624]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-15 203264]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-06-11 335888]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 NOF;Norton Online;c:\program files (x86)\Norton Online\Engine\2.3.0.7\ccSvcHst.exe [2011-11-30 138248]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-06-10 138912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 10:23]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1753098322-611350664-1751214061-1001Core.job
- c:\users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-03 22:54]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1753098322-611350664-1751214061-1001UA.job
- c:\users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-03 22:54]
.
2012-08-04 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]
.
2012-08-04 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\x64\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: HttpWatch Basic - c:\program files (x86)\HttpWatch\httpwatch.dll/1351
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\xexkv5kf.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NOF]
"ImagePath"="\"c:\program files (x86)\Norton Online\Engine\2.3.0.7\ccSvcHst.exe\" /s \"NOF\" /m \"c:\program files (x86)\Norton Online\Engine\2.3.0.7\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.22\tampmon.exe
.
**************************************************************************
.
Completion time: 2012-08-04 20:11:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-05 00:11
ComboFix2.txt 2012-08-04 21:50
.
Pre-Run: 152,291,717,120 bytes free
Post-Run: 152,203,296,768 bytes free
.
- - End Of File - - 01D527F740AF61893A23D323E4BCBAD6

#10
Maniac
Posted 05 August 2012 - 05:32 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,122 posts
  • Gender:Male
  • Location:Bulgaria, EU
You mean that your blocking IPs are gone?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#11
SteveP25
Posted 05 August 2012 - 10:54 AM

    New Member

  • Members
  • Pip
  • 8 posts
That seems to be correct. I no longer get a blank page when opening a new tab, nor do i get the Malwarebytes pop up that says blocked 207.232.22.60.

#12
Maniac
Posted 05 August 2012 - 03:17 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,122 posts
  • Gender:Male
  • Location:Bulgaria, EU
Good! :)

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#13
SteveP25
Posted 12 August 2012 - 10:00 AM

    New Member

  • Members
  • Pip
  • 8 posts
I ran the Eset Scan. It did find three bugs.

The only log file i could find in the EsetOnline Scanner folder was this.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

However, here are the three items found and cleaned.

C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll
a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll
probably a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined

#14
Maniac
Posted 12 August 2012 - 10:16 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,122 posts
  • Gender:Male
  • Location:Bulgaria, EU
Please locate and manually delete this folder:
C:\Program Files (x86)\Windows iLivid Toolbar

Then let me know how is your system.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#15
SteveP25
Posted 12 August 2012 - 11:43 AM

    New Member

  • Members
  • Pip
  • 8 posts
Found and deleted the iLivid folder.

Seems to be better. I had been experiencing the "Internet Explorer Cannot Display this page" error a lot. After deleting the folder, I got it once for my Google homepage, but it was after i deleted history and rebooted,

#16
Maniac
Posted 12 August 2012 - 03:04 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,122 posts
  • Gender:Male
  • Location:Bulgaria, EU
Glad I could help! :)

Please uninstall ComboFix:
www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstall

Next, manually delete DDS and aswMBR. Next, uninstall ESET Online Scanner.

Some malware prevention tips:
http://forums.malwar...howtopic=104379


Safe surfing! :)
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#17
Maurice Naggar
Posted 14 August 2012 - 07:36 AM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,229 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention
Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
~Maurice Naggar

I close my threads if there is 5 days without a response.
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us