Jump to content

idhidro

Members
  • Posts

    1
  • Joined

  • Last visited

Reputation

0 Neutral
  1. hello I have MB blocking IP 213.5.68.105 about every 15 minutes. It is outgoing through explorer.exe and uses a different port every time (40000 to 55000). I have run MB, SuperAntspyware and no detection or removal. I ran Combofix but had to restore afterwards because the deletions in the registry made computer unusable. I have run netstat from the command line and process explorer but am not able to ID what might be causing this. The PID appears to reference either Firefox or system idle. Im not sure what to do from here. Any help would be greatly appreciated. Thank you. I ran DSS and output below: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.19120 Run by Gary at 12:07:08 on 2011-12-11 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1014.240 [GMT -8:00] . AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Windows\system32\agrsmsvc.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\hkcmd.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\ehome\ehtray.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\ehome\ehmsas.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6720 BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Pazera Toolbar BHO: {1b169632-4fa6-4be0-b980-460b5bf7fd08} - c:\program files\pazera toolbar\Toolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files\common files\freecause\dca\dca-bho.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll TB: Pazera Toolbar: {093b3d46-0f87-44cf-b44b-79537f1597e5} - c:\program files\pazera toolbar\Toolbar.dll TB: {A057A204-BACC-4D26-8398-26FADCF27386} - No File uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe" mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL Trusted Zone: juno.com DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.ncnetwork.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{431A6D29-6B9E-43C3-8241-670F0B910DF0} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{F2B7E9C1-C5A0-4DCA-AD7F-E0CF0B28B900} : DhcpNameServer = 192.168.1.1 Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - c:\program files\juno\bin\jmsgpph.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxdev.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\gary\appdata\roaming\mozilla\firefox\profiles\kuw5kfkc.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20111205&q= FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll . ============= SERVICES / DRIVERS =============== . R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-3-22 239168] R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-3-22 338880] R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-3-22 656320] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-4-12 21504] R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2010-10-13 151552] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-3-4 366152] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-4 22216] R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2007-8-23 251904] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate1c98f912cc5d55;Google Update Service (gupdate1c98f912cc5d55);c:\program files\google\update\GoogleUpdate.exe [2009-2-15 133104] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-15 133104] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320] S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680] S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-3-22 366840] S4 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-3-22 1150936] . =============== Created Last 30 ================ . 2011-12-11 19:49:24 -------- d-----w- c:\users\gary\appdata\local\temp 2011-12-11 19:19:51 98816 ----a-w- c:\windows\sed.exe 2011-12-11 19:19:51 518144 ----a-w- c:\windows\SWREG.exe 2011-12-11 19:19:51 256000 ----a-w- c:\windows\PEV.exe 2011-12-11 19:19:51 208896 ----a-w- c:\windows\MBR.exe 2011-12-11 19:19:41 -------- d-----w- C:\ComboFix(1) 2011-12-10 19:39:20 -------- d-sh--w- C:\$RECYCLE.BIN 2011-12-10 19:11:17 -------- d-----w- C:\ComboFix 2011-12-05 00:05:23 -------- d-----w- c:\program files\Advanced Port Scanner 2011-12-04 23:12:45 -------- d-----w- c:\users\gary\appdata\roaming\SUPERAntiSpyware.com 2011-12-04 23:12:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2011-12-04 23:12:14 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-12-04 21:14:30 -------- d-----w- c:\program files\process explorer 2011-12-04 15:56:29 -------- dc-h--w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} 2011-12-04 15:55:06 -------- d-----w- c:\users\gary\appdata\local\PackageAware 2011-11-27 22:42:45 -------- d-----w- c:\users\gary\appdata\roaming\obbDD3oonG4mHsW 2011-11-27 22:42:45 -------- d-----w- c:\users\gary\appdata\roaming\cZZZqjjYC . ==================== Find3M ==================== . 2011-10-06 02:52:09 286720 ------w- c:\windows\Setup1.exe 2011-10-06 02:52:08 73216 ----a-w- c:\windows\ST6UNST.EXE . ============= FINISH: 12:09:50.43 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 8/23/2007 6:37:00 PM System Uptime: 12/11/2011 11:59:21 AM (1 hours ago) . Motherboard: Gateway | | Processor: Intel® Pentium® Dual CPU T2310 @ 1.46GHz | uFCPGA2 | 1467/533mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 101 GiB total, 36.494 GiB free. D: is FIXED (NTFS) - 10 GiB total, 3.865 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP605: 9/14/2011 8:19:55 AM - Windows Update RP606: 9/14/2011 8:35:35 AM - Windows Update RP607: 10/10/2011 5:55:51 AM - Windows Update RP608: 11/20/2011 7:40:52 AM - Scheduled Checkpoint RP609: 11/27/2011 3:41:36 PM - Scheduled Checkpoint RP610: 11/28/2011 1:10:24 PM - Scheduled Checkpoint RP611: 12/4/2011 9:51:07 AM - Scheduled Checkpoint RP612: 12/10/2011 8:31:58 AM - Scheduled Checkpoint RP613: 12/10/2011 11:53:40 AM - Restore Operation RP614: 12/11/2011 11:53:00 AM - Restore Operation . ==== Installed Programs ====================== . Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 8.3.1 Advanced Port Scanner v1.3 Agere Systems HDA Modem AOL Uninstaller (Choose which Products to Remove) Apple Software Update Bejeweled 2 Deluxe BigFix Blackhawk Striker 2 Browser Address Error Redirector BufferChm Cards_Calendar_OrderGift_DoMorePlugout CCleaner CoffeeCup Ad Producer CoffeeCup Flash FireStarter CoffeeCup Flash Menu Builder CoffeeCup GIF Animator CoffeeCup HTML Editor 2008 CoffeeCup Image Mapper CoffeeCup Photo Gallery - Registered CoffeeCup Visual Site Designer Software CoffeeCup Web JukeBox - Registered CoffeeCup Web Video Player - Registered Compatibility Pack for the 2007 Office system DeductionPro 2007 DeductionPro 2008 Destination Component DeviceManagementQFolder DHTML Editing Component Digital Photo Navigator 1.5 DocProc DocProcQFolder eSupportQFolder Eusing Free Registry Cleaner GIMP 2.6.7 Google Earth Google Toolbar for Internet Explorer Google Update Helper Google Updater GTK+ 2.10.13 runtime environment Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Imaging Device Functions 9.0 HP OCR Software 9.0 HP Photosmart Essential HP Photosmart Essential 2.5 HP Scanjet 4800 series 9.0 HP Solution Center 9.0 hpg4850 hpg4850QFolder HPPhotoSmartPhotobookWebPack1 HPProductAssistant IHA_MessageCenter Intel® Graphics Media Accelerator Driver Intel® Matrix Storage Manager Java DB 10.4.2.1 Java 6 Update 13 Java SE Development Kit 6 Update 12 Java SE Development Kit 6 Update 17 Java SE Runtime Environment 6 Update 1 Juno 5.1.83 LabelPrint Malwarebytes' Anti-Malware version 1.51.2.1300 MapWinGIS ActiveX Control Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Money Essentials Microsoft Money Shared Libraries Microsoft Office Professional Edition 2003 Microsoft Silverlight Microsoft SQL Server Compact 3.5 Design Tools ENU Microsoft SQL Server Compact 3.5 ENU Microsoft Visual Basic 2008 Express Edition - ENU Microsoft Visual C++ 2008 Express Edition - ENU Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ Redist - ENU Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries Microsoft WSE 2.0 SP3 Runtime Motorola Driver Installation 3.7.0 Mozilla Firefox 8.0 (x86 en-US) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Napster Napster Burn Engine NetBeans IDE 6.5 PanoStandAlone Pazera Toolbar Pdf995 (installed by TaxCut) PdfEdit995 (installed by TaxCut) PHAST 1.4.2 PHREEQC for Windows version 2.16 Phreeqc Interactive 2.14.3 Phreeqc Interactive 2.15.0 Pipeline Leak Rate Calculator Power2Go 5.0 PSSWCORE QuickTime RCA easyRip 2.5.2.0 Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista Realtek USB 2.0 Card Reader REALTEK USB Wireless LAN Driver RegClean Registry Cleaner 2.1 RTC Client API v1.2 Scan ScannerCopy Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) SigmaTel Audio SolutionCenter Spare Backup Spyware Doctor with AntiVirus 8.0 STANMOD SUPERAntiSpyware Synaptics Pointing Device Driver Tile-based game Tradewinds ubCoreFlat 5.21 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) VC Runtimes MSI VideoToolkit01 WebReg Windows Installer Clean Up Wisdom-soft Set up ScreenHunter 5.1 Free WPhast Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 12/11/2011 12:00:30 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 12/11/2011 11:43:54 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 12/11/2011 11:36:31 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 12/11/2011 11:21:49 AM, Error: Service Control Manager [7034] - The Updater Service for StartNow Toolbar service terminated unexpectedly. It has done this 1 time(s). 12/10/2011 6:21:52 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.