Sign in to follow this  
Followers 0

Repeated Blocked IP Site

2 posts in this topic


I have MB blocking IP about every 15 minutes. It is outgoing through explorer.exe and uses a different port every time (40000 to 55000). I have run MB, SuperAntspyware and no detection or removal. I ran Combofix but had to restore afterwards because the deletions in the registry made computer unusable. I have run netstat from the command line and process explorer but am not able to ID what might be causing this. The PID appears to reference either Firefox or system idle. Im not sure what to do from here. Any help would be greatly appreciated. Thank you. I ran DSS and output below:


DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.19120

Run by Gary at 12:07:08 on 2011-12-11

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1014.240 [GMT -8:00]


AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}


============== Running Processes ===============




C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup


C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService


C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork





C:\Program Files\SUPERAntiSpyware\SASCORE.EXE


C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup



C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe





C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation


C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe







============== Pseudo HJT Report ===============


uStart Page = hxxp://

mStart Page = hxxp://

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Pazera Toolbar BHO: {1b169632-4fa6-4be0-b980-460b5bf7fd08} - c:\program files\pazera toolbar\Toolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files\common files\freecause\dca\dca-bho.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

TB: Pazera Toolbar: {093b3d46-0f87-44cf-b44b-79537f1597e5} - c:\program files\pazera toolbar\Toolbar.dll

TB: {A057A204-BACC-4D26-8398-26FADCF27386} - No File

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone:

DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://

DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - hxxp://

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://


TCP: DhcpNameServer =

TCP: Interfaces\{431A6D29-6B9E-43C3-8241-670F0B910DF0} : DhcpNameServer =

TCP: Interfaces\{F2B7E9C1-C5A0-4DCA-AD7F-E0CF0B28B900} : DhcpNameServer =

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - c:\program files\juno\bin\jmsgpph.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxdev.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL


================= FIREFOX ===================


FF - ProfilePath - c:\users\gary\appdata\roaming\mozilla\firefox\profiles\kuw5kfkc.default\

FF - prefs.js: browser.startup.homepage - hxxp://

FF - prefs.js: keyword.URL - hxxp://

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\google\update\\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll


============= SERVICES / DRIVERS ===============


R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-3-22 239168]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-3-22 338880]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-3-22 656320]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-4-12 21504]

R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2010-10-13 151552]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-3-4 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-4 22216]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2007-8-23 251904]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1c98f912cc5d55;Google Update Service (gupdate1c98f912cc5d55);c:\program files\google\update\GoogleUpdate.exe [2009-2-15 133104]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-15 133104]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]

S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]

S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache;c:\windows\\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-3-22 366840]

S4 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-3-22 1150936]


=============== Created Last 30 ================


2011-12-11 19:49:24 -------- d-----w- c:\users\gary\appdata\local\temp

2011-12-11 19:19:51 98816 ----a-w- c:\windows\sed.exe

2011-12-11 19:19:51 518144 ----a-w- c:\windows\SWREG.exe

2011-12-11 19:19:51 256000 ----a-w- c:\windows\PEV.exe

2011-12-11 19:19:51 208896 ----a-w- c:\windows\MBR.exe

2011-12-11 19:19:41 -------- d-----w- C:\ComboFix(1)

2011-12-10 19:39:20 -------- d-sh--w- C:\$RECYCLE.BIN

2011-12-10 19:11:17 -------- d-----w- C:\ComboFix

2011-12-05 00:05:23 -------- d-----w- c:\program files\Advanced Port Scanner

2011-12-04 23:12:45 -------- d-----w- c:\users\gary\appdata\roaming\

2011-12-04 23:12:14 -------- d-----w- c:\programdata\

2011-12-04 23:12:14 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-12-04 21:14:30 -------- d-----w- c:\program files\process explorer

2011-12-04 15:56:29 -------- dc-h--w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}

2011-12-04 15:55:06 -------- d-----w- c:\users\gary\appdata\local\PackageAware

2011-11-27 22:42:45 -------- d-----w- c:\users\gary\appdata\roaming\obbDD3oonG4mHsW

2011-11-27 22:42:45 -------- d-----w- c:\users\gary\appdata\roaming\cZZZqjjYC


==================== Find3M ====================


2011-10-06 02:52:09 286720 ------w- c:\windows\Setup1.exe

2011-10-06 02:52:08 73216 ----a-w- c:\windows\ST6UNST.EXE


============= FINISH: 12:09:50.43 ===============





DDS (Ver_2011-08-26.01)


Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 8/23/2007 6:37:00 PM

System Uptime: 12/11/2011 11:59:21 AM (1 hours ago)


Motherboard: Gateway | |

Processor: Intel® Pentium® Dual CPU T2310 @ 1.46GHz | uFCPGA2 | 1467/533mhz


==== Disk Partitions =========================


C: is FIXED (NTFS) - 101 GiB total, 36.494 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 3.865 GiB free.

E: is CDROM ()


==== Disabled Device Manager Items =============


==== System Restore Points ===================


RP605: 9/14/2011 8:19:55 AM - Windows Update

RP606: 9/14/2011 8:35:35 AM - Windows Update

RP607: 10/10/2011 5:55:51 AM - Windows Update

RP608: 11/20/2011 7:40:52 AM - Scheduled Checkpoint

RP609: 11/27/2011 3:41:36 PM - Scheduled Checkpoint

RP610: 11/28/2011 1:10:24 PM - Scheduled Checkpoint

RP611: 12/4/2011 9:51:07 AM - Scheduled Checkpoint

RP612: 12/10/2011 8:31:58 AM - Scheduled Checkpoint

RP613: 12/10/2011 11:53:40 AM - Restore Operation

RP614: 12/11/2011 11:53:00 AM - Restore Operation


==== Installed Programs ======================


Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 8.3.1

Advanced Port Scanner v1.3

Agere Systems HDA Modem

AOL Uninstaller (Choose which Products to Remove)

Apple Software Update

Bejeweled 2 Deluxe


Blackhawk Striker 2

Browser Address Error Redirector




CoffeeCup Ad Producer

CoffeeCup Flash FireStarter

CoffeeCup Flash Menu Builder

CoffeeCup GIF Animator

CoffeeCup HTML Editor 2008

CoffeeCup Image Mapper

CoffeeCup Photo Gallery - Registered

CoffeeCup Visual Site Designer Software

CoffeeCup Web JukeBox - Registered

CoffeeCup Web Video Player - Registered

Compatibility Pack for the 2007 Office system

DeductionPro 2007

DeductionPro 2008

Destination Component


DHTML Editing Component

Digital Photo Navigator 1.5




Eusing Free Registry Cleaner

GIMP 2.6.7

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Google Updater

GTK+ 2.10.13 runtime environment

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Imaging Device Functions 9.0

HP OCR Software 9.0

HP Photosmart Essential

HP Photosmart Essential 2.5

HP Scanjet 4800 series 9.0

HP Solution Center 9.0






Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

Java DB

Java 6 Update 13

Java SE Development Kit 6 Update 12

Java SE Development Kit 6 Update 17

Java SE Runtime Environment 6 Update 1

Juno 5.1.83


Malwarebytes' Anti-Malware version

MapWinGIS ActiveX Control

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Money Essentials

Microsoft Money Shared Libraries

Microsoft Office Professional Edition 2003

Microsoft Silverlight

Microsoft SQL Server Compact 3.5 Design Tools ENU

Microsoft SQL Server Compact 3.5 ENU

Microsoft Visual Basic 2008 Express Edition - ENU

Microsoft Visual C++ 2008 Express Edition - ENU

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ Redist - ENU

Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework

Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32

Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries

Microsoft WSE 2.0 SP3 Runtime

Motorola Driver Installation 3.7.0

Mozilla Firefox 8.0 (x86 en-US)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)


Napster Burn Engine

NetBeans IDE 6.5


Pazera Toolbar

Pdf995 (installed by TaxCut)

PdfEdit995 (installed by TaxCut)

PHAST 1.4.2

PHREEQC for Windows version 2.16

Phreeqc Interactive 2.14.3

Phreeqc Interactive 2.15.0

Pipeline Leak Rate Calculator

Power2Go 5.0



RCA easyRip

Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista

Realtek USB 2.0 Card Reader

REALTEK USB Wireless LAN Driver


Registry Cleaner 2.1

RTC Client API v1.2



Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

SigmaTel Audio


Spare Backup

Spyware Doctor with AntiVirus 8.0



Synaptics Pointing Device Driver

Tile-based game


ubCoreFlat 5.21

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

VC Runtimes MSI



Windows Installer Clean Up

Wisdom-soft Set up ScreenHunter 5.1 Free


Yahoo! Toolbar


==== Event Viewer Messages From Past Week ========


12/11/2011 12:00:30 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

12/11/2011 11:43:54 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

12/11/2011 11:36:31 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

12/11/2011 11:21:49 AM, Error: Service Control Manager [7034] - The Updater Service for StartNow Toolbar service terminated unexpectedly. It has done this 1 time(s).

12/10/2011 6:21:52 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.


==== End Of File ===========================

Share this post

Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Share this post

Link to post
Share on other sites
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.