Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus Soft and Browser Redirect Problems.


  • This topic is locked This topic is locked
3 replies to this topic

#1 GeorgeOhio

GeorgeOhio

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 27 May 2010 - 10:39 PM

Windows XP

Last night Antivirus Soft Demo popped up and would not let me close it, open task manager or anything else. I was able to start up in safemode with networking and updated and ran malwarebytes. It looked like it took care of the problem. This morning I am having issues with IE redirecting to ad sites. Anytime I do a google search and click on a link it directed me to asklots and then another site. I updated and ran SuperAntiSpyware and it seemed to fix the problem for a bit. Now any google link I click on redirects me to various other ad sites, no one in particular. Here are the DDS and GMER logs. Any help is very much appreciated. Thank you in advance.

On a different note....when I tried to post this from the pc that is giving me the problem it wouldn't go through....just said it couldn't connect to the website. It also would not allow me to email the files to myself using my gmail account...said it could not send because of a server issue. So I had to save them to a flash drive and uploaded them here on another computer. That worked just fine.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 22:51:25.46 on Thu 05/27/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.254 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\Virus-Spyware\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.att.net/
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\progra~1\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238873996468
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6DE617B8-49C0-40F8-8118-D2C3741F1C28} - hxxp://medialaxj.rapmls.com/tools/MlsToTrusted/rapmls/SetTrustedSitesControl.dll
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\vqsnve5c.default\
FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2009-4-8 11264]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-5-27 304464]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-5-27 20952]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-13 135664]
S3 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\nero 7\incd\nbhregincdsrv.exe --> c:\program files\nero\nero 7\incd\NBHRegInCDSrv.exe [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
S4 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-4-4 425080]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-4-9 24652]

=============== Created Last 30 ================

2010-05-27 21:05:47 0 d-----w- c:\program files\ESET
2010-05-27 20:39:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-27 20:39:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-27 20:39:01 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-27 20:35:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-05-27 20:35:46 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-27 17:12:39 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-05-27 17:03:36 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-05-27 17:02:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-05-27 17:02:51 0 d-----w- c:\program files\Hitman Pro 3.5
2010-05-15 19:52:01 92903 ----a-w- c:\windows\Scan to PDF Uninstaller.exe
2010-05-15 19:51:57 0 d-----w- c:\program files\Scan to PDF
2010-04-28 20:50:05 102032 ------w- c:\windows\hpoins04.dat.temp
2010-04-28 20:50:04 17218 ------w- c:\windows\hpomdl04.dat.temp

==================== Find3M ====================

2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-06-11 14:19:47 28752673 ----a-w- c:\program files\SUPERsetup.exe
2009-06-11 13:43:35 21935408 ----a-w- c:\program files\QuickTimeInstaller.exe
2009-04-22 17:07:33 14225 ----a-w- c:\program files\Photoshop_7-_=Demonoid.com=__387010.6838.torrent
2009-04-16 13:26:09 13045 ----a-w- c:\program files\SONY_ACID_PRO_7_0A_KEYGEN-_=Demonoid.com=__387010.6838.torrent
2009-04-15 22:00:22 10427392 ----a-w- c:\program files\R80999.exe
2009-04-14 14:11:12 18214 ----a-w- c:\program files\Waves_L3_16_VST_RTAS_v1_0_AiR__o-Demonoid.com-o.torrent
2009-04-14 13:12:46 14283 ----a-w- c:\program files\+-Demonoid.com-+_Waves_Diamond_Bundle_L3_v5_2_DX_VST_RTAS_[piratox].torrent
2009-04-14 02:16:13 16409960 ----a-w- c:\program files\spybotsd162.exe
2009-04-13 21:20:00 14727 ----a-w- c:\program files\IZotope_RX_Advanced_[v1_0_8_466]_Standalone_VST_RTAS[h33t][Dave3737]-((Demonoid.com)).torrent
2009-04-13 02:30:27 12283182 ----a-w- c:\program files\iZotope_Vinyl_Setup.exe
2009-04-12 13:18:58 842672 ----a-w- c:\program files\slsk156c.exe
2009-04-09 02:34:19 7518920 ----a-w- c:\program files\Firefox Setup 3.0.8.exe
2009-04-08 19:07:56 270128 ----a-w- c:\program files\utorrent.exe
2009-04-08 19:03:54 1234120 ----a-w- c:\program files\wrar380.exe
2009-04-08 18:56:10 201472 ----a-w- c:\program files\GoogleToolbarInstaller_download_signed.exe
2004-06-22 08:33:18 101964 ----a-w- c:\program files\autorun.inf
2004-06-22 08:20:38 5529 ----a-w- c:\program files\hpoprl01.dat
2004-06-22 08:20:34 17218 ----a-w- c:\program files\hpomdl04.dat
2004-06-22 04:06:28 399 ----a-w- c:\program files\hpzprl01.dat
2004-05-12 02:03:52 314 ----a-w- c:\program files\hpqprl01.dat
2004-04-28 18:35:50 66431 ----a-w- c:\program files\hpoprl04.dat
2004-04-26 13:12:24 53670 ----a-w- c:\program files\hposcu08.cat
2004-04-26 13:12:22 51467 ----a-w- c:\program files\hpzist12.cat
2004-04-26 13:12:16 52349 ----a-w- c:\program files\hpzius13.cat
2004-04-26 13:12:16 447400 ----a-w- c:\program files\hpoprn08.cat
2004-04-26 13:12:14 52349 ----a-w- c:\program files\HPZius12.cat
2004-04-26 13:12:14 51467 ----a-w- c:\program files\hpzist13.cat
2004-04-26 13:12:14 51467 ----a-w- c:\program files\hpzipr13.cat
2004-04-26 13:12:12 51467 ----a-w- c:\program files\HPZipr12.cat
2004-04-26 13:12:12 51467 ----a-w- c:\program files\hpzid413.cat
2004-04-26 13:12:12 51467 ----a-w- c:\program files\HPZid412.cat
2004-04-26 13:12:12 51026 ----a-w- c:\program files\HPOunp08.cat
2004-04-16 14:14:50 2542 ----a-w- c:\program files\hpoprl02.dat
2004-04-13 12:26:18 19578 ----a-w- c:\program files\hpoprl03.dat
2004-04-12 08:44:40 94438 ----a-w- c:\program files\hposcu08.inf
2004-04-08 08:08:38 65420 ----a-w- c:\program files\hpoprl05.dat
2004-04-07 11:39:40 176128 ----a-w- c:\program files\hpzscr10.dll
2004-04-07 11:39:36 200704 ----a-w- c:\program files\hpzpnp10.dll
2004-04-07 11:37:14 270336 ----a-w- c:\program files\hpzglu10.exe
2004-04-07 11:23:52 137124 ----a-w- c:\program files\hpoprn08.inf
2004-03-22 09:55:32 14815 ----a-w- c:\program files\hpzius13.inf
2004-03-22 09:55:28 4132 ----a-w- c:\program files\hpzist13.inf
2004-03-22 09:55:24 9777 ----a-w- c:\program files\hpzipr13.inf
2004-03-22 09:55:20 22636 ----a-w- c:\program files\hpzid413.inf
2004-03-14 07:46:38 22608 ----a-w- c:\program files\usbprint.sys
2004-03-14 07:46:38 20168 ----a-w- c:\program files\hpzius12.inf
2004-03-14 07:46:36 5538 ----a-w- c:\program files\hpzist12.inf
2004-03-14 07:46:36 12922 ----a-w- c:\program files\hpzipr12.inf
2004-03-14 07:46:34 50615 ----a-w- c:\program files\hpzid412.inf
2004-03-14 07:46:32 6704 ----a-w- c:\program files\hpounp08.inf
2004-03-14 07:46:20 1391 ----a-w- c:\program files\readme.txt
2004-03-14 07:34:18 12288 ----a-w- c:\program files\usbmon.dll
2004-03-14 07:34:16 70656 ----a-w- c:\program files\msvcirt.dll
2004-03-14 07:34:16 254005 ----a-w- c:\program files\msvcrt.dll
2004-03-14 07:34:14 49212 ----a-w- c:\program files\hpzjvp01.dll
2004-03-14 07:34:12 442425 ----a-w- c:\program files\hpzjpp01.dll
2004-03-14 07:34:12 290873 ----a-w- c:\program files\hpzjut01.dll
2004-03-14 07:34:12 28722 ----a-w- c:\program files\hpzjlog.dll
2004-03-14 07:34:10 270336 ----a-w- c:\program files\hpzc3212.dll
2003-11-07 22:05:48 205 ----a-w- c:\program files\hpzprl02.dat
2003-09-16 05:19:48 99544 ----a-w- c:\windows\inf\virprn.exe
2003-09-16 05:19:48 18950 ----a-w- c:\windows\inf\virpntd.dll
2003-09-16 05:19:48 10240 ----a-w- c:\windows\inf\virport.dll
2003-09-16 05:19:46 90624 ----a-w- c:\windows\inf\prtproc.dll
2003-08-22 05:57:00 52296 ----a-w- c:\program files\Adobe Photoshop v7.jpg
2002-04-19 23:15:44 61 ----a-w- c:\program files\adobe photoshop 7.0 serial.txt

============= FINISH: 22:56:21.04 ===============

I don't know if this is helpful or not, but Malwarebytes active protection is reporting a number of IP's being blocked from accessing my machine. Here is today's protection log so far.

07:57:26 (null) MESSAGE Protection started successfully
07:57:30 (null) MESSAGE IP Protection started successfully
07:57:33 (null) MESSAGE IP Protection stopped
07:57:34 (null) MESSAGE IP Protection started successfully
07:58:13 (null) IP-BLOCK 94.228.209.202
07:58:16 (null) IP-BLOCK 94.228.209.202
07:58:22 (null) IP-BLOCK 94.228.209.202
07:58:43 (null) IP-BLOCK 85.12.46.159
07:58:46 (null) IP-BLOCK 85.12.46.159
07:58:52 (null) IP-BLOCK 85.12.46.159
07:59:04 (null) IP-BLOCK 85.12.46.158
07:59:07 (null) IP-BLOCK 85.12.46.158
07:59:13 (null) IP-BLOCK 85.12.46.158
07:59:25 (null) IP-BLOCK 91.212.226.178
07:59:28 (null) IP-BLOCK 91.212.226.178
07:59:34 (null) IP-BLOCK 91.212.226.178
07:59:46 (null) IP-BLOCK 91.212.226.130
07:59:49 (null) IP-BLOCK 91.212.226.130
07:59:55 (null) IP-BLOCK 91.212.226.130
08:00:00 (null) IP-BLOCK 94.228.209.202
08:00:03 (null) IP-BLOCK 94.228.209.202
08:00:07 (null) IP-BLOCK 85.12.46.159
08:00:09 (null) IP-BLOCK 94.228.209.202
08:00:10 (null) IP-BLOCK 85.12.46.159
08:00:16 (null) IP-BLOCK 85.12.46.159
08:06:16 (null) MESSAGE IP Protection stopped
08:06:17 (null) MESSAGE IP Protection started successfully
08:10:20 (null) IP-BLOCK 85.12.46.159
08:10:23 (null) IP-BLOCK 85.12.46.159
08:10:29 (null) IP-BLOCK 85.12.46.159
08:10:41 (null) IP-BLOCK 85.12.46.158
08:10:44 (null) IP-BLOCK 85.12.46.158
08:10:50 (null) IP-BLOCK 85.12.46.158
08:11:02 (null) IP-BLOCK 91.212.226.178
08:11:05 (null) IP-BLOCK 91.212.226.178
08:11:11 (null) IP-BLOCK 91.212.226.178
08:11:23 (null) IP-BLOCK 91.212.226.130
08:11:26 (null) IP-BLOCK 91.212.226.130
08:11:32 (null) IP-BLOCK 91.212.226.130
08:11:44 (null) IP-BLOCK 85.12.46.159
08:11:47 (null) IP-BLOCK 85.12.46.159
08:11:53 (null) IP-BLOCK 85.12.46.159
08:12:05 (null) IP-BLOCK 85.12.46.159
08:12:08 (null) IP-BLOCK 85.12.46.159
08:12:14 (null) IP-BLOCK 85.12.46.159
08:12:26 (null) IP-BLOCK 85.12.46.158
08:12:29 (null) IP-BLOCK 85.12.46.158
08:12:35 (null) IP-BLOCK 85.12.46.158
08:12:47 (null) IP-BLOCK 91.212.226.178
08:12:50 (null) IP-BLOCK 91.212.226.178
08:12:56 (null) IP-BLOCK 91.212.226.178
08:13:08 (null) IP-BLOCK 91.212.226.130
08:13:11 (null) IP-BLOCK 91.212.226.130
08:13:17 (null) IP-BLOCK 91.212.226.130
08:13:29 (null) IP-BLOCK 85.12.46.159
08:13:32 (null) IP-BLOCK 85.12.46.159
08:13:38 (null) IP-BLOCK 85.12.46.159
08:16:04 (null) IP-BLOCK 85.12.46.159
08:16:07 (null) IP-BLOCK 85.12.46.159
08:16:13 (null) IP-BLOCK 85.12.46.159
08:16:25 (null) IP-BLOCK 85.12.46.158
08:16:28 (null) IP-BLOCK 85.12.46.158
08:16:34 (null) IP-BLOCK 85.12.46.158
08:16:46 (null) IP-BLOCK 91.212.226.178
08:16:49 (null) IP-BLOCK 91.212.226.178
08:16:55 (null) IP-BLOCK 91.212.226.178
08:17:07 (null) IP-BLOCK 91.212.226.130
08:17:10 (null) IP-BLOCK 91.212.226.130
08:17:16 (null) IP-BLOCK 91.212.226.130
08:17:28 (null) IP-BLOCK 85.12.46.159
08:17:31 (null) IP-BLOCK 85.12.46.159
08:17:37 (null) IP-BLOCK 85.12.46.159
08:22:11 (null) IP-BLOCK 94.228.209.200
08:22:14 (null) IP-BLOCK 94.228.209.200
08:22:20 (null) IP-BLOCK 94.228.209.200
08:24:29 (null) IP-BLOCK 85.12.46.159
08:24:32 (null) IP-BLOCK 85.12.46.159
08:24:38 (null) IP-BLOCK 85.12.46.159
08:24:50 (null) IP-BLOCK 85.12.46.158
08:24:53 (null) IP-BLOCK 85.12.46.158
08:24:59 (null) IP-BLOCK 85.12.46.158
08:25:11 (null) IP-BLOCK 91.212.226.178
08:25:14 (null) IP-BLOCK 91.212.226.178
08:25:20 (null) IP-BLOCK 91.212.226.178
08:25:32 (null) IP-BLOCK 91.212.226.130
08:25:35 (null) IP-BLOCK 91.212.226.130
08:25:41 (null) IP-BLOCK 91.212.226.130
08:25:53 (null) IP-BLOCK 85.12.46.159
08:25:56 (null) IP-BLOCK 85.12.46.159
08:26:02 (null) IP-BLOCK 85.12.46.159
08:32:32 (null) IP-BLOCK 94.228.209.200
08:32:35 (null) IP-BLOCK 94.228.209.200
08:32:41 (null) IP-BLOCK 94.228.209.200
08:48:53 (null) IP-BLOCK 94.228.209.200
08:48:56 (null) IP-BLOCK 94.228.209.200
08:49:02 (null) IP-BLOCK 94.228.209.200


I apologize for bumping, I just did not know if this would be helpful to anyone trying to help me resolve this problem. Thanks.

Merged 2 posts. ~ OB

Attached Files


Edited by Orange Blossom, 28 May 2010 - 11:00 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:47 PM

Posted 29 May 2010 - 10:31 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
    1.Please do not run any other tool untill instructed to do so!
    2.Please reply to this thread, do not start another!
    3.Please tell me about any problems that have occurred during the fix.
    4.Please tell me of any other symptoms you may be having as these can help also.
    5.Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

:run combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
    It is a simple procedure that will only take a few moments of your time.


    Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log From Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:47 PM

Posted 01 June 2010 - 04:21 AM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:47 PM

Posted 04 June 2010 - 03:36 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.


With Regards,
Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users