Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

OUTGOING...SVCHOST EXE


  • Please log in to reply
8 replies to this topic

#1 Styck

Styck

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Carrollton,TX
  • Local time:10:05 PM

Posted 13 March 2013 - 10:05 AM

Having issues with svchostexe

 

2013/03/13 03:24:23 -0500 VIGGILANTE (null) IP-BLOCK 222.186.101.77 (Type: outgoing, Port: 49666, Process: svchost.exe)
2013/03/13 03:24:23 -0500 VIGGILANTE (null) IP-BLOCK 222.186.101.77 (Type: outgoing, Port: 49666, Process: svchost.exe)
2013/03/13 03:24:23 -0500 VIGGILANTE (null) IP-BLOCK 222.186.101.77 (Type: outgoing, Port: 49666, Process: svchost.exe)
2013/03/13 03:24:31 -0500 VIGGILANTE (null) IP-BLOCK 222.186.101.77 (Type: outgoing, Port: 49666, Process: svchost.exe)
2013/03/13 03:24:31 -0500 VIGGILANTE (null) IP-BLOCK 222.186.101.77 (Type: outgoing, Port: 49666, Process: svchost.exe)
2013/03/13 03:24:47 -0500 VIGGILANTE (null) IP-BLOCK 222.186.101.77 (Type: outgoing, Port: 49666, Process: svchost.exe)
2013/03/13 03:25:03 -0500 VIGGILANTE (null) IP-BLOCK 222.186.101.77 (Type: outgoing, Port: 49666, Process: svchost.exe)
2013/03/13 03:25:11 -0500 VIGGILANTE (null) IP-BLOCK 222.186.101.77 (Type: outgoing, Port: 49666, Process: svchost.exe)
2013/03/13 03:25:11 -0500 VIGGILANTE (null) IP-BLOCK 222.186.101.77 (Type: outgoing, Port: 49666, Process: svchost.exe)
2013/03/13 03:25:12 -0500 VIGGILANTE (null) IP-BLOCK 222.186.101.77 (Type: outgoing, Port: 49666, Process: svchost.exe)
2013/03/13 03:25:20 -0500 VIGGILANTE (null) IP-BLOCK 222.186.101.77 (Type: outgoing, Port: 49666, Process: svchost.exe)
2013/03/13 03:25:28 -0500 VIGGILANTE (null) IP-BLOCK 222.186.101.77 (Type: outgoing, Port: 49666, Process: svchost.exe)
2013/03/13 03:25:28 -0500 VIGGILANTE (null) IP-BLOCK 222.186.101.77 (Type: outgoing, Port: 49666, Process: svchost.exe)
2013/03/13 03:25:28 -0500 VIGGILANTE (null) IP-BLOCK 222.186.101.77 (Type: outgoing, Port: 49666, Process: svchost.exe)
2013/03/13 03:25:28 -0500 VIGGILANTE (null) IP-BLOCK 222.186.101.77 (Type: outgoing, Port: 49666, Process: svchost.exe)

 

Does not happen on a regular daily basis...My scan runs every morning @ 3:AM


Edited by hamluis, 13 March 2013 - 01:08 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:05 PM

Posted 13 March 2013 - 10:41 AM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    tds2.jpg

  • Check Loaded Modules  and Detect TDLFS file systemDo not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    2012081514h0118.png

  • Click Start Scan and allow the scan process to run

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue


    tds6.jpg

  • Click Reboot computer
  • Please post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.


    aswMBR1.png
  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.


    aswMBR2.png
  • Please post the contents of the log in your next reply.

NOTE:  aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan  This process may may take several hours, that is normal

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

    esetsmartinstaller_enu.png

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply.   Note:  If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log
  • ESET results


 



#3 Styck

Styck
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Carrollton,TX
  • Local time:10:05 PM

Posted 13 March 2013 - 01:46 PM

Ran both...No Threats found in either



#4 Styck

Styck
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Carrollton,TX
  • Local time:10:05 PM

Posted 13 March 2013 - 01:48 PM

Cant find aswMBR log ...but I'm looking...It also found no threats



#5 Styck

Styck
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Carrollton,TX
  • Local time:10:05 PM

Posted 13 March 2013 - 01:59 PM

Cant find aswMBR log ...but I'm looking...It also found no threats

Found it but can't seem to get it up here

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-03-13 11:38:28
-----------------------------
11:38:28.620    OS Version: Windows x64 6.1.7601 Service Pack 1
11:38:28.635    Number of processors: 2 586 0x100
11:38:28.635    ComputerName: VIGGILANTE  UserName: PhillyT65
11:38:31.896    Initialize success
11:38:45.952    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b
11:38:45.967    Disk 0 Vendor: ST310005 HP63 Size: 953869MB BusType: 11
11:38:45.983    Disk 0 MBR read successfully
11:38:45.999    Disk 0 MBR scan
11:38:45.999    Disk 0 Windows 7 default MBR code
11:38:46.014    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS           98 MB offset 2048
11:38:46.030    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       941826 MB offset 208845
11:38:46.045    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        11939 MB offset 1929070592
11:38:46.092    Disk 0 scanning C:\Windows\system32\drivers
11:38:52.098    Service scanning
11:39:00.990    Modules scanning
11:39:01.006    Disk 0 trace - called modules:
11:39:01.021    ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
11:39:01.021    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045fc060]
11:39:01.021    3 CLASSPNP.SYS[fffff8800145143f] -> nt!IofCallDriver -> [0xfffffa8004482ac0]
11:39:01.037    5 amd_xata.sys[fffff88001162d00] -> nt!IofCallDriver -> \Device\0000005b[0xfffffa800447f420]
11:39:01.037    Scan finished successfully
11:39:30.256    Disk 0 MBR has been saved successfully to "C:\Users\PhillyT65\Documents\MBR.dat"
11:39:30.630    The log file has been saved successfully to "C:\Users\PhillyT65\Documents\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-03-13 13:40:00
-----------------------------
13:40:00.270    OS Version: Windows x64 6.1.7601 Service Pack 1
13:40:00.270    Number of processors: 2 586 0x100
13:40:00.270    ComputerName: VIGGILANTE  UserName: PhillyT65
13:40:04.092    Initialze error C000010E - driver not loaded
13:40:04.389    write error "aswCmnB.dll". The process cannot access the file because it is being used by another process.
13:40:20.802    The log file has been saved successfully to "C:\Users\PhillyT65\Documents\aswMBR.txt"

Nevermind...Found out how to read directions :smash: 
 



#6 Styck

Styck
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Carrollton,TX
  • Local time:10:05 PM

Posted 14 March 2013 - 12:41 PM

Okay....I think I've run outta questions to ask here...and as a side note I've been bouncin between BLEEPIN n MBAM forums...and as far as I have seen each suggestion from either site turned up NADA...NOTHING....ZERO...

I'm not complaining...but most all the suggestions were the same...and got the same results...I do apprecitate ALL the help...and can now sleep better at night knowing have 2 EXCELLANT options if I have any questions or concerns

THANKS PEOLE...GREATLY APPRECIATED...



#7 Styck

Styck
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Carrollton,TX
  • Local time:10:05 PM

Posted 15 March 2013 - 05:30 PM

FINALLY!! Getting clean Scans from MBAM...well so far this day...time will tell...and got my wrist slapped :wacko:  for going between Bleepin n MBAM sites with questions...

BIG THANKS for all the input and advice....Any issues n " I'll be back"(insert AHNOLD voice here) :lol:


Edited by Styck, 15 March 2013 - 05:34 PM.


#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:05 PM

Posted 15 March 2013 - 05:36 PM

Sorry we do not encourage getting help from multiple forums at same time.Please stick to forum where you are currently getting help.



#9 Styck

Styck
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Carrollton,TX
  • Local time:10:05 PM

Posted 16 March 2013 - 07:19 AM

I understand...and since MBAM has locked my topic may I continue to post my issues on Bleepin






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users