|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
Firewall issue? Malware issue?
Ok I have an issue where I don't know what the problem is. I seemed to notice my computer was slower for some reason ever since I was assigned a new IP address by my isp. Whether that has anything to do with it I don't know to be honest. I haven't checked this security log for maybe a few years and I only changed ip a few months ago. When I check my router's security log it gives this:
Firewall log: Sun Jun 7 16:28:02 2009 1 Blocked by DoS protection 96.157.60.1 Sun Jun 7 16:28:34 2009 1 Blocked by DoS protection 96.157.60.1 Sun Jun 7 16:28:54 2009 1 Blocked by DoS protection 96.157.60.1 Sun Jun 7 16:29:01 2009 1 Blocked by DoS protection 96.157.60.1 Sun Jun 7 16:29:31 2009 1 Blocked by DoS protection 96.157.60.1 Sun Jun 7 16:30:04 2009 1 Blocked by DoS protection 96.157.60.1 Sun Jun 7 16:30:24 2009 1 Blocked by DoS protection 96.157.60.1 Sun Jun 7 16:31:01 2009 1 Blocked by DoS protection 96.157.60.1 Sun Jun 7 16:31:10 2009 1 Blocked by DoS protection 96.157.60.1 Sun Jun 7 16:31:21 2009 1 Blocked by DoS protection 96.157.60.1 Sun Jun 7 16:31:48 2009 1 Blocked by DoS protection 96.157.60.1 Sun Jun 7 16:31:58 2009 1 Blocked by DoS protection 96.157.60.1 Sun Jun 7 16:32:25 2009 1 Blocked by DoS protection 96.157.60.1 Sun Jun 7 16:32:35 2009 1 Blocked by DoS protection 96.157.60.1 Sun Jun 7 16:33:28 2009 1 Blocked by DoS protection 96.157.60.1 Sun Jun 7 16:33:56 2009 1 Blocked by DoS protection 96.157.60.1 Sun Jun 7 16:34:04 2009 1 Blocked by DoS protection 96.157.60.1 Sun Jun 7 16:35:04 2009 1 Blocked by DoS protection 96.157.60.1 Sun Jun 7 16:35:08 2009 1 Blocked by DoS protection 96.157.60.1 Sun Jun 7 16:35:30 2009 1 Blocked by DoS protection 96.157.60.1 Sun Jun 7 16:35:38 2009 1 Blocked by DoS protection 96.157.60.1 Sun Jun 7 16:36:06 2009 1 Blocked by DoS protection 96.157.60.1 Sun Jun 7 16:36:07 2009 1 Blocked by DoS protection 96.157.60.1 Sun Jun 7 16:36:09 2009 1 Blocked by DoS protection 96.157.60.1 Sun Jun 7 16:36:13 2009 1 Blocked by DoS protection 96.157.60.1 Sun Jun 7 16:36:16 2009 1 Blocked by DoS protection 96.157.60.1 Sun Jun 7 16:36:25 2009 1 Blocked by DoS protection 96.157.60.1 Sun Jun 7 16:36:47 2009 1 Blocked by DoS protection 96.157.60.1 Sun Jun 7 16:36:50 2009 1 Blocked by DoS protection 96.157.60.1 Sun Jun 7 16:36:50 2009 1 Blocked by DoS protection 96.157.60.1 Sun Jun 7 16:36:54 2009 1 Blocked by DoS protection 96.157.60.1 Sun Jun 7 16:36:55 2009 1 Blocked by DoS protection 96.157.60.1 It has that kind of spam there any time you look at it. Each one separated by just a few seconds usually. What does it mean? No one I asked knows I hope this falls into someones area of expertise. Here is my Hijackthis log:Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:18:19 PM, on 6/7/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.ex e C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AIM6\aim6.exe D:\lilith\Hide My IP 2008\SecureSrv.exe C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\MacroQuest2\MMOLoader.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY O4 - HKLM\..\Run: [igfxtray] "C:\WINDOWS\system32\igfxtray.exe" O4 - HKLM\..\Run: [igfxhkcmd] "C:\WINDOWS\system32\hkcmd.exe" O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\system32\igfxpers.exe" O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [NeroCheck] "C:\WINDOWS\system32\NeroCheck.exe" O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe" O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: TestPokerStars.com - {809132AF-89D2-4d52-AA03-AB4E35BBDC5B} - C:\Program Files\PokerStars.TEST\PokerStarsUpdate.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1238562568421 O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://chat2.j2.com/Media/Visitorchat/TLIEFlash.CAB O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{883E6E4B-35A8-4E09-9E4D-8531C7228865}: NameServer = 68.87.76.178 O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SecureSrv - Unknown owner - D:\lilith\Hide My IP 2008\SecureSrv.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.ex e -- End of file - 9256 bytes |
#2
|
||||
|
||||
Hello Dave441,
No infection showing here. That block log shows a Comcast IP address, as does your DNS settings there. You have an LSP chain filtering file showing here that is tied to a Hide My IP program. I have a feeling that ties in with why you are getting your own IP address bounces or blocks there. Might be something to ask on in the CTH Networking forum. |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Serious Issue with malware!! | KronoSfear | Malware Removal | 20 | November 3rd, 2007 03:54 PM |
MSN messenger won't connect - firewall issue | danhenshy23 | Applications | 2 | November 12th, 2005 05:47 PM |
Firewall Issue (2) one more thing | kramellivas | Internet / Browsers | 2 | November 5th, 2005 11:07 PM |
University Firewall Issue | kramellivas | Internet / Browsers | 1 | November 5th, 2005 10:14 PM |
Firewall Issue | AllSucceed | Malware Removal | 0 | August 7th, 2004 10:31 PM |
All times are GMT +1. The time now is 04:28 AM.