I have avast installed on my machine and am getting some rootkit warnings from it. I allowed avast to delete these a couple of times but rootkit notices still show up sometimes.
I also noticed some malware (mebix, ishi, svsh0st, antimalware doctor etc) and deleted the respective files from file system besides removing registry entries for these. mebix was somehow being added to startup programs lists even though the file being pointed there had been deleted, but now it seems to be gone.
I have run SuperAntiSpyware and Malwarebytes malware removal on the machine lately. Malwarebytes showed some stuff in quarantine but I decided to delete those.
Current situation (OTL log attached)
-----------------
1. I am continuously getting network shield messages of blocked connections ("Threat has been detected") to or from 95.143.193.138. Any idea what could be causing it ? Is that site attacking from outside or is the connection initiated by some malware on my machine ?
2. Rootkit problem hasn't occured today but not sure if it is completely gone.
3. Some site named ...ishigo... was being accessed from my machine. The connection was being initiated by explorer. I noticed this with fiddler http debugging proxy tool.
Please check logs and inform if there's still something fishy and suggest cures.
Thanks!
Arif