Jump to content

Malwarebytes blocking access to malicious sites


janussea
 Share

Recommended Posts

Thanks to malwarebytes for blocking access to malicious site from my PC. Can someone help me rid system from this pest permanently?

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Run by bcarsto at 9:42:44 on 2011-11-25

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1026 [GMT -5:00]

.

.

============== Running Processes ===============

.

C:\windows\system32\Ati2evxx.exe

C:\windows\system32\svchost -k DcomLaunch

svchost.exe

C:\windows\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\windows\System32\WLTRYSVC.EXE

C:\windows\System32\bcmwltry.exe

C:\windows\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\oracle\ora92\bin\omtsreco.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe

C:\windows\system32\Ati2evxx.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\windows\Explorer.EXE

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\windows\stsystra.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\windows\system32\ctfmon.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\windows\svcs.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\windows\system32\notepad.exe

C:\windows\system32\wuauclt.exe

C:\windows\System32\ping.exe

C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = https://vpn.hazox.com/scgi-bin/index.htm/hazox

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

{555d4d79-4bd2-4094-a395-cfc534424a05}

uRun: [Google Update] "c:\documents and settings\bcarsto\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [NWEReboot]

mRun: [seagull Drivers] ssdal_nc.exe startup

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{b0bf7057-6869-4e4b-920c-ea2a58da07f0}\Icon3E5562ED7.ico

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL

LSP: mswsock.dll

Trusted Zone: dyndns.info\emsweb

Trusted Zone: hazox.com\vpn

Trusted Zone: intuit.com\ttlc

Trusted Zone: localhost

Trusted Zone: ts4

Trusted Zone: turbotax.com

Trusted Zone: vertellus.com\mycow

DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {19DFFB5D-E30A-4E3B-8524-0AD8F4D88D32} - hxxps://vpn.hazox.com/XTunnel.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182273289609

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182273258609

DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://vpn.hazox.com/WebCacheCleaner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}

DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} - hxxp://ts3/viewer/ActiveXViewer/CRViewer.dll

DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {DBDC1CDA-B64B-49F7-9535-6317AA416E51} - hxxps://connect.vwr.com/downloads/VMware-viewclient.cab

DPF: {DD5E6739-FDD6-4542-8940-4A4B8AB5276E} - hxxps://76.116.153.195/NGVPNTunnel.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP28EP2-12243/webex/ieatgpc.cab

DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://access.us.henkel.com/dana-cached/setup/JuniperSetupSP1.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://access.us.henkel.com/dana-cached/sc/JuniperSetupClient.cab

TCP: DhcpNameServer = 68.87.64.150 68.87.75.198 0.0.0.0

TCP: Interfaces\{55998922-994C-4034-B7C9-4FFFA62E8241} : DhcpNameServer = 68.87.64.150 68.87.75.198 0.0.0.0

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\bcarsto\application data\mozilla\firefox\profiles\hjzswzir.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig|http://www.3quarksdaily.com/|http://sz0042.wc.mail.comcast.net/zimbra/mail#2

FF - plugin: c:\documents and settings\bcarsto\application data\mozilla\plugins\npatgpc.dll

FF - plugin: c:\documents and settings\bcarsto\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npstloader.dll

FF - plugin: c:\program files\sony\reader\data\bin\npebldetectmoz.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}

FF - Ext: AddThis: {3e0e7d2a-070f-4a47-b019-91fe5385ba79} - %profile%\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}

FF - Ext: XUL Cache: {1b669e51-7af0-4aec-bcfa-8414277b0396} - %profile%\extensions\{1b669e51-7af0-4aec-bcfa-8414277b0396}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

.

============= SERVICES / DRIVERS ===============

.

R1 NEOFLTR_600_12507;Juniper Networks TDI Filter Driver (NEOFLTR_600_12507);c:\windows\system32\drivers\NEOFLTR_600_12507.sys [2007-12-27 64160]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-18 366152]

R2 MSSQL$SQL2005;SQL Server (SQL2005);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2011-3-17 29261152]

R2 NetworkLog;NetworkLog;c:\windows\svcs.exe [2011-11-24 508928]

R2 wsnm;VMware View Client Service;c:\program files\vmware\vmware view\client\bin\wsnm.exe [2008-11-5 147456]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-18 22216]

R3 NGSSLDrv;VPN Tunnel NGSSLDrv Adapter;c:\windows\system32\drivers\NGSSLDrv.sys [2007-5-10 17632]

R3 SSLDrv;Virtual Passage SSLDrv Adapter;c:\windows\system32\drivers\SSLDrv.sys [2010-4-5 18656]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 Label Print;EMS Label Print;c:\hazox\emsrvr40\labelp~1\emslab~2.exe --> c:\hazox\emsrvr40\labelp~1\EMSLAB~2.EXE [?]

S3 Label;EMS Label;c:\hazox\emsrvr40\labels~1\emslab~2.exe --> c:\hazox\emsrvr40\labels~1\EMSLAB~2.EXE [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]

S3 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2011-3-17 202592]

S3 msftesql$SQL2005;SQL Server FullText Search (SQL2005);c:\program files\microsoft sql server\mssql.1\mssql\binn\msftesql.exe [2007-6-22 95592]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 ReportServer$SQL2005;SQL Server Reporting Services (SQL2005);c:\program files\microsoft sql server\mssql.2\reporting services\reportserver\bin\ReportingServicesService.exe [2011-3-17 13664]

S3 RkHit;RkHit;\??\c:\windows\system32\drivers\rkhit.sys --> c:\windows\system32\drivers\RKHit.sys [?]

S3 SQLAgent$SQL2005;SQL Server Agent (SQL2005);c:\program files\microsoft sql server\mssql.1\mssql\binn\SQLAGENT90.EXE [2008-11-24 346976]

S3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys --> c:\windows\system32\drivers\sxuptp.sys [?]

S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]

S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]

.

=============== File Associations ===============

.

.txt=TextPad.txt

.

=============== Created Last 30 ================

.

2011-11-24 15:18:23 508928 ----a-w- c:\windows\svcs.exe

2011-11-24 14:42:51 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-22 01:51:21 -------- d-----w- c:\documents and settings\all users\application data\PC Tools

2011-11-21 02:58:08 -------- d-----w- c:\documents and settings\bcarsto\application data\Tific

2011-11-21 02:57:37 -------- d-----w- c:\documents and settings\bcarsto\local settings\application data\Symantec

2011-11-20 00:22:22 -------- d-----w- c:\documents and settings\bcarsto\local settings\application data\NPE

2011-11-19 01:52:31 -------- d-----w- c:\documents and settings\bcarsto\application data\Malwarebytes

2011-11-19 01:51:31 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-11-19 01:51:28 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-19 01:51:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-19 01:07:33 -------- d-----w- c:\documents and settings\bcarsto\application data\TVrrllOBtxP0cSi

2011-11-19 01:07:33 -------- d-----w- c:\documents and settings\bcarsto\application data\tLL99hTXqjUClIr

2011-11-18 23:37:09 -------- d-----w- c:\program files\F1B49

2011-11-18 23:36:26 -------- d-----w- c:\program files\LP

2011-11-18 23:36:26 -------- d-----w- c:\documents and settings\bcarsto\application data\207F1

2011-11-18 23:36:23 -------- d-----w- c:\documents and settings\bcarsto\application data\QQQJJ6dEK8f

2011-11-18 23:36:22 -------- d-----w- c:\documents and settings\bcarsto\application data\CAA00uvS2ibFpm5

2011-11-18 23:36:16 -------- d-----w- c:\documents and settings\bcarsto\application data\neeekIIBrzOy

2011-11-18 23:36:15 -------- d-----w- c:\documents and settings\bcarsto\application data\qQQJJ6dEK8fR9hX

2011-11-15 22:57:21 -------- d-----w- c:\program files\Winmail Reader

.

==================== Find3M ====================

.

2011-11-16 13:25:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-19 13:07:16 216064 ----a-w- c:\windows\iun3405.exe

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 9:50:47.09 ===============

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.