Jump to content

Constantly Blocking Access to Malicious Websites - Outgoing


Recommended Posts

I am constantly getting messages from Malwarebytes' that it has "successfully blocked access to a potentially malicious website: (followed by different numbers each time such as 83.133.124.250) Type: Outgoing

I have updated and run a complete scan 3 different times over the past 2 days but it is still happening. What is going on and is there any way to get rid of the problem?

Thank you for any assistance offered.

I am very sorry. My computer started having serious issues & my son was able to shut it down and restore. However, I am still having the same problem. Realized I neglected to attach the reports to my original post so here is the updated information. Any assistance is appreciated.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Owner at 21:09:01 on 2011-12-12

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.750.336 [GMT -5:00]

.

AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Digital Media Reader\shwiconem.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\BigFix\BigFix.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uWindow Title = Internet Explorer, optimized for Bing and MSN

uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"

uInternet Settings,ProxyOverride = *.local

mSearchAssistant = hxxp://www.google.com/ie

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll

BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll

TB: Norton Internet Security: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll

TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll

TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [iS CfgWiz] c:\program files\norton internet security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"

mRun: [urlLSTCK.exe] c:\program files\norton internet security\UrlLstCk.exe

mRun: [sSC_UserPrompt] c:\program files\common files\symantec shared\security center\UsrPrmpt.exe

mRun: [sunKistEM] c:\program files\digital media reader\shwiconem.exe

mRun: [<NO NAME>]

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE

mRun: [soundMan] SOUNDMAN.EXE

mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe

mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe

mRun: [_AntiSpyware] c:\program files\mcafee\mcafee antispyware\MssCli.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRunOnce: [1] c:\windows\system32\cmd.exe /c erase "c:\docume~1\owner\locals~1\temp\acsuninstall.exe"

mRunOnce: [2] c:\windows\system32\cmd.exe /c erase "c:\docume~1\owner\locals~1\temp\AcsUninstallRes.dll"

mRunOnce: [3] c:\windows\system32\cmd.exe /c erase "c:\docume~1\owner\locals~1\temp\shfolder.dll"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\BigFix.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_02\bin\npjpi150_02.dll

IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{57BF9EF6-5595-4652-980E-6C3955F93A2D} : DhcpNameServer = 192.168.0.1

Notify: AtiExtEvent - Ati2evxx.dll

SEH: McAfee AntiSpyware Shell Extension: {f2a0229a-c4ca-4789-b606-973d24dcdd1c} - c:\program files\mcafee\mcafee antispyware\MssShell.dll

.

============= SERVICES / DRIVERS ===============

.

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-8-27 197752]

R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2004-8-27 234616]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-8-27 164984]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-10 366152]

R2 McAfeeAntiSpyware;McAfee AntiSpyware Real-Time Scanner;c:\program files\mcafee\mcafee antispyware\Msssrv.exe [2004-10-19 90112]

R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\navapsvc.exe [2004-8-30 176768]

R2 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2004-7-23 49808]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 22216]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20040811.020\NAVENG.SYS [2011-12-7 68168]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20040811.020\NAVEX15.SYS [2011-12-7 617288]

R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2004-7-23 335504]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-11 136176]

S2 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2011-12-7 249856]

S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2004-8-30 66688]

S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-8-27 78968]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-11 136176]

S3 SAVScan;SAVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2004-7-23 197864]

.

=============== Created Last 30 ================

.

2011-12-11 16:42:03 -------- d-----w- c:\documents and settings\owner\local settings\application data\Apple Computer

2011-12-11 16:41:44 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2011-12-11 16:41:44 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2011-12-11 16:40:28 -------- d-----w- c:\program files\iPod

2011-12-11 16:40:21 -------- d-----w- c:\program files\iTunes

2011-12-11 16:40:21 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2011-12-11 16:39:43 -------- d-----w- c:\documents and settings\owner\local settings\application data\Apple

2011-12-11 16:38:51 -------- d-----w- c:\program files\Bonjour

2011-12-11 12:29:47 -------- d-----w- c:\documents and settings\owner\local settings\application data\Adobe

2011-12-10 23:18:23 -------- d-----w- c:\program files\uTorrent

2011-12-10 23:17:50 -------- d-----w- c:\documents and settings\owner\application data\uTorrent

2011-12-10 14:20:22 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes

2011-12-10 14:20:14 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-12-10 14:20:10 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-10 14:20:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-09 23:18:10 -------- d-----w- c:\windows\system32\CatRoot_bak

2011-12-09 01:46:46 -------- d-sh--w- c:\documents and settings\owner\PrivacIE

2011-12-09 01:45:16 -------- d-sh--w- c:\documents and settings\owner\IETldCache

2011-12-09 01:41:47 -------- d-----w- c:\windows\ie8updates

2011-12-09 01:39:55 -------- dc-h--w- c:\windows\ie8

2011-12-09 01:39:30 -------- d--h--w- c:\windows\msdownld.tmp

2011-12-09 01:36:58 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2011-12-09 01:36:58 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2011-12-09 01:36:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2011-12-09 01:36:56 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2011-12-09 01:36:56 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2011-12-09 01:36:56 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2011-12-09 01:36:54 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll

2011-12-08 22:33:01 -------- d-----w- c:\windows\ServicePackFiles

2011-12-08 22:31:32 -------- d-----w- c:\program files\MSXML 4.0

2011-12-08 03:28:58 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll

2011-12-08 03:28:57 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll

2011-12-08 03:28:57 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll

2011-12-08 03:28:57 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll

2011-12-08 03:28:57 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll

2011-12-08 03:28:55 20480 ----a-w- c:\windows\system32\Marker32.exe

2011-12-08 03:28:53 471300 ----a-w- c:\windows\wallpe.exe

2011-12-08 03:27:36 -------- d-----w- c:\windows\system32\ReinstallBackups

2011-12-08 03:27:29 25840 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll

2011-12-08 03:27:29 24816 ----a-w- c:\windows\system32\mdimon.dll

2011-12-08 03:27:09 -------- d-----w- c:\program files\Microsoft ActiveSync

2011-12-08 03:27:01 -------- d-----w- c:\windows\SHELLNEW

2011-12-08 03:26:11 18000 ----a-w- c:\windows\BigFixClientOverride.dll

2011-12-08 03:26:11 -------- d-----w- c:\program files\BigFix

2011-12-08 03:26:03 57344 ----a-w- c:\windows\system32\NeroBurnRights.cpl

2011-12-08 03:26:03 53248 ----a-w- c:\windows\system32\NeroCo.dll

2011-12-08 03:26:03 1658880 ------w- c:\windows\UNNeroBurnRights.exe

2011-12-08 03:25:44 106496 ----a-w- c:\windows\system32\TwnLib20.dll

2011-12-08 03:25:42 569344 ----a-w- c:\windows\system32\imagr5.dll

2011-12-08 03:25:42 544768 ----a-w- c:\windows\system32\imagx5.dll

2011-12-08 03:25:42 38912 ----a-w- c:\windows\system32\picn20.dll

2011-12-08 03:25:42 283920 ----a-w- c:\windows\system32\ImagXpr5.dll

2011-12-08 03:25:42 155648 ----a-w- c:\windows\system32\NeroCheck.exe

2011-12-08 03:22:20 -------- d-----w- c:\windows\system32\QuickTime

2011-12-08 03:21:47 -------- d-----w- c:\program files\common files\aolshare

2011-12-08 03:11:19 -------- d-----w- c:\program files\Norton Internet Security

2011-12-08 03:10:12 83168 ----a-w- c:\windows\system32\S32EVNT1.DLL

2011-12-08 03:10:12 104144 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-12-08 03:10:11 -------- d-----w- c:\program files\Symantec

2011-12-08 03:10:09 -------- d-----w- c:\documents and settings\all users\application data\Symantec

2011-12-08 03:10:07 -------- d-----w- c:\program files\common files\Symantec Shared

2011-12-08 03:08:03 -------- d-----w- c:\program files\common files\New Boundary

2011-12-08 03:08:03 -------- d-----w- c:\documents and settings\all users\application data\Prism Deploy

2011-12-08 03:05:08 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

2011-12-08 03:05:03 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys

2011-12-08 03:05:03 24960 ----a-w- c:\windows\system32\drivers\hidparse.sys

2011-12-08 03:05:02 36224 ----a-w- c:\windows\system32\drivers\hidclass.sys

2011-12-08 02:02:06 -------- d-----w- c:\windows\creator

2011-12-08 02:02:00 86016 ----a-w- c:\windows\system32\mdmxsdk.dll

2011-12-08 02:02:00 70144 ----a-w- c:\windows\system32\drivers\Rtlnicxp.sys

2011-12-08 02:02:00 13059 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys

2011-12-08 01:59:48 -------- dcsh--r- c:\windows\system32\dllcache

2011-12-08 01:47:33 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2011-12-08 01:47:33 272128 ------w- c:\windows\system32\drivers\bthport.sys

2011-12-08 01:47:32 352640 -c----w- c:\windows\system32\dllcache\srv.sys

2011-12-08 01:46:08 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll

2011-12-08 01:45:48 743936 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2011-12-08 01:43:33 202752 -c----w- c:\windows\system32\dllcache\rmcast.sys

2011-12-08 01:42:29 331776 -c----w- c:\windows\system32\dllcache\msadce.dll

2011-12-08 01:42:27 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll

2011-12-08 01:40:07 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll

2011-12-08 01:39:58 332800 -c----w- c:\windows\system32\dllcache\netapi32.dll

2011-12-08 01:36:10 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe

2011-12-08 01:34:40 -------- d-----w- c:\documents and settings\owner\local settings\application data\Google

2011-12-08 00:59:32 26144 ----a-w- c:\windows\system32\spupdsvc.exe

2011-12-08 00:59:32 -------- d-----w- c:\windows\system32\PreInstall

2011-12-08 00:53:08 221184 ----a-w- c:\windows\system32\wmpns.dll

2011-12-08 00:42:18 -------- d-----w- c:\windows\system32\SoftwareDistribution

2011-12-08 00:32:12 -------- d--h--w- c:\windows\$hf_mig$

2011-12-08 00:32:01 -------- d-----w- c:\program files\common files\McAfee

2011-12-08 00:32:00 -------- d-----w- c:\program files\McAfee

2011-12-08 00:32:00 -------- d-----w- c:\documents and settings\owner\application data\McAfee

2011-12-08 00:29:23 -------- d-----w- c:\program files\ATI Technologies

.

==================== Find3M ====================

.

2011-12-08 03:22:14 8552 ----a-w- c:\windows\system32\drivers\asctrm.sys

2011-12-08 03:22:12 24576 ----a-w- c:\windows\system32\prefscpl.cpl

2011-09-29 19:20:38 164144 ----a-w- c:\windows\system32\COMCT232.OCX

2011-09-29 19:20:34 484352 ----a-w- c:\windows\system32\lame_enc.dll

2011-09-29 19:20:32 479232 ----a-w- c:\windows\system32\AudioVisu.dll

2011-09-29 19:20:32 458752 ----a-w- c:\windows\system32\AudPlayer.dll

2011-09-29 19:20:32 454656 ----a-w- c:\windows\system32\AudioRecord.dll

2011-09-29 19:20:32 417792 ----a-w- c:\windows\system32\AudDisplay.dll

2011-09-29 19:20:32 348160 ----a-w- c:\windows\system32\WMAFile.dll

2011-09-29 19:20:32 2084864 ----a-w- c:\windows\system32\AudDesign.dll

2011-09-29 19:20:32 1986560 ----a-w- c:\windows\system32\AudFile.dll

2011-09-29 19:20:32 1212416 ----a-w- c:\windows\system32\AudioInfos.dll

.

============= FINISH: 21:09:37.42 ===============

attach.zip

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Hi and welcome to Malwarebytes.

Please see:

HijackThis Forum Policy

We will not assist users that are obviously using illegal software.

If any such evidence is found you will be given the benefit of the doubt and the opportunity to completely uninstall and delete any such data from your system.

During the scanning process if any further evidence shows up your topic will be closed and no further assistance will be provided.

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

It's likely why your issue began in the first place.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.