Jump to content

Malware bytes keeps blocking several outgoing and incoming malicious IPS but no virus is detected


prathit

Recommended Posts

Malaware byte keeps giving messafe like blocked IP 206.161.121.100 etc.

Here is the DDS log.Attach.txt.

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 6/24/2010 4:20:03 PM

System Uptime: 12/14/2011 10:30:06 AM (0 hours ago)

Processor: Intel® Pentium® 4 CPU 1.80GHz | | 1800/mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 88 GiB total, 71.926 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 61 GiB total, 32.096 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP178: 9/15/2011 3:31:56 PM - Software Distribution Service 3.0

RP179: 9/17/2011 4:55:16 PM - System Checkpoint

RP180: 9/18/2011 6:01:32 PM - System Checkpoint

RP181: 9/20/2011 8:13:28 PM - System Checkpoint

RP182: 9/22/2011 2:07:25 PM - System Checkpoint

RP183: 9/23/2011 4:15:50 PM - System Checkpoint

RP184: 9/24/2011 5:32:26 PM - System Checkpoint

RP185: 9/25/2011 10:10:49 PM - System Checkpoint

RP186: 9/27/2011 2:35:44 PM - System Checkpoint

RP187: 9/28/2011 8:46:58 PM - System Checkpoint

RP188: 9/29/2011 9:00:47 AM - Software Distribution Service 3.0

RP189: 9/30/2011 1:23:32 PM - System Checkpoint

RP190: 10/2/2011 11:44:03 AM - System Checkpoint

RP191: 10/3/2011 1:00:50 PM - System Checkpoint

RP192: 10/4/2011 1:39:12 PM - System Checkpoint

RP193: 10/6/2011 8:27:36 PM - System Checkpoint

RP194: 10/11/2011 11:28:02 AM - System Checkpoint

RP195: 10/12/2011 1:17:21 PM - System Checkpoint

RP196: 10/13/2011 2:22:11 PM - System Checkpoint

RP197: 10/14/2011 7:54:50 AM - Software Distribution Service 3.0

RP198: 10/15/2011 7:00:46 PM - System Checkpoint

RP199: 10/17/2011 1:33:36 PM - System Checkpoint

RP200: 10/18/2011 3:09:44 PM - System Checkpoint

RP201: 10/19/2011 3:53:27 PM - System Checkpoint

RP202: 10/21/2011 10:47:57 AM - System Checkpoint

RP203: 10/22/2011 11:32:52 AM - System Checkpoint

RP204: 10/23/2011 3:14:34 PM - System Checkpoint

RP205: 10/26/2011 1:25:19 PM - System Checkpoint

RP206: 10/29/2011 6:18:15 PM - System Checkpoint

RP207: 10/30/2011 5:20:25 PM - Installed Windows XP WIC.

RP208: 10/30/2011 5:24:32 PM - Installed Windows KB954550-v5.

RP209: 10/30/2011 5:24:46 PM - Printer Driver Microsoft XPS Document Writer Installed

RP210: 10/30/2011 5:27:48 PM - Installed Samsung Kies

RP211: 10/30/2011 8:23:54 PM - Printer Driver Microsoft XPS Document Writer Installed

RP212: 10/31/2011 5:10:58 PM - Software Distribution Service 3.0

RP213: 11/2/2011 11:52:58 AM - System Checkpoint

RP214: 11/3/2011 5:22:47 PM - System Checkpoint

RP215: 11/4/2011 6:13:56 PM - System Checkpoint

RP216: 11/4/2011 7:03:01 PM - Installed Windows Internet Explorer 8.

RP217: 11/4/2011 7:04:15 PM - Software Distribution Service 3.0

RP218: 11/5/2011 9:49:16 AM - Software Distribution Service 3.0

RP219: 11/6/2011 2:02:21 PM - System Checkpoint

RP220: 11/8/2011 11:10:24 AM - System Checkpoint

RP221: 11/9/2011 12:49:22 PM - System Checkpoint

RP222: 11/10/2011 10:26:04 AM - Software Distribution Service 3.0

RP223: 11/11/2011 10:41:39 AM - System Checkpoint

RP224: 11/12/2011 1:58:33 PM - System Checkpoint

RP225: 11/14/2011 11:12:51 AM - System Checkpoint

RP226: 11/15/2011 12:16:03 PM - System Checkpoint

RP227: 11/17/2011 1:35:06 PM - System Checkpoint

RP228: 11/18/2011 2:33:05 PM - System Checkpoint

RP229: 11/19/2011 4:05:42 PM - System Checkpoint

RP230: 11/20/2011 5:06:50 PM - System Checkpoint

RP231: 11/22/2011 1:38:43 PM - System Checkpoint

RP232: 11/23/2011 8:39:14 AM - Software Distribution Service 3.0

RP233: 11/23/2011 9:28:57 PM - Software Distribution Service 3.0

RP234: 11/25/2011 1:35:40 PM - System Checkpoint

RP235: 11/27/2011 12:02:46 PM - System Checkpoint

RP236: 11/28/2011 1:40:11 PM - System Checkpoint

RP237: 11/29/2011 7:57:31 PM - System Checkpoint

RP238: 12/1/2011 12:41:48 PM - System Checkpoint

RP239: 12/3/2011 8:01:59 PM - System Checkpoint

RP240: 12/4/2011 9:11:59 PM - System Checkpoint

RP241: 12/5/2011 9:19:19 PM - System Checkpoint

RP242: 12/7/2011 9:29:55 PM - System Checkpoint

RP243: 12/9/2011 10:08:59 AM - System Checkpoint

RP244: 12/10/2011 10:14:23 AM - System Checkpoint

RP245: 12/11/2011 9:38:02 PM - System Checkpoint

RP246: 12/12/2011 12:03:15 AM - Removed Java 6 Update 20

RP247: 12/13/2011 7:56:26 PM - System Checkpoint

.

==== Installed Programs ======================

.

Acrobat.com

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader 9.1

Google Chrome

Google Talk Plugin

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB981793)

Intel® Extreme Graphics Driver

Malwarebytes' Anti-Malware version 1.51.2.1300

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Professional Edition 2003

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Mozilla Firefox 8.0.1 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB973686)

PC Connectivity Solution

Picasa 3

Realtek AC'97 Audio

REALTEK Gigabit and Fast Ethernet NIC Driver

Samsung Kies

SAMSUNG Mobile Composite Device Software

Samsung Mobile Modem Device Software

Samsung New PC Studio

Samsung New PC Studio USB Driver Installer

SAMSUNG SYMBIAN USB Download Driver

SAMSUNG USB Driver for Mobile Phones

SamsungConnectivityCableDriver

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958470)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971032)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB981349)

StarToken

Trojan Killer 2.1

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows XP (KB898461)

Update for Windows XP (KB925720)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update Manager

VideoLAN VLC media player 0.8.6c

WebFldrs XP

Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)

Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray

Windows Imaging Component

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

WinRAR archiver

WinZip

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

12/7/2011 8:39:03 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).

12/7/2011 8:36:14 PM, error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

12/7/2011 8:36:01 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/7/2011 8:35:40 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

12/7/2011 8:33:00 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/13/2011 7:26:09 PM, error: Service Control Manager [7023] - The Terminal Services service terminated with the following error: The specified module could not be found.

12/13/2011 7:26:09 PM, error: Service Control Manager [7001] - The Fast User Switching Compatibility service depends on the Terminal Services service which failed to start because of the following error: The specified module could not be found.

12/11/2011 8:54:20 PM, error: PlugPlayManager [12] - The device 'zlqoqxep9' (Root\LEGACY_ZLQOQXEP9\0000) disappeared from the system without first being prepared for removal.

.

==== End Of File ===========================

Here is DDS log

DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by admin at 10:37:11 on 2011-12-14

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.673 [GMT 5.5:30]

.

AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

.

============== Running Processes ===============

.

C:\windows\system32\svchost -k DcomLaunch

svchost.exe

C:\windows\system32\svchost.exe -k WudfServiceGroup

C:\windows\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\windows\system32\spoolsv.exe

svchost.exe

C:\windows\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\windows\SOUNDMAN.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\windows\system32\ctfmon.exe

C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\wuauclt.exe

C:\windows\System32\svchost.exe

"C:\windows\system32\svchost.exe"

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com

uDefault_Page_URL = hxxp://in.yahoo.com/?fr=fp-yie8

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant =

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRunOnce: [RunNarrator] Narrator.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\progra~1\yahoo!\messen~1\YPager.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

LSP: mswsock.dll

Trusted Zone: nprocure.com\mdl

DPF: {614DF026-5297-42D2-8C46-940A8213A339} - hxxps://mdl.nprocure.com/include/API/nProcureC1_Interop.CAB

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Authentication Packages = msv1_0 nwprovau

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\admin\application data\mozilla\firefox\profiles\jlffdu5d.default\

FF - prefs.js: browser.startup.homepage - www.bing.com

FF - prefs.js: network.proxy.type - 4

FF - plugin: c:\documents and settings\admin\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\admin\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\admin\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R0 Yej85;Yej85;c:\windows\system32\drivers\Yej85.sys [2011-11-27 49472]

R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-9-8 237984]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-11 366152]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-9-8 36608]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-11 22216]

S1 zlqoqxep9;zlqoqxep9.sys;c:\windows\system32\drivers\zlqoqxep9.sys --> c:\windows\system32\drivers\zlqoqxep9.sys [?]

S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-10-30 20032]

.

=============== Created Last 30 ================

.

2011-12-11 15:11:39 -------- d-----w- c:\documents and settings\admin\application data\Malwarebytes

2011-12-11 15:11:31 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-12-11 15:11:27 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-11 15:11:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-05 15:08:53 -------- d-----w- c:\program files\GridinSoft Trojan Killer

2011-11-30 05:25:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-28 05:21:18 -------- d-----w- c:\documents and settings\admin\application data\EurekaLog

2011-11-27 16:21:26 49472 ----a-w- c:\windows\system32\drivers\Yej85.sys

2011-11-23 09:17:06 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2011-11-23 09:17:05 -------- d-----w- c:\program files\common files\PC Tools

2011-11-23 09:16:54 -------- d-----w- c:\program files\PC Tools

2011-11-23 09:11:29 -------- d-----w- c:\documents and settings\all users\application data\PC Tools

2011-11-23 09:11:28 -------- d-----w- c:\documents and settings\admin\application data\TestApp

2011-11-23 03:03:11 -------- d-----w- c:\documents and settings\admin\local settings\application data\Tific

2011-11-23 03:01:59 -------- d-----w- c:\documents and settings\admin\application data\Tific

2011-11-22 16:23:28 -------- d-----w- c:\program files\Norton AntiVirus

2011-11-22 16:23:22 -------- d-----w- c:\documents and settings\all users\application data\Norton

2011-11-22 16:23:07 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller

2011-11-20 15:08:25 -------- d-sh--w- c:\documents and settings\admin\local settings\application data\a174a9d2

.

==================== Find3M ====================

.

2011-11-22 20:20:21 237984 ----a-w- c:\windows\system32\FsUsbExService.Exe

2011-11-04 13:05:44 16910192 ----a-w- c:\windows\IE8-WindowsXP-x86-MAR.exe

2011-10-17 05:41:59 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys

2011-09-16 06:25:10 4659712 ----a-w- c:\windows\system32\Redemption.dll

.

============= FINISH: 10:37:51.29 ===============

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.