Sabrepower Posted March 24, 2011 ID:404163 Share Posted March 24, 2011 My malwarebytes keeps telling me that it has blocked and IP (type outgoing)..DDS (Ver_11-03-05.01) - NTFSx86 Run by Owner at 21:46:54.98 on Wed 03/23/2011Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3317.2730 [GMT -5:00].AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}.============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssc:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\WINDOWS\System32\alg.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeI:\dds.scrC:\WINDOWS\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uInternet Connection Wizard,ShellNext = iexploreuInternet Settings,ProxyOverride = <local>BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dllTB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraymRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkeyIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dllDPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cabDPF: {15B782AF-55D8-11D1-B477-006097098764} - file:///D:/awswaxd.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1300925898218DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1300927009828DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cabSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL.============= SERVICES / DRIVERS ===============.R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]R1 MpKsl969fb018;MpKsl969fb018;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{91d2774f-1dd7-4f6c-a315-317d2bfbe27d}\MpKsl969fb018.sys [2011-3-23 28752]R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]R1 xvsuciy;xvsuciy;c:\windows\system32\drivers\xvsuciy.sys [2008-4-25 314272]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-4-29 363344]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-4-29 20952]S0 ibqq;ibqq;c:\windows\system32\drivers\mshbki.sys --> c:\windows\system32\drivers\mshbki.sys [?]S0 jfgqit;jfgqit;c:\windows\system32\drivers\ggnjs.sys --> c:\windows\system32\drivers\ggnjs.sys [?]S0 ogjdil;ogjdil;c:\windows\system32\drivers\wjbq.sys --> c:\windows\system32\drivers\wjbq.sys [?]S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20091207.002\NAVENG.SYS [2009-12-7 84912]S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20091207.002\NAVEX15.SYS [2009-12-7 1323568].=============== Created Last 30 ================.2011-03-24 02:13:35 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{91d2774f-1dd7-4f6c-a315-317d2bfbe27d}\MpKsl969fb018.sys2011-03-24 01:50:52 -------- dc-h--w- c:\windows\ie82011-03-24 00:53:59 5890896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll2011-03-24 00:53:52 6792528 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{91d2774f-1dd7-4f6c-a315-317d2bfbe27d}\mpengine.dll2011-03-24 00:53:34 222080 ------w- c:\windows\system32\MpSigStub.exe2011-03-24 00:51:42 -------- d-----w- c:\program files\Microsoft Security Client2011-03-24 00:25:59 -------- d-----w- c:\docume~1\owner\applic~1\GlarySoft2011-03-23 23:51:15 18944 ----a-w- c:\windows\system32\version.dll2011-03-23 23:51:03 110080 ----a-w- c:\windows\system32\imm32.dll2011-03-12 17:28:40 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll.==================== Find3M ====================.2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll2010-12-31 13:14:45 1864064 ----a-w- c:\windows\system32\win32k.sys.============= FINISH: 21:47:09.34 ===============mbam scan came up clean. I use microosft essentials and that is clean too. Link to post Share on other sites More sharing options...
Staff screen317 Posted March 25, 2011 Staff ID:404620 Share Posted March 25, 2011 Hi and welcome to Mawlarebytes.I notice that you are using more than one antivirus program in resident mode (AVG and MSE). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE malware to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.Please update MBAM, run a Quick Scan, and post its log.Post a protection log from MBAM which shows the blocked IPs. Link to post Share on other sites More sharing options...
Staff screen317 Posted April 27, 2011 Staff ID:421880 Share Posted April 27, 2011 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts