Jump to content

MB blocking multiple outgoing ip's, scans turn up nothing.


Recommended Posts

Attach has the GMER log and the MBam logs with the protection logs included. There is no other symptom other than the MBam blocking the outgoing requests, not being generated by me.

I will of course provide any other info I can.

thank you in advance for any help or info.

.

DDS (Ver_2011-06-12.02) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25

Run by Gea Phatikins at 22:59:13 on 2011-06-17

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2467 [GMT -5:00]

.

AV: Sunbelt VIPRE *Enabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}

FW: Sunbelt VIPRE *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\xampp\xampp\apache\bin\httpd.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\xampp\xampp\mysql\bin\mysqld.exe

C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe

C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe

C:\WINDOWS\System32\snmp.exe

C:\xampp\xampp\apache\bin\httpd.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MagicDisc\MagicDisc.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Gea Phatikins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Gea Phatikins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Gea Phatikins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Gea Phatikins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Gea Phatikins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Gea Phatikins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Gea Phatikins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Gea Phatikins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Gea Phatikins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [sBAMTray] "c:\program files\sunbelt software\vipre\SBAMTray.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

StartupFolder: c:\docume~1\geapha~1\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.11.1

TCP: Interfaces\{0FA4177B-4B28-4B75-8F4C-A3AC70372667} : DhcpNameServer = 192.168.10.1

TCP: Interfaces\{9E291EC8-CB9E-4AEA-AB18-FD09D056FA9F} : DhcpNameServer = 192.168.11.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL

Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\gea phatikins\application data\mozilla\firefox\profiles\3x61hhb3.default\

FF - plugin: c:\documents and settings\gea phatikins\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.51204.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPRiff.dll

.

============= SERVICES / DRIVERS ===============

.

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2010-9-3 21592]

R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2010-7-14 332248]

R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2010-8-30 212568]

R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2011-3-18 160560]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2011-3-18 44784]

R2 Apache2.2;Apache2.2;c:\xampp\xampp\apache\bin\httpd.exe [2011-1-21 29416]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-6-21 366640]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]

R2 SBAMSvc;VIPRE Antivirus Premium;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2011-5-11 2804280]

R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-9-3 74968]

R2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\vipre\SBPIMSvc.exe [2011-5-11 181584]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-6-21 22712]

R3 RecFltr;Reclusa Keyboard;c:\windows\system32\drivers\RecFltr.sys [2009-4-16 41984]

R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2010-7-14 69208]

R3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-4-29 101720]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2011-2-17 111152]

R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2011-2-17 122032]

S0 tclondrv;tclondrv;c:\windows\system32\drivers\tclondrv.sys --> c:\windows\system32\drivers\tclondrv.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 ControlTransferDriver;AudioBox USB Control Transfer;c:\windows\system32\drivers\PreSonusUSB_xfer.sys [2009-11-1 28576]

S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2009-4-12 24944]

S3 MsDepSvc;Web Deployment Agent Service;c:\program files\iis\microsoft web deploy\MsDepSvc.exe [2010-11-5 63304]

S3 preSonusUsb;PreSonusUsb;c:\windows\system32\drivers\presonusUsb.sys [2009-11-1 49280]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2010-3-31 342784]

S3 rtl8190p;TRENDnet Wireless N PC Card/PCI Adapter Driver;c:\windows\system32\drivers\rtl8190p.sys [2009-4-16 465664]

S3 SbHips;sbhips;c:\windows\system32\drivers\sbhips.sys [2010-8-30 94040]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-06-18 03:52:38 81920 ----a-w- c:\windows\system32\Startup.cpl

2011-06-17 21:35:25 602112 ----a-w- c:\windows\system32\SET3F.tmp

2011-06-17 21:35:25 55296 ----a-w- c:\windows\system32\SET3E.tmp

2011-06-17 21:35:24 916480 ----a-w- c:\windows\system32\SET38.tmp

2011-06-17 21:35:23 1991680 ----a-w- c:\windows\system32\SET43.tmp

2011-06-17 21:35:23 1211904 ----a-w- c:\windows\system32\SET39.tmp

2011-06-17 21:35:22 5964800 ----a-w- c:\windows\system32\SET3D.tmp

2011-06-17 21:24:04 -------- d-----w- C:\MGtools

2011-06-17 18:32:00 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

2011-06-15 13:00:20 -------- d-----w- c:\documents and settings\gea phatikins\local settings\application data\Threat Expert

2011-06-14 20:55:16 767952 ----a-w- c:\windows\BDTSupport.dll0643.old

2011-06-14 20:55:15 149456 ----a-w- c:\windows\SGDetectionTool.dll0643.old

2011-06-14 20:55:14 1652688 ----a-w- c:\windows\PCTBDCore.dll0642.old

2011-06-14 20:44:56 -------- d-----w- c:\program files\common files\PC Tools

2011-06-14 20:44:55 -------- d-----w- c:\program files\Spyware Doctor

2011-06-10 04:10:12 98816 ----a-w- c:\windows\sed.exe

2011-06-10 04:10:12 518144 ----a-w- c:\windows\SWREG.exe

2011-06-10 04:10:12 256512 ----a-w- c:\windows\PEV.exe

2011-06-10 04:10:12 208896 ----a-w- c:\windows\MBR.exe

2011-06-07 16:33:43 -------- d-----w- c:\documents and settings\gea phatikins\local settings\application data\Amazon

2011-06-07 16:32:35 -------- d-----w- c:\program files\Amazon

2011-06-02 15:18:39 -------- d-----w- c:\documents and settings\gea phatikins\local settings\application data\Programs

2011-05-31 22:46:03 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-05-28 17:29:20 -------- d-----w- c:\program files\OGG to MP3 Converter

2011-05-25 01:04:49 -------- d-----w- c:\documents and settings\gea phatikins\Calibre Library

2011-05-25 01:04:45 -------- d-----w- c:\documents and settings\gea phatikins\application data\calibre

2011-05-25 01:02:25 -------- d-----w- c:\program files\Calibre2

.

==================== Find3M ====================

.

2011-05-31 22:45:45 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-05-29 14:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 14:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-11 21:55:16 42832 ----a-w- c:\windows\system32\sbbd.exe

2011-05-11 21:26:04 74968 ----a-w- c:\windows\system32\drivers\sbapifs.sys

2011-05-11 21:26:04 21592 ----a-w- c:\windows\system32\drivers\sbaphd.sys

2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 19:15:42 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-26 15:11:12 11081728 ----a-w- c:\windows\system32\SET45.tmp

2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-04-05 22:35:20 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys

2011-04-05 22:35:20 332248 ----a-w- c:\windows\system32\drivers\SbFw.sys

2011-04-05 22:35:20 212568 ----a-w- c:\windows\system32\drivers\sbtis.sys

.

============= FINISH: 22:59:51.35 ===============

Attach-2011-06-17.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

In the future, please post all logs directly into your reply instead of attaching them.

Please update MBAM, run a Quick Scan, and post its log. Also post its protection log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.