Jump to content

Anti-Malware Pro blocking outgoing


Recommended Posts

I have Malwarebytes AntiMalware Pro reporting ongoing blocking of outgoing traffic.

I've scanned my system fully and while there were a couple of Trojans the other day, nothing recently. However, it seems something's still active.

Have run defogger etc as per instructions here:

http://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/

Appreciate any assistance in getting rid of this bloody malware!

Cheers from NZ.

--------------------------

Malware Logs:

07:19:49 (null) MESSAGE Protection started successfully

07:20:40 User MESSAGE IP Protection started successfully

07:26:47 User IP-BLOCK 78.108.186.234 (Type: outgoing)

07:26:49 User IP-BLOCK 78.108.186.234 (Type: outgoing)

07:26:53 User IP-BLOCK 78.108.186.234 (Type: outgoing)

13:51:30 User IP-BLOCK 208.91.207.10 (Type: outgoing)

13:51:30 User IP-BLOCK 208.91.207.10 (Type: outgoing)

13:51:33 User IP-BLOCK 208.91.207.10 (Type: outgoing)

13:51:33 User IP-BLOCK 208.91.207.10 (Type: outgoing)

13:51:39 User IP-BLOCK 208.91.207.10 (Type: outgoing)

13:51:39 User IP-BLOCK 208.91.207.10 (Type: outgoing)

16:44:06 User IP-BLOCK 222.186.190.39 (Type: outgoing)

16:44:12 User IP-BLOCK 208.73.210.29 (Type: outgoing)

16:44:15 User IP-BLOCK 208.73.210.29 (Type: outgoing)

16:44:21 User IP-BLOCK 208.73.210.29 (Type: outgoing)

16:44:38 User IP-BLOCK 208.73.210.29 (Type: outgoing)

16:44:41 User IP-BLOCK 208.73.210.29 (Type: outgoing)

16:44:47 User IP-BLOCK 208.73.210.29 (Type: outgoing)

16:45:04 User IP-BLOCK 208.73.210.29 (Type: outgoing)

16:45:07 User IP-BLOCK 208.73.210.29 (Type: outgoing)

16:45:13 User IP-BLOCK 208.73.210.29 (Type: outgoing)

16:45:30 User IP-BLOCK 208.73.210.29 (Type: outgoing)

16:45:33 User IP-BLOCK 208.73.210.29 (Type: outgoing)

16:45:39 User IP-BLOCK 208.73.210.29 (Type: outgoing)

16:45:56 User IP-BLOCK 208.73.210.29 (Type: outgoing)

16:45:59 User IP-BLOCK 208.73.210.29 (Type: outgoing)

16:46:05 User IP-BLOCK 208.73.210.29 (Type: outgoing)

(etc)

------

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6907

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

21/06/2011 8:37:08 p.m.

mbam-log-2011-06-21 (20-37-08).txt

Scan type: Full scan (C:\|D:\|M:\|)

Objects scanned: 928688

Time elapsed: 4 hour(s), 4 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\program files\now contact\_uninst.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\system volume information\_restore{ac5a6ceb-cc43-4c5d-83dd-780522fedd20}\RP1134\A0175365.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

d:\system volume information\_restore{ac5a6ceb-cc43-4c5d-83dd-780522fedd20}\RP1135\A0175582.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

------------------

dds.txt:

.

DDS (Ver_2011-06-12.02) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Run by User at 17:03:09 on 2011-06-22

Microsoft Windows XP Professional 5.1.2600.3.1252.64.1033.18.3582.1204 [GMT 12:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe

C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe

C:\Program Files\IObit\Game Booster\gbtray.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\AVG\AVG10\avgemcx.exe

C:\Program Files\AVG\AVG10\avgchsvx.exe

C:\Program Files\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\vsnpstd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\FindAndRunRobot\FindAndRunRobot.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Program Files\Mozilla Thunderbird 3\thunderbird.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\EditPlus 3\editplus.exe

C:\Program Files\BBasics1\BBasics.exe

C:\Program Files\Adobe\Adobe Photoshop CS5\Photoshop.exe

C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Program Files\AVG\AVG10\avgui.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\WinSCP\WinSCP.exe

C:\Program Files\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe

C:\Program Files\FlashGet\flashget.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\User\Desktop\Downloads\Defogger.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.nectarine.com.au/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = local;*.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Trellian BHO Impl: {24180b00-2eb6-11d7-bd6f-004854603dce} - c:\program files\trellian\toolbar\toolbar.dll

BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll

BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll

TB: Trellian &Toolbar: {71aaabe5-1f0f-11d7-bd6f-004854603dce} - c:\program files\trellian\toolbar\toolbar.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe

uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [Advanced SystemCare 4] c:\program files\iobit\advanced systemcare 4\ASCTray.exe

mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking11\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking11\Ereg.ini

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sNPSTD2] c:\windows\vsnpstd2.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\docume~1\user\startm~1\programs\startup\findan~1.lnk - c:\program files\findandrunrobot\FindAndRunRobot.exe

StartupFolder: c:\docume~1\user\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\user\startm~1\programs\startup\shortc~2.lnk - c:\program files\mozilla firefox\firefox.exe

StartupFolder: c:\docume~1\user\startm~1\programs\startup\shortc~1.lnk - c:\program files\mozilla thunderbird 3\thunderbird.exe

IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm

IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

LSP: c:\windows\system32\PrivacyProvider.dll

DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.43

TCP: Interfaces\{31E386BB-668A-4F67-BEFF-8EE3E9BBC458} : NameServer = 203.109.129.67,203.109.129.68

TCP: Interfaces\{31E386BB-668A-4F67-BEFF-8EE3E9BBC458} : DhcpNameServer = 192.168.0.43

TCP: Interfaces\{C7942EE0-A1E4-4067-80AF-BA97714305AD} : DhcpNameServer = 203.109.129.67 203.109.129.68

TCP: Interfaces\{E7C793F8-DDC7-4E52-BEC9-83A690E8F861} : NameServer = 203.109.129.67,203.109.129.68

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\hpqykvqf.default\

FF - prefs.js: browser.startup.homepage - hxxp://metservice.com/towns-cities/masterton|https://secure.macquarie.com.au/sepas/serve?TAM_OP=token_login&USERNAME=unauthenticated&ERROR_CODE=0x00000000&URL=%2Fpkmscdsso%3Fhttps%3A%2F%2Fpersonal.macquarie.com.au%2Fmyhome%2Fgeneral%2Fhome.do&HOSTNAME=secure.macquarie.com.au&PROTOCOL=https|https://secure.powershop.co.nz/|http://finance.yahoo.com/p?k=pf_1|http://www.kiwibank.co.nz/|http://www.trademe.co.nz/MyTradeMe/Buy/Watchlist.aspx?source=sidebar|http://fivemenstanding.com/forum/search.php?search_id=unanswered&sid=929f9419a9b514cd9bb06b055eaec2a1|http://www.fivemenstanding.com/|https://www.google.com/adsense/v3/app#home|https://www.google.com/calendar/render?pli=1&gsessionid=OK

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll

FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\hpqykvqf.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll

FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npo3dautoplugin.dll

FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\documents and settings\user\local settings\application data\runrev\revwebplayer\nprevweb.dll

FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.51204.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-3-21 13496]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]

R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-6-15 353168]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-6-15 821080]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-21 366640]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-21 22712]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-31 133104]

S2 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-3-10 1691480]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-31 133104]

S3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\RegFilter.sys [2011-6-15 30368]

S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\UrlFilter.sys [2011-6-15 16080]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2007-7-28 14336]

S4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-6-23 282968]

S4 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2010-7-23 296808]

S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\FileMonitor.sys [2011-6-15 239472]

S4 GEST Service;GEST Service for program management.;c:\program files\gigabyte\gest\GSvr.exe [2008-3-16 47624]

S4 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]

S4 odbcasvc;ODBC Administration Service;c:\windows\system32\odbcasvc.exe --> c:\windows\system32\odbcasvc.EXE [?]

S4 PrivacyProvider;PrivacyProvider;c:\windows\system32\PrivacyProvider.exe [2010-5-26 2740224]

S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-4-24 92008]

S4 WeOnlyDo wodAppUpdate Service;WeOnlyDo wodAppUpdate Service;c:\program files\groboto\bin\wodUpdSv.exe [2008-5-13 28144]

.

=============== Created Last 30 ================

.

2011-06-21 04:20:56 -------- d-----w- c:\documents and settings\user\application data\Malwarebytes

2011-06-21 04:19:09 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-21 04:19:08 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-06-21 04:19:05 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-21 04:19:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-21 01:02:14 -------- d-----w- c:\program files\WinSCP

2011-06-16 09:22:27 551936 -c----w- c:\windows\system32\dllcache\oleaut32.dll

2011-06-16 09:20:23 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2011-06-16 09:15:38 -------- d-----w- c:\windows\system32\winrm

2011-06-16 09:15:38 -------- d-----w- c:\windows\system32\GroupPolicy

2011-06-16 09:15:21 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2011-06-16 08:26:10 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2011-06-15 05:21:48 -------- d-----w- c:\program files\SWFObject 2 generator v1.2 AIR

2011-06-14 22:39:54 -------- d-----w- c:\documents and settings\user\application data\AVG10

2011-06-14 22:38:23 -------- d-----w- c:\windows\system32\drivers\AVG

2011-06-14 22:38:23 -------- d-----w- c:\documents and settings\all users\application data\AVG10

2011-06-14 22:18:47 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2011-06-09 01:35:04 -------- d-----w- c:\documents and settings\user\application data\Ozoc

2011-06-09 01:35:04 -------- d-----w- c:\documents and settings\user\application data\Kuoz

2011-05-27 01:18:03 -------- d-----w- c:\program files\iPod

2011-05-24 09:07:28 94208 ----a-w- c:\windows\amcap.exe

2011-05-24 09:07:27 57344 ----a-w- c:\windows\system32\rsnpstd2.dll

2011-05-24 09:07:27 -------- d-----w- c:\program files\common files\snpstd2

.

==================== Find3M ====================

.

2011-06-10 06:01:41 188416 ----a-w- C:\Adobe CS4 Master Collection Keygen.exe

2011-05-30 03:05:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-10 00:12:03 1126400 ----a-w- c:\program files\u1008.exe

2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 16:19:44 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11:12 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11:12 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37:44 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-04-14 09:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys

2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr

2011-04-06 04:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 04:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

2011-04-05 10:01:12 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-04-05 10:01:12 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-04-04 12:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2011-03-25 13:54:31 117752 ----a-w- c:\windows\system32\drivers\AnyDVD.sys

.

============= FINISH: 17:08:59.04 ===============

ark_attach.zip

Link to post
Share on other sites

I've run more MBAM scans and deleted a couple more infected files. I'm now getting no found problems (and this is with a full scan of all disks with every option checked) and yet at about 7pm NZ time, MBAM starts reporting IP blocking, as per below.

What should my next step be?

Cheers,

Minty

19:54:16 User IP-BLOCK 222.186.190.39 (Type: outgoing)

19:54:20 User IP-BLOCK 208.73.210.29 (Type: outgoing)

19:54:23 User IP-BLOCK 208.73.210.29 (Type: outgoing)

19:54:29 User IP-BLOCK 208.73.210.29 (Type: outgoing)

19:54:43 User IP-BLOCK 91.213.117.69 (Type: outgoing)

19:54:45 User IP-BLOCK 91.213.117.69 (Type: outgoing)

19:54:47 User IP-BLOCK 208.73.210.29 (Type: outgoing)

19:54:50 User IP-BLOCK 208.73.210.29 (Type: outgoing)

19:54:51 User IP-BLOCK 91.213.117.69 (Type: outgoing)

19:54:51 User IP-BLOCK 89.28.6.180 (Type: outgoing)

19:54:54 User IP-BLOCK 89.28.6.180 (Type: outgoing)

19:54:56 User IP-BLOCK 208.73.210.29 (Type: outgoing)

19:55:13 User IP-BLOCK 208.73.210.29 (Type: outgoing)

19:55:16 User IP-BLOCK 208.73.210.29 (Type: outgoing)

19:55:22 User IP-BLOCK 208.73.210.29 (Type: outgoing)

Link to post
Share on other sites

  • Staff

Here is my standard prevention speech:

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • 4 weeks later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.