Jump to content

Repeated Blocks for 206.161.121.100 (Type: outgoing)


Recommended Posts

I am getting continuous messages about blocking outgoing requests to a couple different IP addressed. Ive run the quick scan from mwab pro and it is not finding anything. Can someone help?

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by ebokor001 at 11:07:45 on 2011-10-19

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2031.160 [GMT -4:00]

.

AV: Trend Micro Titanium 2012 *Enabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}

.

============== Running Processes ===============

.

C:\WINDOWS\System32\svchost.exe -k Cognizance

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe

svchost.exe

C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe

C:\Program Files\Intel\AMT\atchksrv.exe

C:\WINDOWS\DOWNLO~1\WebEx\319\atnthost.exe

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

C:\WINDOWS\DOWNLO~1\WebEx\319\RAAGTAPP.EXE

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\WINDOWS\system32\ifxspmgt.exe

C:\WINDOWS\system32\ifxtcs.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Intel\AMT\LMS.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\WINDOWS\system32\NLSSRV32.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\PCPitstop\PCPitstopScheduleService.exe

C:\Program Files\PDF Complete\pdfsvc.exe

C:\WINDOWS\system32\IfxPsdSv.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Intel\AMT\UNS.exe

C:\WINDOWS\DOWNLO~1\WebEx\319\RaPanel.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\AccelerometerSt.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\PDF Complete\pdfsty.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\WINDOWS\SMINST\Scheduler.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe

C:\Program Files\ActivIdentity\ActivClient\acevents.exe

C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe

C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE

C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe

C:\Program Files\ActivIdentity\ActivClient\acevents.exe

C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

C:\Program Files\Cisco Systems\VPN Client\ipseclog.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.cnn.com/

uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\2.0.1313\6.8.1066\TmIEPlg.dll

BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - c:\program files\common files\doubletwist\IEPodcastPlugin.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

BHO: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\7.0.1081\7.0.1081\TmBpIe32.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"

uRun: [PTIM.exe] c:\program files\webex\productivity tools\PTIM.exe

uRun: [Gadwin PrintScreen Pro] c:\program files\gadwin systems\printscreenpro\PrintScreenPro.exe /nosplash

uRun: [Adobe Acrobat Synchronizer] "c:\program files\adobe\acrobat 10.0\acrobat\AdobeCollabSync.exe"

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [installIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [atchk] "c:\program files\intel\amt\atchk.exe"

mRun: [iFXSPMGT] c:\windows\system32\ifxspmgt.exe /NotifyLogon

mRun: [AccelerometerSysTrayApplet] c:\windows\system32\AccelerometerSt.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [nwiz] nwiz.exe /installquiet /nodetect

mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe

mRun: [PDF Complete] "c:\program files\pdf complete\pdfsty.exe"

mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe

mRun: [Recguard] c:\windows\sminst\Recguard.exe

mRun: [Reminder] c:\windows\creator\Remind_XP.exe

mRun: [scheduler] c:\windows\sminst\Scheduler.exe

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"

mRun: [acevents] "c:\program files\actividentity\activclient\acevents.exe"

mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"

mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start

mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule

mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"

mRun: [Trend Micro Titanium] "c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe" -set Silent "1" SplashURL ""

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\access~1.lnk - c:\windows\downlo~1\webex\319\raagtx.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{ccbaa1f7-e5e1-48b2-9ed9-a79c6a37ce78}\Icon3E5562ED7.ico

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB

DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://207.126.248.16/CACHE/stc/1/binaries/vpnweb.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://hds.webex.com/client/T27L10NSP11EP5/webex/ieatgpc.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\7.0.1081\7.0.1081\TmBpIe32.dll

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\2.0.1313\6.8.1066\TmIEPlg.dll

Notify: ackpbsc - c:\program files\actividentity\activclient\ackpbsc.dll

Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll

Notify: DeviceNP - DeviceNP.dll

Notify: OneCard - c:\program files\hewlett-packard\iam\bin\ASWLNPkg.dll

AppInit_DLLs: c:\windows\system32\APSHook.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

============= SERVICES / DRIVERS ===============

.

R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2007-4-26 100095]

R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2006-10-9 44720]

R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2007-3-29 13696]

R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-1-23 39080]

R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2007-4-26 5808]

R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-10-2 68368]

R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\common files\actividentity\ac.sharedstore.exe [2009-6-3 207400]

R2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2011-10-2 200632]

R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2006-2-28 14336]

R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2006-2-28 14336]

R2 atnthost;WebEx Remote Access Agent;c:\windows\downlo~1\webex\319\atnthost.exe [2010-11-15 19256]

R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2007-4-27 221184]

R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-3-9 6656]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-18 366152]

R2 MSSQL$SRS;SQL Server (SRS);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]

R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-10-20 67904]

R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2010-12-17 86016]

R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2010-11-5 540448]

R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.EXE [2010-11-5 1489688]

R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-6-17 434864]

R2 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2010-11-5 36608]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-18 22216]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2010-11-5 47616]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-17 136176]

S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2007-4-23 30008]

S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2007-4-30 172131]

S3 grmn0200;grmn0200.Sys Garmin USB DCP driver (install);c:\windows\system32\drivers\grmn0200.sys [2010-11-22 16777]

S3 grmn1200;grmn0200.Sys Garmin USB DCP driver;c:\windows\system32\drivers\grmn1200.sys [2010-11-22 12905]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-17 136176]

S3 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2009-8-7 45056]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]

S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-6-14 18432]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-10-19 14:44:23 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-18 20:04:19 114688 ----a-w- c:\windows\system32\chg.exe

2011-10-18 19:46:13 -------- d-sha-r- C:\cmdcons

2011-10-18 19:43:29 98816 ----a-w- c:\windows\sed.exe

2011-10-18 19:43:29 518144 ----a-w- c:\windows\SWREG.exe

2011-10-18 19:43:29 256000 ----a-w- c:\windows\PEV.exe

2011-10-18 19:43:29 208896 ----a-w- c:\windows\MBR.exe

2011-10-18 15:13:38 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-18 15:13:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-18 09:36:32 -------- d---a-w- C:\tmbrfix

2011-10-16 20:20:30 -------- d-----w- C:\e

2011-10-16 20:17:44 -------- d-sh--w- c:\windows\system32\AI_RecycleBin

2011-10-16 20:17:40 -------- d-----w- c:\program files\W3i

2011-10-16 20:17:40 -------- d-----w- c:\documents and settings\all users\application data\W3i

2011-10-16 20:17:22 -------- d-----w- c:\program files\Free Offers from Freeze.com

2011-10-16 20:17:16 -------- d-----w- c:\program files\Yahoo!

2011-10-12 08:01:17 22032 ----a-w- c:\windows\DCEBoot.exe

2011-10-12 08:01:17 102400 ----a-w- c:\windows\RegBootClean.exe

2011-10-02 21:50:22 92432 ----a-w- c:\windows\system32\drivers\tmtdi.sys

2011-10-02 21:50:16 81168 ----a-w- c:\windows\system32\drivers\tmactmon.sys

2011-10-02 21:50:16 68368 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys

2011-10-02 21:50:16 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2011-10-02 21:49:05 56 ----a-w- c:\windows\system32\SupportTool.exe.bat

2011-09-21 17:55:50 -------- d-----w- c:\documents and settings\ebokor001\application data\VirtualStore

.

==================== Find3M ====================

.

2011-10-09 16:56:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-30 13:01:34 106496 ----a-w- c:\windows\DUMP52b3.tmp

2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec

2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys

.

============= FINISH: 11:09:27.78 ===============

I forgot to attach this file in the first post.

attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.