Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Traffic has been blocked from this applications (ntoskrnl.exe)


  • Please log in to reply
6 replies to this topic

#1 mooraj

mooraj

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 28 February 2011 - 04:32 PM

DDS (Ver_10-12-12.02) - NTFSx86
Run by Abbas Mooraj at 15:25:12.03 on Mon 02/28/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1195 [GMT -6:00]

AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
C:\WINDOWS\system32\igfxext.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Abbas Mooraj\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uSearchMigratedDefaultURL =

hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [EDS] c:\program files\samsung\samsung eds\EDSAgent.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DMHotKey] c:\program files\samsung\easy display manager\DMLoader.exe
mRun: [BatteryManager] c:\program files\samsung\samsung battery manager\BatteryManager.exe
mRun: [MagicKeyboard] c:\program files\samsung\magickbd\PreMKBD.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NACAgentUI] c:\program files\cisco\cisco nac agent\NACAgentUI.exe
StartupFolder: c:\docume~1\abbasm~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\abbas

mooraj\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth

software\BTTray.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Clean Access Agent.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop

search\WindowsSearch.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program

files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: northwestern.edu
Trusted Zone: partners.org
DPF: {225781F3-B27C-4182-83F1-CBF79247D36B} - hxxp://portal.partners.org/vpn/PHSVPNPortal.CAB
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://asa1-ext.partners.org/CACHE/stc/1/binaries/vpnweb.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257722947687
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://plateau.webex.com/client/T27LB/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop

search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\abbasm~1\applic~1\mozilla\firefox\profiles\66cm36gy.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\documents and settings\abbas mooraj\local settings\application

data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla

firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} -

%profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-8-14 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-8-14 108392]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2009-4-1 4300]
R2 NACAgent;Cisco NAC Agent;c:\program files\cisco\cisco nac agent\NACAgent.exe [2011-1-6 1104608]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe

[2008-12-8 2440120]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2010-8-16 592120]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE

ykx32mpcoinst,serviceStartProc [?]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [2008-1-14 30208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys

[2010-5-28 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110227.003\NAVENG.SYS [2011-2-27 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110227.003\NAVEX15.SYS [2011-2-27 1360760]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2009-4-1 238464]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-11-18 23888]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [2006-8-1 19840]

=============== Created Last 30 ================

2011-02-27 16:02:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-02-27 16:02:19 -------- d-----w- c:\docume~1\abbasm~1\applic~1\SUPERAntiSpyware.com
2011-02-27 16:02:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-02-27 14:35:05 -------- d-----w- c:\docume~1\abbasm~1\applic~1\Windows Desktop Search
2011-02-27 14:34:13 -------- d-----w- c:\program files\Windows Desktop Search
2011-02-27 14:34:12 -------- d-----w- c:\windows\system32\GroupPolicy
2011-02-27 14:29:18 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-02-27 05:41:22 -------- d-----w- c:\windows\ie8updates
2011-02-27 05:34:48 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-02-27 05:34:48 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-02-27 05:34:44 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-02-27 03:10:26 -------- d-sh--w- c:\documents and settings\abbas mooraj\IECompatCache
2011-02-27 03:08:18 -------- d-sh--w- c:\documents and settings\abbas mooraj\PrivacIE
2011-02-27 02:55:15 -------- d-sh--w- c:\documents and settings\abbas mooraj\IETldCache
2011-02-27 02:35:39 -------- dc-h--w- c:\windows\ie8
2011-02-26 19:44:24 54016 ----a-w- c:\windows\system32\drivers\lktylmqm.sys
2011-02-21 15:25:33 -------- d-----w- c:\program files\common files\Cisco
2011-02-20 21:28:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\FileOpen
2011-02-20 21:28:37 -------- d-----w- c:\docume~1\abbasm~1\applic~1\FileOpen
2011-02-20 21:24:49 -------- d-----w- c:\program files\FileOpen

==================== Find3M ====================

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

============= FINISH: 15:26:28.64 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:13 AM

Posted 06 March 2011 - 05:17 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks.

DR

#3 mooraj

mooraj
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 06 March 2011 - 06:03 PM

Thanks for responding. Here is the GMER log. The DDS log is copied above. Thanks
----------

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-03 23:59:28
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HM160HI rev.HH100-06
Running: gmer.exe; Driver: C:\DOCUME~1\ABBASM~1\LOCALS~1\Temp\ugtdypob.sys


---- System - GMER 1.0.15 ----

SSDT 8A339F00 ZwAlertResumeThread
SSDT 8A3F5C50 ZwAlertThread
SSDT 8A50F908 ZwAllocateVirtualMemory
SSDT 8A3FB750 ZwConnectPort
SSDT 8A59A6A0 ZwCreateMutant
SSDT 8A494778 ZwCreateThread
SSDT 8A59DA80 ZwFreeVirtualMemory
SSDT 8A3FCF00 ZwImpersonateAnonymousToken
SSDT 8A3017A8 ZwImpersonateThread
SSDT 8A350150 ZwMapViewOfSection
SSDT 8A334318 ZwOpenEvent
SSDT 8A4C0220 ZwOpenProcessToken
SSDT 8A380E78 ZwOpenThreadToken
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwProtectVirtualMemory [0xB9D8F6B0]
SSDT 8A36F3E0 ZwResumeThread
SSDT 8A3F54B0 ZwSetContextThread
SSDT 8A492EE8 ZwSetInformationProcess
SSDT 8A510058 ZwSetInformationThread
SSDT 8A495190 ZwSuspendProcess
SSDT 8A539860 ZwSuspendThread
SSDT 8A4C81D0 ZwTerminateProcess
SSDT 8A331740 ZwTerminateThread
SSDT 8A4F8078 ZwUnmapViewOfSection
SSDT 8A599DF0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 406 804E4C60 8 Bytes CALL D8D89593

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[2512] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Abbas Mooraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Udfs.SYS (UDF File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\SYMTDI \Device\SymTDI wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:13 AM

Posted 08 March 2011 - 08:43 AM

hi mooraj,

You still getting the message? Can you post a few lines from your firewall log, if it has logging capabilities that is.Also you can get a download which you can keep and use:

Please download the free version of Malwarebytes to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

Post the log in your reply.

How Can I Reduce My Risk to Malware?


#5 mooraj

mooraj
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 08 March 2011 - 02:20 PM

Hi - Was my DDS and GMER log clean?

I ran MBAM and it was clean. and yes I am still getting the message. Will post the Symantec log next.

#6 mooraj

mooraj
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 08 March 2011 - 02:23 PM

3/7/2011 1:31:47 PM Blocked 3 Incoming IPv6 [type=0x86DD] 0.0.0.0 C4-2C-03-EB-46-05 0 0.0.0.0 33-33-FF-EB-46-05 0 Abbas Mooraj MOORAJ Default 1 3/7/2011 1:30:44 PM 3/7/2011 1:30:44 PM GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_102
3/7/2011 1:40:40 PM Blocked 3 Incoming IPv6 [type=0x86DD] 0.0.0.0 C4-2C-03-EB-46-05 0 0.0.0.0 33-33-FF-EB-46-05 0 Abbas Mooraj MOORAJ Default 1 3/7/2011 1:39:38 PM 3/7/2011 1:39:38 PM GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_102
3/7/2011 1:40:40 PM Blocked 3 Incoming IPv6 [type=0x86DD] 0.0.0.0 C4-2C-03-EB-46-05 0 0.0.0.0 33-33-FF-EB-46-05 0 Abbas Mooraj MOORAJ Default 1 3/7/2011 1:39:38 PM 3/7/2011 1:39:38 PM GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_102
3/7/2011 1:40:45 PM Blocked 3 Incoming IPv6 [type=0x86DD] 0.0.0.0 C4-2C-03-EB-46-05 0 0.0.0.0 33-33-FF-EB-46-05 0 Abbas Mooraj MOORAJ Default 1 3/7/2011 1:39:44 PM 3/7/2011 1:39:44 PM GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_102
3/7/2011 2:01:48 PM Blocked 3 Incoming IPv6 [type=0x86DD] 0.0.0.0 C4-2C-03-EB-46-05 0 0.0.0.0 33-33-FF-EB-46-05 0 Abbas Mooraj MOORAJ Default 1 3/7/2011 2:00:47 PM 3/7/2011 2:00:47 PM GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_102
3/7/2011 2:01:48 PM Blocked 3 Incoming IPv6 [type=0x86DD] 0.0.0.0 C4-2C-03-EB-46-05 0 0.0.0.0 33-33-FF-EB-46-05 0 Abbas Mooraj MOORAJ Default 1 3/7/2011 2:00:47 PM 3/7/2011 2:00:47 PM GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_102
3/7/2011 2:01:48 PM Blocked 3 Incoming IPv6 [type=0x86DD] 0.0.0.0 C4-2C-03-EB-46-05 0 0.0.0.0 33-33-FF-EB-46-05 0 Abbas Mooraj MOORAJ Default 1 3/7/2011 2:00:47 PM 3/7/2011 2:00:47 PM GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_102
3/7/2011 2:05:29 PM Blocked 3 Incoming IPv6 [type=0x86DD] 0.0.0.0 C4-2C-03-EB-46-05 0 0.0.0.0 33-33-FF-EB-46-05 0 Abbas Mooraj MOORAJ Default 1 3/7/2011 2:04:27 PM 3/7/2011 2:04:27 PM GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_102
3/7/2011 2:05:29 PM Blocked 3 Incoming IPv6 [type=0x86DD] 0.0.0.0 C4-2C-03-EB-46-05 0 0.0.0.0 33-33-FF-EB-46-05 0 Abbas Mooraj MOORAJ Default 1 3/7/2011 2:04:27 PM 3/7/2011 2:04:27 PM GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_102
3/7/2011 2:05:29 PM Blocked 3 Incoming IPv6 [type=0x86DD] 0.0.0.0 C4-2C-03-EB-46-05 0 0.0.0.0 33-33-FF-EB-46-05 0 Abbas Mooraj MOORAJ Default 1 3/7/2011 2:04:27 PM 3/7/2011 2:04:27 PM GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_102
3/7/2011 2:26:42 PM Blocked 3 Incoming IPv6 [type=0x86DD] 0.0.0.0 C4-2C-03-EB-46-05 0 0.0.0.0 33-33-FF-EB-46-05 0 Abbas Mooraj MOORAJ Default 1 3/7/2011 2:25:41 PM 3/7/2011 2:25:41 PM GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_102
3/7/2011 2:26:42 PM Blocked 3 Incoming IPv6 [type=0x86DD] 0.0.0.0 C4-2C-03-EB-46-05 0 0.0.0.0 33-33-FF-EB-46-05 0 Abbas Mooraj MOORAJ Default 1 3/7/2011 2:25:41 PM 3/7/2011 2:25:41 PM GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_102
3/7/2011 2:26:47 PM Blocked 3 Incoming IPv6 [type=0x86DD] 0.0.0.0 C4-2C-03-EB-46-05 0 0.0.0.0 33-33-FF-EB-46-05 0 Abbas Mooraj MOORAJ Default 1 3/7/2011 2:25:46 PM 3/7/2011 2:25:46 PM GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_102
3/7/2011 2:50:39 PM Blocked 3 Incoming IPv6 [type=0x86DD] 0.0.0.0 C4-2C-03-EB-46-05 0 0.0.0.0 33-33-FF-EB-46-05 0 Abbas Mooraj MOORAJ Default 1 3/7/2011 2:49:37 PM 3/7/2011 2:49:37 PM GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_102
3/7/2011 2:50:39 PM Blocked 3 Incoming IPv6 [type=0x86DD] 0.0.0.0 C4-2C-03-EB-46-05 0 0.0.0.0 33-33-FF-EB-46-05 0 Abbas Mooraj MOORAJ Default 1 3/7/2011 2:49:37 PM 3/7/2011 2:49:37 PM GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_102
3/7/2011 3:15:23 PM Blocked 3 Incoming IPv6 [type=0x86DD] 0.0.0.0 C4-2C-03-EB-46-05 0 0.0.0.0 33-33-FF-EB-46-05 0 Abbas Mooraj MOORAJ Default 1 3/7/2011 3:14:21 PM 3/7/2011 3:14:21 PM GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_102
3/7/2011 3:15:23 PM Blocked 3 Incoming IPv6 [type=0x86DD] 0.0.0.0 C4-2C-03-EB-46-05 0 0.0.0.0 33-33-FF-EB-46-05 0 Abbas Mooraj MOORAJ Default 1 3/7/2011 3:14:21 PM 3/7/2011 3:14:21 PM GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_102
3/7/2011 3:15:28 PM Blocked 3 Incoming IPv6 [type=0x86DD] 0.0.0.0 C4-2C-03-EB-46-05 0 0.0.0.0 33-33-FF-EB-46-05 0 Abbas Mooraj MOORAJ Default 1 3/7/2011 3:14:27 PM 3/7/2011 3:14:27 PM GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_102
3/7/2011 3:42:24 PM Blocked 3 Incoming IPv6 [type=0x86DD] 0.0.0.0 F8-1E-DF-DA-79-23 0 0.0.0.0 33-33-CC-9F-DA-95 0 Abbas Mooraj MOORAJ Default 1 3/7/2011 3:41:23 PM 3/7/2011 3:41:23 PM GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_102
3/7/2011 3:49:56 PM Blocked 3 Incoming IPv6 [type=0x86DD] 0.0.0.0 C4-2C-03-EB-46-05 0 0.0.0.0 33-33-FF-EB-46-05 0 Abbas Mooraj MOORAJ Default 1 3/7/2011 3:48:54 PM 3/7/2011 3:48:54 PM GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_102
3/7/2011 3:49:56 PM Blocked 3 Incoming IPv6 [type=0x86DD] 0.0.0.0 C4-2C-03-EB-46-05 0 0.0.0.0 33-33-FF-EB-46-05 0 Abbas Mooraj MOORAJ Default 1 3/7/2011 3:48:54 PM 3/7/2011 3:48:54 PM GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_102
3/7/2011 4:03:01 PM Blocked 10 Incoming ETHERNET [type=0x8137] 0.0.0.0 00-16-6F-9B-64-AA 0 0.0.0.0 FF-FF-FF-FF-FF-FF 0 Abbas Mooraj MOORAJ Default 1 3/7/2011 4:01:59 PM 3/7/2011 4:01:59 PM Block_all
3/7/2011 4:03:01 PM Blocked 10 Incoming ETHERNET [type=0x8137] 0.0.0.0 00-16-6F-9B-64-AA 0 0.0.0.0 FF-FF-FF-FF-FF-FF 0 Abbas Mooraj MOORAJ Default 1 3/7/2011 4:01:59 PM 3/7/2011 4:01:59 PM Block_all
3/7/2011 4:14:25 PM Blocked 3 Incoming IPv6 [type=0x86DD] 0.0.0.0 C8-BC-C8-68-15-BB 0 0.0.0.0 33-33-FF-68-15-BB 0 Abbas Mooraj MOORAJ Default 1 3/7/2011 4:13:23 PM 3/7/2011 4:13:23 PM GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_102
3/7/2011 4:14:25 PM Blocked 3 Incoming IPv6 [type=0x86DD] 0.0.0.0 C8-BC-C8-68-15-BB 0 0.0.0.0 33-33-FF-68-15-BB 0 Abbas Mooraj MOORAJ Default 1 3/7/2011 4:13:23 PM 3/7/2011 4:13:23 PM GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_102
3/7/2011 4:14:30 PM Blocked 3 Incoming IPv6 [type=0x86DD] 0.0.0.0 C8-BC-C8-68-15-BB 0 0.0.0.0 33-33-FF-68-15-BB 0 Abbas Mooraj MOORAJ Default 1 3/7/2011 4:13:28 PM 3/7/2011 4:13:28 PM GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_102
3/7/2011 4:15:21 PM Blocked 3 Incoming IPv6 [type=0x86DD] 0.0.0.0 C4-2C-03-EB-46-05 0 0.0.0.0 33-33-FF-EB-46-05 0 Abbas Mooraj MOORAJ Default 1 3/7/2011 4:14:19 PM 3/7/2011 4:14:19 PM GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_102
3/7/2011 4:15:21 PM Blocked 3 Incoming IPv6 [type=0x86DD] 0.0.0.0 C4-2C-03-EB-46-05 0 0.0.0.0 33-33-FF-EB-46-05 0 Abbas Mooraj MOORAJ Default 1 3/7/2011 4:14:19 PM 3/7/2011 4:14:19 PM GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_102
3/7/2011 4:15:26 PM Blocked 3 Incoming IPv6 [type=0x86DD] 0.0.0.0 C4-2C-03-EB-46-05 0 0.0.0.0 33-33-FF-EB-46-05 0 Abbas Mooraj MOORAJ Default 1 3/7/2011 4:14:25 PM 3/7/2011 4:14:25 PM GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_102
3/7/2011 4:24:51 PM Blocked 3 Incoming IPv6 [type=0x86DD] 0.0.0.0 00-24-2B-66-39-2E 0 0.0.0.0 33-33-FF-FF-FA-CE 0 Abbas Mooraj MOORAJ Default 1 3/7/2011 4:23:49 PM 3/7/2011 4:23:49 PM GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_102
3/7/2011 4:24:51 PM Blocked 3 Incoming IPv6 [type=0x86DD] 0.0.0.0 00-24-2B-66-39-2E 0 0.0.0.0 33-33-FF-FF-FA-CE 0 Abbas Mooraj MOORAJ Default 1 3/7/2011 4:23:49 PM 3/7/2011 4:23:49 PM GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_102
3/7/2011 4:24:51 PM Blocked 3 Incoming IPv6 [type=0x86DD] 0.0.0.0 00-24-2B-66-39-2E 0 0.0.0.0 33-33-FF-FF-FA-CE 0 Abbas Mooraj MOORAJ Default 1 3/7/2011 4:23:49 PM 3/7/2011 4:23:49 PM GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_102
3/7/2011 4:24:56 PM Blocked 3 Incoming IPv6 [type=0x86DD] 0.0.0.0 00-24-2B-66-39-2E 0 0.0.0.0 33-33-FF-FF-FA-CE 0 Abbas Mooraj MOORAJ Default 1 3/7/2011 4:23:54 PM 3/7/2011 4:23:54 PM GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_102
3/7/2011 4:24:56 PM Blocked 3 Incoming IPv6 [type=0x86DD] 0.0.0.0 00-24-2B-66-39-2E 0 0.0.0.0 33-33-FF-FF-FA-CE 0 Abbas Mooraj MOORAJ Default 1 3/7/2011 4:23:54 PM 3/7/2011 4:23:54 PM GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_102
3/7/2011 4:25:01 PM Blocked 3 Incoming IPv6 [type=0x86DD] 0.0.0.0 00-24-2B-66-39-2E 0 0.0.0.0 33-33-FF-FF-FA-CE 0 Abbas Mooraj MOORAJ Default 1 3/7/2011 4:23:59 PM 3/7/2011 4:23:59 PM GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_102
3/7/2011 4:25:06 PM Blocked 3 Incoming IPv6 [type=0x86DD] 0.0.0.0 00-24-2B-66-39-2E 0 0.0.0.0 33-33-FF-FF-FA-CE 0 Abbas Mooraj MOORAJ Default 1 3/7/2011 4:24:05 PM 3/7/2011 4:24:05 PM GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_102
3/7/2011 4:25:06 PM Blocked 3 Incoming IPv6 [type=0x86DD] 0.0.0.0 00-24-2B-66-39-2E 0 0.0.0.0 33-33-FF-FF-FA-CE 0 Abbas Mooraj MOORAJ Default 1 3/7/2011 4:24:05 PM 3/7/2011 4:24:05 PM GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_102

#7 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:13 AM

Posted 08 March 2011 - 06:19 PM

hi,

Yes logs look ok. Did you just start getting the FW alert? It looks like a default built in rule. Are you connected via a router? any other machines on the router also?
It may not mean malware and in any case if it was the FW is doing its job by blocking it.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users