Jump to content

JohnAllen

Members
  • Posts

    2
  • Joined

  • Last visited

Everything posted by JohnAllen

  1. UPDATE: Don't worry about it, I have solved the problem. What I did was to download and install Zone Alarm Firewall and turn off MBAM program. Zone Alarm is blocking the same IP addresses without that annoying popping sound (which was driving me and my wife nuts!) and everyone is happy. Furthermore, after I had chosen for MBAM to not start on startup or activate active protection, I still had MBAM service in my HJT scan and it was running in my services. I attempted to change the service to manual instead of automatic, restarted my pc and it was right back at it again. So then i deleted it through HJT and now MBAM gives me an error when I try and open it. My next step is to use Revo Uninstaller and uninstall MBAM because it seems to me that this software has a deep desire to run in the background regardless if I want it to or not! I think I would use it if I was having trouble with some form of malicious software, but when I was done, immediately remove it from my system because i'm not a big fan of "pushy" software running on my pc. Thanks for reading!
  2. Hello. I am new here and I have noticed that ever since I started using MBAM, my computer makes a popping sound alot. I began investigating and discovered that there is a computer(s) in China trying to access my system, alot! So I read the "I'm Infected" thread and followed the instructions to a T and I am ready to post the logs. I'm not certain if this is normal or if I am infected somehow. Thanks for your time and for helping me on this. DDS (Ver_10-03-17.01) - NTFSx86 Run by Administrator at 16:56:20.81 on Sat 07/10/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1305 [GMT -5:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\mjusbsp\srvany.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\mjusbsp\magicJack.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\Ad Muncher\AdMunch.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrator\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [Ad Muncher] "c:\program files\ad muncher\AdMunch.exe" /bt mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray IE: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_frame IE: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_image IE: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_i...id=menu_ie_link IE: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_i...menu_ie_exclude IE: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_i...=menu_ie_report IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1272322328531 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1268609520296 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\0oi5dey6.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - plugin: c:\documents and settings\administrator\application data\facebook\npfbplugin_1_0_3.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-4-26 216200] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-4-26 29584] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-4-26 242896] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-4-26 916760] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-4-26 308064] R2 magicJack;magicJack;c:\mjusbsp\srvany.exe [2010-4-24 8192] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-7-8 304464] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-7-8 20952] S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\tmpassthru.sys --> c:\windows\system32\drivers\TMPassthru.sys [?] =============== Created Last 30 ================ 2010-07-10 21:55:19 0 ----a-w- c:\documents and settings\administrator\defogger_reenable 2010-07-08 11:24:16 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes 2010-07-08 11:24:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-08 11:23:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-08 11:23:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-07-08 11:23:58 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-08 01:20:45 0 d-----w- c:\program files\Ad Muncher 2010-07-08 01:20:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Ad Muncher 2010-07-05 20:17:44 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys 2010-07-05 20:17:44 16128 ----a-w- c:\windows\system32\drivers\MODEMCSA.sys 2010-06-28 02:16:21 0 d-----w- c:\program files\Registry Clean Expert 2010-06-27 11:43:52 0 d-----w- c:\windows\Performance 2010-06-20 16:00:55 0 d-----w- c:\program files\YouTube Downloader 2010-06-14 11:17:16 0 d-----w- c:\windows\system32\NtmsData 2010-06-12 09:13:53 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll ==================== Find3M ==================== 2010-06-06 19:41:00 927908 ----a-w- c:\windows\fonts\Barlow_by_Thunderpanda_ver01.ttf 2010-06-06 19:40:48 663548 ----a-w- c:\windows\fonts\Barlow_by_Thunderpanda_ver02.ttf 2010-06-02 22:25:44 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-05-28 17:22:54 87 ----a-w- c:\documents and settings\administrator\jagex_runescape_preferences2.dat 2010-05-28 17:22:18 42 ----a-w- c:\documents and settings\administrator\jagex_runescape_preferences.dat 2010-05-28 15:19:22 0 ----a-w- c:\documents and settings\administrator\jagex__preferences3.dat 2010-05-27 01:13:00 76768 ----a-w- c:\windows\fonts\BOMBFONT TRIAL.otf 2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-27 01:02:40 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-04-26 22:37:31 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll ============= FINISH: 16:57:13.34 =============== Attach.zip protection_log_2010_07_10.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.