beauknowsdiddly

Hey Everyone! So I keep getting the malicious website blocked popup about every second. IP: address 212.200.33.79, Port: 63296, Type: inbound, Process C;\Windows\System32\svchost.exe. Should I just try to delete that svchost.exe file? I'm using Windows 10

Awesome!! Thank you!!

Help!! I'm having the same problem!! In fact I quareteened my notepad without realizing it. I only found out whe trying to use it. So I restored it and then scanned it and it says..... Trojan.FakeMS.

every couple of minutes mbam blocks the same ip address..... how do I figure out who or what??? I'm not even doing anything, just sitting here looking at my desktop. here's the log.... 22:18:18 Beau MESSAGE Protection started successfully 22:18:22 Beau MESSAGE IP Protection started successfully 22:21:42 Beau IP-BLOCK 193.107.16.156 22:21:50 Beau IP-BLOCK 193.107.16.156 22:21:50 Beau IP-BLOCK 193.107.16.156 22:21:50 Beau IP-BLOCK 193.107.16.156 22:21:50 Beau IP-BLOCK 193.107.16.156 22:21:50 Beau IP-BLOCK 193.107.16.156 22:21:50 Beau IP-BLOCK 193.107.16.156 22:21:50 Beau IP-BLOCK 193.107.16.156 22:21:50 Beau IP-BLOCK 193.107.16.156 22:21:50 Beau IP-BLOCK 193.107.16.156 22:21:50 Beau IP-BLOCK 193.107.16.156 22:21:50 Beau IP-BLOCK 193.107.16.156 22:21:50 Beau IP-BLOCK 193.107.16.156 22:21:50 Beau IP-BLOCK 193.107.16.156 22:21:50 Beau IP-BLOCK 193.107.16.156 22:21:50 Beau IP-BLOCK 193.107.16.156 22:21:50 Beau IP-BLOCK 193.107.16.156 22:21:50 Beau IP-BLOCK 193.107.16.156 22:21:50 Beau IP-BLOCK 193.107.16.156 22:21:50 Beau IP-BLOCK 193.107.16.156 22:21:50 Beau IP-BLOCK 193.107.16.156 22:21:50 Beau IP-BLOCK 193.107.16.156 22:21:50 Beau IP-BLOCK 193.107.16.156 22:21:50 Beau IP-BLOCK 193.107.16.156 22:21:50 Beau IP-BLOCK 193.107.16.156 22:21:50 Beau IP-BLOCK 193.107.16.156 and it goes on, and on, and on. Just crazy man, crazy... lol

Ahhhhh what an idiot I am! LOL I have Utorrent running. Thanks for plugging the whole in my brain!

So why does Malwarebytes constantly block websites? Every few minutes the bubble pops up telling me that it has blocked access to a potentially malicious website and tells me the IP address which is cool, but why or how are those websited even trying to gain access? All my cookeis and temp files are empty. I don't get it. Beau

I'm thinkin' I can't change that can I? Things that make me go hmmmm

It's 192.168.1.1

Okay so then everything is okay and stop fooling with stuff? Is that what you're trying to say? lol Thank you everyone for all your help, I really appreciate it!

I did all that but it doesn't tell me how or if I need to periodically change my routers default ip address, I don't quite understand it. It appears it's set to dhcp so...... I dunno lol. I've attached what it looks like now.

Sure you can, it's a netgear wg614 v7-vc

And from one newb to another I'm probably not posting correctly myself, and how do you paste screenshots in here? Or can you? I wanted to show my router info. Do I just upload it as an attachment?

You're fine I was just kidding, you're more than welcome, and I found the instructions to change the password for my router and actually understood them, trying to figure out the default IP now,

I'm not sure but did my thread just get hijacked? lol jk

It seems to be working beautifully! *crosses fingers* Thank you sooooo much!

Well that appears to have done the trick! Although this is like the fifth time I've reset my router. The only thing I did different this time was to unplug my switch as well. Can a Switch get highjacked as well? It's a TRENDnet if that means anything. And how do I figure out all those processes running? What are they and do I really need them all running? Here's what I get now. Step 1 4518 Step 2 Traceroute Malwarebytes CDN version 1.5 Tue 08/31/2010 18:48:45.40 Phase #1 Tracerouting: data-cdn.mbamupdates.com Tracing route to mwbyte.vo.llnwd.net [68.142.122.70] over a maximum of 30 hops: 1 1 ms 1 ms 1 ms 192.168.1.1 2 10 ms 8 ms 9 ms cpe- 173-169-144-1.tampabay.res.rr.com [173.169.144.1] 3 11 ms 9 ms 9 ms gig10-0-0-2081.tampfledc- rtr2.tampflrdc.rr.com [65.32.36.238] 4 15 ms 11 ms 9 ms 653213hfc50.tampabay.res.rr.com [65.32.13.50] 5 33 ms 34 ms 34 ms ge-2-1- 0.cr0.dfw10.tbone.rr.com [66.109.6.106] 6 32 ms 34 ms 34 ms ae-1-0.pr0.dfw10.tbone.rr.com [66.109.6.179] 7 73 ms 75 ms 74 ms tge7- 2.fr3.dal.llnw.net [208.111.158.81] 8 70 ms * 73 ms cdn-68-142-122-70.dal.llnw.net [68.142.122.70] Trace complete. DNS Info Server: UnKnown Address: 192.168.1.1 Name: ne1.wpc.edgecastcdn.net Address: 72.21.81.133 Aliases: data-cdn.mbamupdates.com wpc.1d00.edgecastcdn.net gs1.wpc.edgecastcdn.net ====================================================== ====== Phase #2 Tracerouting: llnw.data-cdn.mbamupdates.com Tracing route to mwbyte.vo.llnwd.net [68.142.123.254] over a maximum of 30 hops: 1 1 ms 1 ms 1 ms 192.168.1.1 2 9 ms 9 ms 9 ms cpe- 173-169-144-1.tampabay.res.rr.com [173.169.144.1] 3 11 ms 9 ms 9 ms gig10-0-0-2081.tampfledc- rtr2.tampflrdc.rr.com [65.32.36.238] 4 10 ms 9 ms 9 ms 653213hfc50.tampabay.res.rr.com [65.32.13.50] 5 33 ms 34 ms 34 ms ge-2-1- 0.cr0.dfw10.tbone.rr.com [66.109.6.106] 6 35 ms 34 ms 35 ms ae-1-0.pr0.dfw10.tbone.rr.com [66.109.6.179] 7 74 ms 74 ms 76 ms llnw.pr0.dfw10.tbone.rr.com [66.109.9.126] 8 68 ms 70 ms 70 ms tge5-1.fr4.dal.llnw.net [69.28.171.106] 9 70 ms 68 ms 72 ms cdn- 68-142-123-254.dal.llnw.net [68.142.123.254] Trace complete. DNS Info Server: UnKnown Address: 192.168.1.1 Name: mwbyte.vo.llnwd.net Addresses: 68.142.123.254 68.142.122.70 Aliases: llnw.data-cdn.mbamupdates.com ====================================================== ====== Phase #3 Tracerouting: edge.data-cdn.mbamupdates.com Tracing route to ne1.wpc.edgecastcdn.net [72.21.81.133]over a maximum of 30 hops: 1 1 ms 1 ms 1 ms 192.168.1.1 2 10 ms 19 ms 11 ms cpe-173-169-144-1.tampabay.res.rr.com [173.169.144.1] 3 10 ms 9 ms 9 ms gig10 -0-0-2081.tampfledc-rtr2.tampflrdc.rr.com [65.32.36.238] 4 10 ms 9 ms 9 ms ge3-1- 0.tampfledc-rtr3.tampflrdc.rr.com [65.32.13.70] 5 32 ms 38 ms 35 ms ge-2-1- 0.cr0.dfw10.tbone.rr.com [66.109.6.106] 6 33 ms 55 ms 34 ms ae-1-0.pr0.dfw10.tbone.rr.com [66.109.6.179] 7 34 ms 34 ms 34 ms TenGigabitEthernet2-1.ar4.DAL2.gblx.net [64.211.60.81] 8 33 ms 34 ms 34 ms 64.211.192.82 9 36 ms 33 ms 34 ms 72.21.81.133 Trace complete. DNS Info Server: UnKnown Address: 192.168.1.1 Name: ne1.wpc.edgecastcdn.net Address: 72.21.81.133 Aliases: edge.data-cdn.mbamupdates.com wpc.1D00.edgecastcdn.net gs1.wpc.edgecastcdn.net ====================================================== ====== Finished at: 18:49:41.12 Step 3 mbam.exe 2752 TCP beauspc 49433 cdn-68-142-123-254.dal.llnw.net http ESTABLISHED 1 177 1 294

Step 1 Internet Explorer cannot display the webpage. When I click on "Diagnose Connection Problems" it tels me that Windows cannot find "data-cdn.mbamupdates.com" it says "Windows sent the request to the DNS server and the server responded that the name was unknown. Step 2 Traceroute Malwarebytes CDN version 1.5 Tue 08/31/2010 16:27:41.35 Phase #1 Tracerouting: data-cdn.mbamupdates.com Unable to resolve target system name data-cdn.mbamupdates.com. DNS Info Server: UnKnown Address: 213.109.68.247 ============================================================ Phase #2 Tracerouting: llnw.data-cdn.mbamupdates.com Unable to resolve target system name llnw.data-cdn.mbamupdates.com. DNS Info Server: UnKnown Address: 213.109.68.247 ============================================================ Phase #3 Tracerouting: edge.data-cdn.mbamupdates.com Unable to resolve target system name edge.data-cdn.mbamupdates.com. DNS Info Server: UnKnown Address: 213.109.68.247 ============================================================ Finished at: 16:27:44.35 Step 3 It doesn't seem to show up at all. When I click on start update in mbam I just get that same error message :-( Here's what is listed in TCPView [system Process] 0 TCP beauspc 49901 hrndva-tampabaylb.mail.rr.com:pop3 pop3 TIME_WAIT 4 49 5 146 iexplore.exe 5448 UDP BeausPC 55687 * * 1 1 1 1 LogMeIn.exe 2428 TCP BeausPC 2002 BeausPC 0 LISTENING LogMeIn.exe 2428 TCP BeausPC 2002 localhost 49159 ESTABLISHED LogMeIn.exe 2428 TCP beauspc 49157 app01-08.logmein.com https ESTABLISHED 13 481 13 481 LogMeInSystray.exe 3472 TCP BeausPC 49159 localhost 2002 ESTABLISHED lsass.exe 732 TCP BeausPC 49156 BeausPC 0 LISTENING lsass.exe 732 TCPV6 beauspc 49156 beauspc 0 LISTENING services.exe 720 TCP BeausPC 49161 BeausPC 0 LISTENING services.exe 720 TCPV6 beauspc 49161 beauspc 0 LISTENING spoolsv.exe 1824 TCP BeausPC 49155 BeausPC 0 LISTENING spoolsv.exe 1824 TCPV6 beauspc 49155 beauspc 0 LISTENING svchost.exe 1032 TCP BeausPC epmap BeausPC 0 LISTENING svchost.exe 1196 TCP BeausPC 49153 BeausPC 0 LISTENING svchost.exe 1244 TCP BeausPC 49154 BeausPC 0 LISTENING svchost.exe 1392 UDP BeausPC ntp * * svchost.exe 1244 UDP BeausPC isakmp * * svchost.exe 1392 UDP BeausPC ssdp * * 36 17,178 90 42,909 svchost.exe 1392 UDP beauspc ssdp * * svchost.exe 1392 UDP BeausPC 3702 * * svchost.exe 1392 UDP BeausPC 3702 * * svchost.exe 1244 UDP BeausPC ipsec-msft * * svchost.exe 1556 UDP BeausPC llmnr * * 16 420 svchost.exe 1392 UDP beauspc 52449 * * svchost.exe 1392 UDP BeausPC 52450 * * svchost.exe 1244 UDP BeausPC 52971 * * svchost.exe 1392 UDP BeausPC 58303 * * svchost.exe 1032 TCPV6 beauspc epmap beauspc 0 LISTENING svchost.exe 1196 TCPV6 beauspc 49153 beauspc 0 LISTENING svchost.exe 1244 TCPV6 beauspc 49154 beauspc 0 LISTENING svchost.exe 1392 UDPV6 beauspc 123 * * svchost.exe 1244 UDPV6 beauspc 500 * * svchost.exe 1392 UDPV6 [0:0:0:0:0:0:0:1] 1900 * * svchost.exe 1392 UDPV6 [fe80:0:0:0:1cee:8d7:5256:691c] 1900 * * svchost.exe 1392 UDPV6 beauspc 1900 * * svchost.exe 1392 UDPV6 beauspc 3702 * * svchost.exe 1392 UDPV6 beauspc 3702 * * svchost.exe 1556 UDPV6 beauspc 5355 * * svchost.exe 1392 UDPV6 beauspc 52446 * * svchost.exe 1392 UDPV6 [0:0:0:0:0:0:0:1] 52447 * * svchost.exe 1392 UDPV6 [fe80:0:0:0:1cee:8d7:5256:691c] 52448 * * svchost.exe 1392 UDPV6 beauspc 58304 * * svchost.exe 1196 UDPV6 beauspc 546 * * System 4 TCP beauspc netbios-ssn BeausPC 0 LISTENING System 4 TCP BeausPC microsoft-ds BeausPC 0 LISTENING System 4 TCP BeausPC icslap BeausPC 0 LISTENING System 4 TCP BeausPC 5357 BeausPC 0 LISTENING System 4 TCP BeausPC 10243 BeausPC 0 LISTENING System 4 UDP beauspc netbios-ns * * 32 1,600 9 641 System 4 UDP beauspc netbios-dgm * * System 4 TCPV6 beauspc microsoft-ds beauspc 0 LISTENING System 4 TCPV6 beauspc icslap beauspc 0 LISTENING System 4 TCPV6 beauspc 5357 beauspc 0 LISTENING System 4 TCPV6 beauspc 10243 beauspc 0 LISTENING wininit.exe 676 TCP BeausPC 49152 BeausPC 0 LISTENING wininit.exe 676 TCPV6 beauspc 49152 beauspc 0 LISTENING wmpnetwk.exe 4016 TCP BeausPC rtsp BeausPC 0 LISTENING wmpnetwk.exe 4016 UDP BeausPC 5004 * * wmpnetwk.exe 4016 UDP BeausPC 5005 * * wmpnetwk.exe 4016 TCPV6 beauspc rtsp beauspc 0 LISTENING wmpnetwk.exe 4016 UDPV6 beauspc 5004 * * wmpnetwk.exe 4016 UDPV6 beauspc 5005 * *

whenever I try to update mbam I get "MBAM_ERROR_UPDATING (12007,0, WinHttpSendRequest) I also have some kind of redirect virus that I'm thinking is in my router or switch because I've completely reinstalled Windows and still continue to get redirected when using google. I've tried, ComboFix, Spyware Doctor and now Mbam, and all tell me there are no problems. But I'm thinking before I figure that out I have to figure out how to update mbam. thanks, Beau