Jump to content

Search the Community

Showing results for tags 'IP-Block'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 9 results

  1. All morning we've been getting alerts. Quick scan, Flash scan and full scan have found no threats Database version v2018.01.03.06 1/3/2018 9:35:15 AM Blocked web site Type: outgoing, Port: 61115, Process: avp.exe 50.19.237.142 1/3/2018 9:26:44 AM Blocked web site Type: outgoing, Port: 64935, Process: avp.exe 50.19.237.142 1/3/2018 9:26:44 AM Blocked web site Type: outgoing, Port: 64935, Process: avp.exe 50.19.237.142 1/3/2018 7:52:01 AM Blocked web site Type: outgoing, Port: 60871, Process: avp.exe 50.19.237.142 1/3/2018 8:04:26 AM Blocked web site Type: outgoing, Port: 57552, Process: avp.exe 50.19.237.142 1/3/2018 8:05:25 AM Blocked web site Type: outgoing, Port: 54253, Process: avp.exe 50.19.237.142 1/3/2018 8:05:25 AM Blocked web site Type: outgoing, Port: 54257, Process: avp.exe 50.19.237.142 1/3/2018 8:16:44 AM Blocked web site Type: outgoing, Port: 61728, Process: avp.exe 50.19.237.142 1/3/2018 8:24:28 AM Blocked web site Type: outgoing, Port: 64029, Process: avp.exe 50.19.237.142 1/3/2018 8:24:28 AM Blocked web site Type: outgoing, Port: 64030, Process: avp.exe 50.19.237.142 1/3/2018 8:24:28 AM Blocked web site Type: outgoing, Port: 64037, Process: avp.exe 50.19.237.142 1/3/2018 8:24:28 AM Blocked web site Type: outgoing, Port: 64038, Process: avp.exe 50.19.237.142 1/3/2018 8:42:31 AM Blocked web site Type: outgoing, Port: 64238, Process: avp.exe 50.19.237.142 1/3/2018 8:43:26 AM Blocked web site Type: outgoing, Port: 55798, Process: avp.exe 50.19.237.142 1/3/2018 8:43:26 AM Blocked web site Type: outgoing, Port: 55799, Process: avp.exe 50.19.237.142 1/3/2018 9:05:08 AM Blocked web site Type: outgoing, Port: 64506, Process: avp.exe 50.19.237.142 1/3/2018 9:05:08 AM Blocked web site Type: outgoing, Port: 64507, Process: avp.exe 50.19.237.142 IP: 50.19.237.142 DNS name: ec2-50-19-237-142.compute-1.amazonaws.com ASN: AS14618 Amazon.com, Inc. ISP: - Country: United States Region Americas / Northern America Latitude: 39° 2.886 N Longitude: -77° 28.368 W Index: 20149
  2. Greetings everyone, First off let me say I am proud to be a long term user of MBAM Pro and I highly endorse, to all my colleagues, the fantastic product that the team at Malwarebytes offers to protect my PC. Secondly, apologies if this is not the correct place to post this, as this is the first time I have had to post an issue. With that out of the way, time to get down to the issue at hand: I recently purchased an annual license for Private Internet Access (PIA), a VPN service to resolve my ISPs monkey business with YouTube, twitch, and the internet in general. So far everything is fine and I have noticed a MASSIVE boost in network consistency and bandwidth with a minor sacrifice in ping times. However, I also noticed MBAM Pro consistently attempts to IP-Block "Rubyw.exe" which is the runtime environment PIA uses for connectivity and management purposes. While it hasn't hindered VPN performance as far as I know (and tends to happen whenever I turn it off), it is quite annoying. Whitelisting the process does not resolve the issue either since they are all randomized and dynamically connect to random ports. Why overall question: is there a solution to this or am I stuck with the excessive IP-Blocks? Below I have enclosed my log, though it continually updates over time.
  3. Hello everyone! This is my first post in the Malwarebytes forum. I had trouble deciding where to post this thread though, so if it is in the wrong location please let me know. My issue was while attempting to connect to a Battlefield 4 server Malwarebytes blocked me from connecting to it. Any other server I attempted to connect to worked without any trouble. It was just that server. I understand this may be a false positive, but I wonder why other servers did not give me any trouble. Below are the lines indicating this potential threat. Any thoughts? 2014/03/22 23:21:29 -0400 Computer Username IP-BLOCK 74.91.117.168 (Type: outgoing, Port: 8)2014/03/22 23:21:29 -0400 Computer Username IP-BLOCK 74.91.117.168 (Type: outgoing, Port: 8)2014/03/22 23:21:29 -0400 Computer Username IP-BLOCK 74.91.117.168 (Type: outgoing, Port: 8)2014/03/22 23:21:29 -0400 Computer Username IP-BLOCK 74.91.117.168 (Type: outgoing, Port: 8)2014/03/22 23:21:29 -0400 Computer Username IP-BLOCK 74.91.117.168 (Type: outgoing, Port: 8)2014/03/22 23:21:29 -0400 Computer Username IP-BLOCK 74.91.117.168 (Type: outgoing, Port: 8) Thanks, Pezplayer
  4. Starting on 2/6 or so starting having a few random incoming ip-blocks from mostly chinese but few other IPs. I have Norton Internet Security & Malwarebytes running normally & run other scans periodically, including trendmicro & eset. all coming up clean except for standard tracking cookies. Today's MBAM log is: 2014/02/10 02:59:20 -0500 WINTERMUTE us IP-BLOCK 218.9.29.90 (Type: incoming, Port: 3306, Process: svchost.exe) 2014/02/10 07:06:41 -0500 WINTERMUTE us IP-BLOCK 5.199.162.80 (Type: incoming, Port: 1024, Process: svchost.exe) 2014/02/10 07:06:41 -0500 WINTERMUTE us IP-BLOCK 5.199.162.80 (Type: incoming, Port: 1025, Process: svchost.exe) 2014/02/10 07:06:41 -0500 WINTERMUTE us IP-BLOCK 5.199.162.80 (Type: incoming, Port: 1026, Process: svchost.exe) 2014/02/10 08:12:07 -0500 WINTERMUTE (null) MESSAGE Starting protection 2014/02/10 08:12:07 -0500 WINTERMUTE (null) MESSAGE Protection started successfully 2014/02/10 08:12:07 -0500 WINTERMUTE (null) MESSAGE Starting IP protection 2014/02/10 08:12:08 -0500 WINTERMUTE (null) MESSAGE IP Protection started successfully 2014/02/10 08:44:30 -0500 WINTERMUTE us MESSAGE Starting protection 2014/02/10 08:44:30 -0500 WINTERMUTE us MESSAGE Protection started successfully 2014/02/10 08:44:30 -0500 WINTERMUTE us MESSAGE Starting IP protection 2014/02/10 08:44:31 -0500 WINTERMUTE us MESSAGE IP Protection started successfully 2014/02/10 17:31:06 -0500 WINTERMUTE us IP-BLOCK 80.82.70.117 (Type: incoming, Port: 21320, Process: svchost.exe) 2014/02/10 22:22:13 -0500 WINTERMUTE us IP-BLOCK 107.20.135.159 (Type: outgoing, Port: 59930, Process: iexplore.exe) 2014/02/10 22:32:13 -0500 WINTERMUTE us IP-BLOCK 107.20.135.159 (Type: outgoing, Port: 59929, Process: iexplore.exe) 2014/02/10 22:53:55 -0500 WINTERMUTE us MESSAGE Executing scheduled update: Daily 2014/02/10 22:54:03 -0500 WINTERMUTE us MESSAGE Scheduled update executed successfully: database updated from version v2014.02.09.07 to version v2014.02.11.01 2014/02/10 22:54:03 -0500 WINTERMUTE us MESSAGE Starting database refresh 2014/02/10 22:54:04 -0500 WINTERMUTE us MESSAGE Stopping IP protection 2014/02/10 22:54:04 -0500 WINTERMUTE us MESSAGE IP Protection stopped successfully 2014/02/10 22:54:11 -0500 WINTERMUTE us MESSAGE Database refreshed successfully 2014/02/10 22:54:11 -0500 WINTERMUTE us MESSAGE Starting IP protection 2014/02/10 22:54:12 -0500 WINTERMUTE us MESSAGE IP Protection started successfully We have comcast internet in the south jersey area & while investigating say that Comcast had a few email servers hacked recently. Went to comcast dot net on iexplorer and was redirected to another site twice. stopped using iexplorer & went to firefox which didn't have the issue, so I changed the password just in case. Iexplorer doesn't redirect now (was trying to get redirected sire address.) Think this accounts for the putgoing processes. Also attaching Hijack this log file. Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 11:07:18 PM, on 2/10/2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.16428) FIREFOX: 27.0 (en-US) Boot mode: Normal Running processes: C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe C:\Users\us\AppData\Local\Temp\HouseCall32\housecall.bin C:\Program Files (x86)\Steam\steam.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe C:\Users\us\Desktop\antivirus\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinityconnect.mail.comcast.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll O4 - HKLM\..\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe" O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files (x86)\Roxio 2011\5.0\CPMonitor.exe" O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [instantBurn] C:\PROGRA~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" O4 - HKLM\..\Run: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe O4 - HKLM\..\Run: [updatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0" O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [Name of App] C:\Program Files (x86)\TSST Korea\FW LiveUpdate\FWManager.exe r O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon O4 - HKLM\..\Run: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE O4 - HKLM\..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe O4 - HKLM\..\Run: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" O4 - HKCU\..\Run: [Amazon Cloud Player] C:\Users\us\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe O4 - HKUS\S-1-5-21-3818502002-2094186697-2691451385-500\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Administrator') O4 - HKUS\S-1-5-21-3818502002-2094186697-2691451385-500\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Administrator') O4 - S-1-5-21-3818502002-2094186697-2691451385-500 User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Administrator') O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user') O4 - Global Startup: ImageMixer 3 SE Camera Monitor Ver.6.lnk = C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: McAfee Application Installer Cleanup (0127881331222408) (0127881331222408mcinstcleanup) - Unknown owner - C:\Users\us\AppData\Local\Temp\012788~1.EXE (file missing) O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Amazon Download Agent - Amazon.com - C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BOT4Service - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe O23 - Service: CyberLink Product - 2012/06/03 07:22:55 (CLKMSVC10_9EC60124) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe O23 - Service: Norton Disk Doctor Service (DiskDoctorService) - Symantec Corporation - C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe O23 - Service: This service enables products that use the Nalpeiron Licensing System. (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\nlssrv32.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe O23 - Service: RealPlayer Cloud Service - RealNetworks, Inc. - c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe O23 - Service: RealPlayer Update Service (RealPlayerUpdateSvc) - Unknown owner - C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe O23 - Service: RoxMediaDB13 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: SessionLauncher - Unknown owner - C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: Norton SpeedDisk Service (SpeedDiskService) - Symantec Corporation - C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 16754 bytes
  5. I'm receiving multiple outgoing IP Blocks to 50.63.202.2 running on process Lync.exe (Microsoft Lync). Port usage is constantly changing as it's using ports 1976, 2301, 1249, 2312, 2940, 54585, 55592.....etc. I tried using netmon to see if I could see a bit more of what's going on but it's getting blocked from Malwarebytes (which is good). I'm attempting to figure out if this is a false positive or if I have something running on several machines within my network. It's a Godaddy account, just not sure if it's legit or not. IP Address: 50.63.202.2 Host of this IP: ip-50-63-202-2.ip.secureserver.net Organization: GoDaddy.com, LLC ISP: GoDaddy.com, LLC City: Scottsdale Country: United States State: Arizona Postal Code: 85260 Timezone: America/Phoenix Local Time: 24.05.2013 06:07:40
  6. Hi, Malwarebytes Pro user here for a few months. I have to say, it's been worth the investment. Especially after this started happening around midnight. So... Many Times? Well, 25 times since midnight CST to be exact. I tried both Firefox and Chrome and got the block on both programs. Only other program I've had open today was Steam. 2013/04/16 16:09:36 -0500 IP-BLOCK 157.238.74.128 (Type: outgoing, Port: 65310, Process: chrome.exe) 2013/04/16 16:09:36 -0500 IP-BLOCK 157.238.74.128 (Type: outgoing, Port: 65311, Process: chrome.exe) 2013/04/16 16:32:09 -0500 IP-BLOCK 157.238.74.128 (Type: outgoing, Port: 49741, Process: firefox.exe) 2013/04/16 16:32:09 -0500 IP-BLOCK 157.238.74.128 (Type: outgoing, Port: 49753, Process: firefox.exe) I've seen it block a few over the last few months... But never so many times from the same IP. Trace says it's supposedly from Engelwood Colorado? Is my computer at risk here? What do I need to do? Here's the step's I've taken so far. 1. Ran CCleaner 2. Ran Updated MSE Full Scan 3. Ran MalwareBytes Flash Scan, then Quick, then Full. Everything came back clean. I am not an IT professional. I know my way around the computer in a consumer way only; however, I can follow instructions well. Help me out here, please. Thanks in advance
  7. Hello, I sent this request to MB's support contact and they said I need to post this in the forum, so here I am. Since I started using MB in real time (as opposed to occasional scans), I've been getting warning messages that a "malicious" IP has been blocked from an outgoing call from my browser (it happened for all different browsers I tried it with, so it's not browser-specific). Here is a sample line of a log for this with the actual IP (although it tries many different port numbers): 2012/05/09 18:54:50 -0400 MYCOMPUTER Owner IP-BLOCK 109.163.230.92 (Type: outgoing, Port: 55152, Process: firefox.exe) This was only happening when I accessed my own website, and after a lot of time and effort I finally found out where this was coming from. It was from a widget that I created at buttonshut.com, and the code was pulling in an image from their website. I did some research into these guys and they seem to be a conglomerate of "hut" sites on a variety of topics. The domain is held by GoDaddy, the company that owns it seems to be in the UK, and it seems their servers are located in Moscow. I haven't found anything online about problems with this IP address when I've searched about it, so I'm wondering why MB has it on their list of malicious websites? I found one site that listed several domains hosted at that IP address, and it included at least one X-rated site. Could this be why MB considers that IP to be "malicious?" I would like to know the basis for this IP's designation as malicious. It just seems a bit strange that if it's so malicious, I wasn't able to find any reports about this from other webmasters complaining about problems with them. Has anyone else heard of problems with this IP? I'm wondering if it might be a false positive, or possibly some over-caution on MB's part, or if there really is a concrete threat that has been traced back to this IP address? Thanks very much for your help.
  8. Hello - and thanks for a really good product. I have recently purchased mbam after trying the free 15 day trial for 3 days. I do have one question/concern. Is there a way to locally or temporally add an exception to the 'blocked website list' mbam uses for my local machine. The site in question is www.torrentreactor.net (89.248.162.149). I want to go there, but mbam won't allow it. Surely there is a setting for this somewhere, like the exception list for local files on my computer, but I just haven't found it yet. I Thanks Jimmie -
  9. Hi. One of our home laptops was unfortunately recently infected with malware; seemingly something called "AV Security Suite 2012", a program posing to be a antivirus program trying to trick the attacked party to make a purchase of the software to get rid of a collection of viruses and malware. Exerpt from the Malwarebytes Anti-Malware initial scan log (I have the norwegian version, so I have tried to translate the norwegian bits): - - - - - - - - - - - start - - - Registry values discovered: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AV Security Essentials (Rogue.AVSecurityEssentials) -> Data: "C:\ProgramData\5be20a\AV5be_8050.exe" /s /d -> No measures taken. Registry values discovered: 1 HKCR\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=8050&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> No measures taken. - - - - - - - - - - - - end - - - AV Security Suite was removed using "Malwarebytes Anti-Malware". My anti-virus solution is "Microsoft Security Essentials". I also downloaded the latest versions of "Spybot - Search & Destroy" and "Ad-Aware". I ran scans using all these applications (one at a time) and removed any issues that were discovered. I re-ran all the scans and no viruses / malware / problems were discovered, so the PC seemed clean. However, when using Firefox (primary browser) I now get the following pop-up from M.A.M (again, translated from norwegian, so I might not use the exact same words as in the english version): - - - - - - - - - - - - - - - - - - start - - - [Malwarebytes Anti-Malware] Successfully blocked access to a potentially damaging web site: 109.163.226.208 Type: outgoing Port: 51316, Process: firefox.exe - - - - - - - - - - - - - - - - - - end - - - This is todays M.A.M. protection log: - - - - - - - - - - - - - - - - - - start - - - 2012/02/07 00:07:24 +0100 SIW-BÆRBAR Siw IP-BLOCK 109.163.226.208 (Type: outgoing, Port: 51047, Process: firefox.exe) 2012/02/07 00:20:15 +0100 SIW-BÆRBAR Siw IP-BLOCK 109.163.226.208 (Type: outgoing, Port: 51391, Process: firefox.exe) 2012/02/07 00:20:15 +0100 SIW-BÆRBAR Siw IP-BLOCK 109.163.226.208 (Type: outgoing, Port: 51393, Process: firefox.exe) 2012/02/07 00:32:01 +0100 SIW-BÆRBAR Siw MESSAGE Starting protection 2012/02/07 00:32:03 +0100 SIW-BÆRBAR Siw MESSAGE Protection started successfully 2012/02/07 00:32:06 +0100 SIW-BÆRBAR Siw MESSAGE Starting IP protection 2012/02/07 00:32:07 +0100 SIW-BÆRBAR Siw MESSAGE IP Protection started successfully 2012/02/07 00:32:14 +0100 SIW-BÆRBAR Siw IP-BLOCK 109.163.226.208 (Type: outgoing, Port: 49427, Process: firefox.exe) 2012/02/07 00:32:14 +0100 SIW-BÆRBAR Siw IP-BLOCK 109.163.226.208 (Type: outgoing, Port: 49431, Process: firefox.exe) 2012/02/07 18:26:32 +0100 SIW-BÆRBAR Siw MESSAGE Starting protection 2012/02/07 18:26:34 +0100 SIW-BÆRBAR Siw MESSAGE Protection started successfully 2012/02/07 18:26:37 +0100 SIW-BÆRBAR Siw MESSAGE Starting IP protection 2012/02/07 18:26:38 +0100 SIW-BÆRBAR Siw MESSAGE IP Protection started successfully 2012/02/07 18:31:59 +0100 SIW-BÆRBAR Siw MESSAGE Executing scheduled update: Daily 2012/02/07 18:32:05 +0100 SIW-BÆRBAR Siw MESSAGE Scheduled update executed successfully: database updated from version v2012.02.06.05 to version v2012.02.07.04 2012/02/07 18:32:05 +0100 SIW-BÆRBAR Siw MESSAGE Starting database refresh 2012/02/07 18:32:05 +0100 SIW-BÆRBAR Siw MESSAGE Stopping IP protection 2012/02/07 18:32:56 +0100 SIW-BÆRBAR Siw MESSAGE IP Protection stopped 2012/02/07 18:32:57 +0100 SIW-BÆRBAR Siw MESSAGE Database refreshed successfully 2012/02/07 18:32:57 +0100 SIW-BÆRBAR Siw MESSAGE Starting IP protection 2012/02/07 18:32:58 +0100 SIW-BÆRBAR Siw MESSAGE IP Protection started successfully 2012/02/07 20:38:43 +0100 SIW-BÆRBAR Siw IP-BLOCK 109.163.226.208 (Type: outgoing, Port: 49758, Process: firefox.exe) 2012/02/07 20:38:43 +0100 SIW-BÆRBAR Siw IP-BLOCK 109.163.226.208 (Type: outgoing, Port: 49762, Process: firefox.exe) 2012/02/07 20:47:57 +0100 SIW-BÆRBAR Siw IP-BLOCK 93.190.140.59 (Type: outgoing, Port: 50169, Process: firefox.exe) 2012/02/07 20:48:05 +0100 SIW-BÆRBAR Siw IP-BLOCK 109.163.226.208 (Type: outgoing, Port: 50179, Process: firefox.exe) 2012/02/07 21:05:09 +0100 SIW-BÆRBAR Siw MESSAGE Starting protection 2012/02/07 21:05:11 +0100 SIW-BÆRBAR Siw MESSAGE Protection started successfully 2012/02/07 21:05:14 +0100 SIW-BÆRBAR Siw MESSAGE Starting IP protection 2012/02/07 21:05:15 +0100 SIW-BÆRBAR Siw MESSAGE IP Protection started successfully 2012/02/07 21:06:51 +0100 SIW-BÆRBAR Siw IP-BLOCK 109.163.226.208 (Type: outgoing, Port: 49259, Process: firefox.exe) 2012/02/07 21:11:56 +0100 SIW-BÆRBAR Siw IP-BLOCK 109.163.226.208 (Type: outgoing, Port: 49877, Process: firefox.exe) 2012/02/07 22:11:15 +0100 SIW-BÆRBAR Siw IP-BLOCK 109.163.226.208 (Type: outgoing, Port: 50548, Process: firefox.exe) 2012/02/07 22:23:06 +0100 SIW-BÆRBAR Siw MESSAGE Starting protection 2012/02/07 22:23:09 +0100 SIW-BÆRBAR Siw MESSAGE Protection started successfully 2012/02/07 22:23:12 +0100 SIW-BÆRBAR Siw MESSAGE Starting IP protection 2012/02/07 22:23:13 +0100 SIW-BÆRBAR Siw MESSAGE IP Protection started successfully 2012/02/07 22:26:01 +0100 SIW-BÆRBAR Siw IP-BLOCK 109.163.226.208 (Type: outgoing, Port: 49251, Process: firefox.exe) 2012/02/07 22:26:01 +0100 SIW-BÆRBAR Siw IP-BLOCK 109.163.226.208 (Type: outgoing, Port: 49254, Process: firefox.exe) 2012/02/07 22:26:01 +0100 SIW-BÆRBAR Siw IP-BLOCK 109.163.226.208 (Type: outgoing, Port: 49264, Process: firefox.exe) 2012/02/07 22:53:32 +0100 SIW-BÆRBAR Siw IP-BLOCK 109.163.226.208 (Type: outgoing, Port: 49953, Process: firefox.exe) 2012/02/07 22:55:01 +0100 SIW-BÆRBAR Siw IP-BLOCK 74.118.192.152 (Type: outgoing, Port: 50197, Process: firefox.exe) 2012/02/07 22:55:17 +0100 SIW-BÆRBAR Siw IP-BLOCK 109.163.226.208 (Type: outgoing, Port: 50220, Process: firefox.exe) 2012/02/07 23:15:02 +0100 SIW-BÆRBAR Siw IP-BLOCK 109.163.226.208 (Type: outgoing, Port: 51316, Process: firefox.exe) 2012/02/07 23:35:11 +0100 SIW-BÆRBAR Siw IP-BLOCK 109.163.226.208 (Type: outgoing, Port: 51664, Process: firefox.exe) - - - - - - - - - - - - - - - - - - end - - - I have tried googling the 109.163.226.208 address which mainly appears in the MAM protection log, but I'm not getting any wiser from it.. Do you have any advise for me in this matter? As far as I can tell, this popup only appears (from time to time) in Firefox, not when using Internet Explorer. Have included "DDS.txt" and "Attach.txt" as per the instructions in the forum sticky: DDS.txt Attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.