Jump to content

Recommended Posts

I did a reformat and reinstalled Windows and then installed MBAM and since then i get constant MBAM notifications than an IP address has been blocked. I scanned the system using MBAM and Avast and found no infections or whatsoever.

Am I safe or are these IPs false positives?

Here is the MBAM LOG:

00:50:03 Administrator MESSAGE Protection started successfully

00:50:11 Administrator MESSAGE IP Protection started successfully

01:43:43 Administrator MESSAGE Protection started successfully

01:43:50 Administrator MESSAGE IP Protection started successfully

01:52:44 Administrator IP-BLOCK 222.189.239.245 (Type: incoming)

02:34:06 Administrator IP-BLOCK 174.36.192.249 (Type: outgoing)

02:34:09 Administrator IP-BLOCK 174.36.192.249 (Type: outgoing)

02:34:15 Administrator IP-BLOCK 174.36.192.249 (Type: outgoing)

02:34:27 Administrator IP-BLOCK 174.36.192.249 (Type: outgoing)

02:34:30 Administrator IP-BLOCK 174.36.192.249 (Type: outgoing)

02:34:36 Administrator IP-BLOCK 174.36.192.249 (Type: outgoing)

02:34:48 Administrator IP-BLOCK 174.36.192.249 (Type: outgoing)

02:34:51 Administrator IP-BLOCK 174.36.192.249 (Type: outgoing)

02:34:57 Administrator IP-BLOCK 174.36.192.249 (Type: outgoing)

02:35:09 Administrator IP-BLOCK 174.36.192.249 (Type: outgoing)

02:35:12 Administrator IP-BLOCK 174.36.192.249 (Type: outgoing)

02:35:18 Administrator IP-BLOCK 174.36.192.249 (Type: outgoing)

02:35:34 Administrator IP-BLOCK 174.36.192.249 (Type: outgoing)

02:35:37 Administrator IP-BLOCK 174.36.192.249 (Type: outgoing)

02:35:43 Administrator IP-BLOCK 174.36.192.249 (Type: outgoing)

02:35:55 Administrator IP-BLOCK 174.36.192.249 (Type: outgoing)

02:35:58 Administrator IP-BLOCK 174.36.192.249 (Type: outgoing)

02:36:04 Administrator IP-BLOCK 174.36.192.249 (Type: outgoing)

02:36:16 Administrator IP-BLOCK 174.36.192.249 (Type: outgoing)

02:36:19 Administrator IP-BLOCK 174.36.192.249 (Type: outgoing)

02:36:25 Administrator IP-BLOCK 174.36.192.249 (Type: outgoing)

02:36:37 Administrator IP-BLOCK 174.36.192.249 (Type: outgoing)

02:36:40 Administrator IP-BLOCK 174.36.192.249 (Type: outgoing)

02:36:46 Administrator IP-BLOCK 174.36.192.249 (Type: outgoing)

02:58:56 Administrator IP-BLOCK 121.10.107.22 (Type: incoming)

03:01:33 Administrator IP-BLOCK 121.10.107.22 (Type: incoming)

06:30:12 Administrator IP-BLOCK 222.189.239.245 (Type: incoming)

07:44:04 Administrator IP-BLOCK 222.186.30.16 (Type: incoming)

11:13:25 Administrator IP-BLOCK 222.189.239.245 (Type: incoming)

DDS LOG:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.5512

Run by Administrator at 21:31:51 on 2011-11-23

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1919.1261 [GMT 8:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

E:\Programs\Protection\Avast\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

E:\Programs\Protection\Malwarebytes' Anti-Malware\mbamgui.exe

E:\Programs\Protection\Avast\avastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre7\bin\jqs.exe

E:\Programs\Protection\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wscntfy.exe

E:\Programs\MESSEN~1\Messenger\ymsgr_tray.exe

E:\Programs\Protection\Malwarebytes' Anti-Malware\mbam.exe

E:\Programs\Browser\Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - e:\programs\video\divx plus\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll

uRun: [DAEMON Tools Lite] "e:\programs\utilities\daemon tools lite\DTLite.exe" -autorun

uRun: [Messenger (Yahoo!)] "e:\programs\messen~1\messenger\YahooMessenger.exe" -quiet

mRun: [Malwarebytes' Anti-Malware] "e:\programs\protection\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [avast] "e:\programs\protection\avast\avastUI.exe" /nogui

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [nwiz] nwiz.exe /install

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

TCP: DhcpNameServer = 124.106.5.2 124.106.4.2

TCP: Interfaces\{5170752B-1618-4EF9-B9D6-8810E6DA6A05} : DhcpNameServer = 124.106.5.2 124.106.4.2

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-11-20 442200]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-11-20 320856]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-11-20 218688]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-11-20 20568]

R2 avast! Antivirus;avast! Antivirus;e:\programs\protection\avast\AvastSvc.exe [2011-11-20 44768]

R2 MBAMService;MBAMService;e:\programs\protection\malwarebytes' anti-malware\mbamservice.exe [2011-11-20 366152]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-11-20 2253120]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-20 22216]

.

=============== Created Last 30 ================

.

2011-11-23 13:23:25 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-22 01:28:44 221184 ----a-w- c:\windows\system32\wmpns.dll

2011-11-21 21:18:45 -------- d-----w- c:\program files\DivX

2011-11-21 21:18:20 -------- d-----w- c:\program files\common files\DivX Shared

2011-11-21 21:12:35 -------- d-----w- c:\documents and settings\all users\application data\DivX

2011-11-21 21:08:33 61208 ----a-w- c:\windows\system32\MPEG4E-uninstall.exe

2011-11-21 21:04:19 -------- d-----w- c:\documents and settings\administrator\local settings\application data\HandBrake

2011-11-21 21:04:19 -------- d-----w- c:\documents and settings\administrator\application data\HandBrake

2011-11-21 20:44:36 -------- d-----w- c:\windows\system32\drivers\mycodec

2011-11-21 20:40:33 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Video Converter

2011-11-21 20:39:26 -------- d-----w- c:\documents and settings\all users\application data\VideoConverter

2011-11-21 18:30:43 -------- d-----w- c:\documents and settings\all users\application data\Astroburn Lite

2011-11-21 18:30:43 -------- d-----w- c:\documents and settings\administrator\application data\Astroburn Lite

2011-11-21 18:22:34 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-11-21 18:22:34 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-11-21 18:22:34 1060864 ----a-w- c:\windows\system32\mfc71.dll

2011-11-21 18:22:34 1047552 ----a-w- c:\windows\system32\mfc71u.dll

2011-11-21 17:28:48 -------- d-----w- c:\program files\SystemRequirementsLab

2011-11-20 12:23:25 -------- d-----w- c:\program files\Yahoo!

2011-11-20 12:14:51 -------- d-----w- c:\documents and settings\administrator\application data\NVIDIA

2011-11-20 08:34:34 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-11-20 08:33:22 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Lite

2011-11-20 08:33:22 -------- d-----w- c:\documents and settings\administrator\application data\DAEMON Tools Lite

2011-11-20 05:11:20 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Sun

2011-11-20 04:12:59 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll

2011-11-20 04:00:11 -------- d--h--w- c:\windows\msdownld.tmp

2011-11-20 04:00:04 -------- d-----w- c:\windows\Logs

2011-11-20 03:55:29 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

==================== Find3M ====================

.

2011-11-22 12:24:17 286052 ----a-w- c:\windows\system32\nvdrsdb0.bin

2011-11-22 12:24:17 1 ----a-w- c:\windows\system32\nvdrssel.bin

2011-11-22 12:24:16 286052 ----a-w- c:\windows\system32\nvdrsdb1.bin

2011-11-20 04:12:40 544656 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-20 04:12:40 128000 ----a-w- c:\windows\system32\javacpl.cpl

2011-11-19 16:24:25 315392 ----a-w- c:\windows\HideWin.exe

2011-10-20 23:26:22 94208 ----a-w- c:\windows\system32\dpl100.dll

2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr

2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-08-31 09:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 21:34:12.93 ===============

Attach.txt

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.