Jump to content

Blocking Outgoing IP Address


Recommended Posts

  • Replies 77
  • Created
  • Last Reply

Top Posters In This Topic

BTW, the search on your forum turns up zero results found when I search for an IP address such as 50.97.214.162, even though many posts reference it.

the search removes the dot and makes in one long number.

use google

type: "50.97.214.162" site:http://forums.malwarebytes.org

Link to post
Share on other sites

I have been getting the same blocks since last night whenever I visit Yahoo sites, and also one for 50.97.218.220 starting today.

A suggestion for MBAM: It's very confusing when you see an "outgoing" block. What is "outgoing" supposed to mean? It would be very helpful if MBAM changed the wording of these alerts to make them more clear to non-geeks.

Link to post
Share on other sites

I have Malwarebytes on 4 computers, have not fired up the Windows XP; however, I too have been having this issue since yesterday. I have deleted favorites, disabled add-ons and still pops up. I did go into the internet options and in Privacy tab, then advanced and blocked cookies. Did not have any more pop ups coming from Malwarebytes blocker, re-set back it starts again. I did the same in internet zone slide bar setting from Medium High to High; but, the problem now is you cannot log into sites.

Link to post
Share on other sites

So glad I'm not the only one having this problem!

I have Malwarebytes installed on several computers and they've all been popping up these IP Blocks since yesterday. Malwarebytes logs show multiple blocks, all through different ports.

Computers with Malwarebytes + Avira Anti-Virus shows:

IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 49248, Process: chrome.exe)

IP-BLOCK 50.97.218.220 (Type: outgoing, Port: 49440, Process: chrome.exe)

IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 49727, Process: chrome.exe)

~Basically shows from whatever browser being used (Chrome, Firefox, or Opera)

Computers with Malwarebytes + Avast Anti-Virus shows:

IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 52203, Process: avastsvc.exe)

IP-BLOCK 50.97.218.220 (Type: outgoing, Port: 53363, Process: avastsvc.exe)

IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 53836, Process: avastsvc.exe)

IP-BLOCK 50.97.218.220 (Type: outgoing, Port: 51471, Process: avastsvc.exe)

~Any browser shows Avast since it scans all traffic

Even my work netbook is getting them to. Drove me crazy thinking my home network had something... Yesterday I fully scanned my main computer in Safemode with Malwarebytes + Avast and came up clean. Also spent all night using Avast to Boot Scan, also nothing. Tried DNS Flushes in CMD, CCleaner, and even tried Malwarebytes Anti-Rootkit program, nothing as well.

IP Block Popup can be reproduced practically 90% of the time at http://gamefaqs.com; which never happened before yesterday - I'm pretty sure it's some of the flash ads hosted on SoftLayer since even Yahoo Mail gets the IP Block popups when certain ads show.

O.K. I was wrong. I posted, yesterday, what I thought was a solution to this problem. Late last night I fired up the computer and lo-and-behold up popped the warning about blocking 50.97.etc etc. F@#$ ! This morning the warning popped up with the 50.23.etc.etc. warning. Sorry. Yesterday when I posted I think there were only 3 entries on this thread, I see that many people are having the problem and have found the same thing I have (Pretty much why I quoted you, HukkaBukka, good post).

I haven't read all the entries, but the 50.97 IP address is for a company called SoftLayer in Dallas, and the 50.23 IP is listed for BlueKai in San Jose, CA.

I have sent a request to Malwarebytes Customer Service to see if they can help. If I get an answer or discover one on my own I will repost.

Link to post
Share on other sites

Please check for updates within MBAM and then run a Quick Scan and post back the log

MBAM updated. Flash scan AND Quick Scan run. No malware found. BUT, as I have said and many others, these IP addresses are not showing up in any scan by anything.

Back to you. Thanks.

Link to post
Share on other sites

So I'm not sure if this would be a permanent fix but I just installed AdBlock onto my browser and I haven't had an issue yet. I noticed the problem was showing up when ever ads were loading on websites. Anyone else have input on this?

quickcougar03 -- I have AdBlock installed long time ago and still got the problem. However, I haven't had this problem since yesterday morning. I would say it's probably ad-related as many other posters indicate. Maybe I didn't go to those websites that have the ads coming from that specific IP address. I also have Flashblock (Firefox add-on) installed as well which blocked all flash ads. It might help I guess.

Link to post
Share on other sites

Scan log after the lasted update:

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.04.17.10

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16540

admin :: DELL14Z [administrator]

Protection: Enabled

4/17/2013 2:35:23 PM

MBAM-log-2013-04-17 (14-41-06).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 241854

Time elapsed: 5 minute(s), 2 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\admin\AppData\Local\Temp\is-JONQM.tmp\rkinstaller.exe (PUP.Adware.RelevantKnowledge) -> No action taken.

(end)

After deletion still has the same blocked outgoing message.

Link to post
Share on other sites

I too am getting notice of IP blocks. Started today, Wednesday April 17th, around 1:38 PM.

Started after an MBAM update. It's showing the same IP address' as others posted and shows as Avast.

Here's my protection log:

------------------------------------------------------------------

2013/04/17 07:46:31 -0700 PEG-PC Peg MESSAGE Starting protection

2013/04/17 07:46:31 -0700 PEG-PC Peg MESSAGE Protection started successfully

2013/04/17 07:46:31 -0700 PEG-PC Peg MESSAGE Starting IP protection

2013/04/17 07:46:31 -0700 PEG-PC Peg MESSAGE IP Protection started successfully

2013/04/17 08:43:00 -0700 PEG-PC Peg MESSAGE Executing scheduled update: Realtime

2013/04/17 08:43:05 -0700 PEG-PC Peg MESSAGE Scheduled update executed successfully: database updated from version v2013.04.17.02 to version v2013.04.17.07

2013/04/17 08:43:05 -0700 PEG-PC Peg MESSAGE Starting database refresh

2013/04/17 08:43:05 -0700 PEG-PC Peg MESSAGE Stopping IP protection

2013/04/17 08:43:05 -0700 PEG-PC Peg MESSAGE IP Protection stopped successfully

2013/04/17 08:43:07 -0700 PEG-PC Peg MESSAGE Database refreshed successfully

2013/04/17 08:43:07 -0700 PEG-PC Peg MESSAGE Starting IP protection

2013/04/17 08:43:08 -0700 PEG-PC Peg MESSAGE IP Protection started successfully

2013/04/17 09:42:00 -0700 PEG-PC Peg MESSAGE Executing scheduled update: Realtime

2013/04/17 09:42:00 -0700 PEG-PC Peg MESSAGE Database already up-to-date

2013/04/17 10:41:00 -0700 PEG-PC Peg MESSAGE Executing scheduled update: Realtime

2013/04/17 10:41:00 -0700 PEG-PC Peg MESSAGE Database already up-to-date

2013/04/17 11:40:00 -0700 PEG-PC Peg MESSAGE Executing scheduled update: Realtime

2013/04/17 11:40:04 -0700 PEG-PC Peg MESSAGE Scheduled update executed successfully: database updated from version v2013.04.17.07 to version v2013.04.17.09

2013/04/17 11:40:04 -0700 PEG-PC Peg MESSAGE Starting database refresh

2013/04/17 11:40:04 -0700 PEG-PC Peg MESSAGE Stopping IP protection

2013/04/17 11:40:04 -0700 PEG-PC Peg MESSAGE IP Protection stopped successfully

2013/04/17 11:40:05 -0700 PEG-PC Peg MESSAGE Database refreshed successfully

2013/04/17 11:40:05 -0700 PEG-PC Peg MESSAGE Starting IP protection

2013/04/17 11:40:06 -0700 PEG-PC Peg MESSAGE IP Protection started successfully

2013/04/17 12:39:00 -0700 PEG-PC Peg MESSAGE Executing scheduled update: Realtime

2013/04/17 12:39:00 -0700 PEG-PC Peg MESSAGE Database already up-to-date

2013/04/17 13:38:00 -0700 PEG-PC Peg MESSAGE Executing scheduled update: Realtime

2013/04/17 13:38:03 -0700 PEG-PC Peg MESSAGE Scheduled update executed successfully: database updated from version v2013.04.17.09 to version v2013.04.17.10

2013/04/17 13:38:03 -0700 PEG-PC Peg MESSAGE Starting database refresh

2013/04/17 13:38:03 -0700 PEG-PC Peg MESSAGE Stopping IP protection

2013/04/17 13:38:03 -0700 PEG-PC Peg MESSAGE IP Protection stopped successfully

2013/04/17 13:38:05 -0700 PEG-PC Peg MESSAGE Database refreshed successfully

2013/04/17 13:38:05 -0700 PEG-PC Peg MESSAGE Starting IP protection

2013/04/17 13:38:05 -0700 PEG-PC Peg MESSAGE IP Protection started successfully

2013/04/17 14:35:50 -0700 PEG-PC Peg IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 52150, Process: avastsvc.exe)

2013/04/17 14:35:50 -0700 PEG-PC Peg IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 52152, Process: avastsvc.exe)

2013/04/17 14:36:54 -0700 PEG-PC Peg IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 52196, Process: avastsvc.exe)

2013/04/17 14:36:54 -0700 PEG-PC Peg IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 52197, Process: avastsvc.exe)

2013/04/17 14:37:00 -0700 PEG-PC Peg MESSAGE Executing scheduled update: Realtime

2013/04/17 14:37:00 -0700 PEG-PC Peg MESSAGE Database already up-to-date

2013/04/17 14:39:34 -0700 PEG-PC Peg IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 52243, Process: avastsvc.exe)

2013/04/17 14:39:34 -0700 PEG-PC Peg IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 52244, Process: avastsvc.exe)

Link to post
Share on other sites

  • Root Admin

Scan log after the lasted update:

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.04.17.10

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16540

admin :: DELL14Z [administrator]

Protection: Enabled

4/17/2013 2:35:23 PM

MBAM-log-2013-04-17 (14-41-06).txt

Please post back the protection log from today.

Link to post
Share on other sites

Beginning with the v2013.04.15.09, database update two days ago, I began to get numerous pop-ups about an IP address blocked (see typical message below). The IP address is a company (The Endurance International Group) at the same address as my web host (powweb.com) and I assume is a branch of the same company. The process is always thunderbird.exe but the port always changes. Curiously, the port number was incrementing from the 62000's to the 65000's until the database was updated to v2013.04.16.09 at which point the port numbers started incrementing from 1416 going up by seemingly random numbers. THAT is how I would write a probing tool but neither MWB nor MSE sees anything.

A small portion of my log is below.

2013/04/17 14:39:42 -0400 MIKE-8120 Michael IP-BLOCK 65.254.250.103 (Type: outgoing, Port: 7028, Process: thunderbird.exe)

2013/04/17 14:49:43 -0400 MIKE-8120 Michael IP-BLOCK 65.254.250.103 (Type: outgoing, Port: 7274, Process: thunderbird.exe)

2013/04/17 15:00:51 -0400 MIKE-8120 Michael IP-BLOCK 65.254.250.103 (Type: outgoing, Port: 7347, Process: thunderbird.exe)

2013/04/17 15:10:52 -0400 MIKE-8120 Michael IP-BLOCK 65.254.250.103 (Type: outgoing, Port: 7361, Process: thunderbird.exe)

2013/04/17 15:20:52 -0400 MIKE-8120 Michael IP-BLOCK 65.254.250.103 (Type: outgoing, Port: 7380, Process: thunderbird.exe)

2013/04/17 15:30:53 -0400 MIKE-8120 Michael IP-BLOCK 65.254.250.103 (Type: outgoing, Port: 7401, Process: thunderbird.exe)

2013/04/17 17:32:24 -0400 MIKE-8120 Michael IP-BLOCK 65.254.250.103 (Type: outgoing, Port: 7461, Process: thunderbird.exe)

2013/04/17 17:42:25 -0400 MIKE-8120 Michael IP-BLOCK 65.254.250.103 (Type: outgoing, Port: 7489, Process: thunderbird.exe)

2013/04/17 17:52:25 -0400 MIKE-8120 Michael IP-BLOCK 65.254.250.103 (Type: outgoing, Port: 7734, Process: thunderbird.exe)

2013/04/17 18:02:26 -0400 MIKE-8120 Michael IP-BLOCK 65.254.250.103 (Type: outgoing, Port: 8015, Process: thunderbird.exe)

2013/04/17 18:12:27 -0400 MIKE-8120 Michael IP-BLOCK 65.254.250.103 (Type: outgoing, Port: 8163, Process: thunderbird.exe)

2013/04/17 18:22:27 -0400 MIKE-8120 Michael IP-BLOCK 65.254.250.103 (Type: outgoing, Port: 8196, Process: thunderbird.exe)

2013/04/17 18:32:28 -0400 MIKE-8120 Michael IP-BLOCK 65.254.250.103 (Type: outgoing, Port: 8324, Process: thunderbird.exe)

2013/04/17 18:42:29 -0400 MIKE-8120 Michael IP-BLOCK 65.254.250.103 (Type: outgoing, Port: 8549, Process: thunderbird.exe)

2013/04/17 18:52:21 -0400 MIKE-8120 Michael IP-BLOCK 65.254.250.103 (Type: outgoing, Port: 9059, Process: thunderbird.exe)

2013/04/17 19:02:22 -0400 MIKE-8120 Michael IP-BLOCK 65.254.250.103 (Type: outgoing, Port: 9255, Process: thunderbird.exe)

Link to post
Share on other sites

As requested, here's the Quick Scan log after updating MBAM and the Protection Log from today is below that.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Malwarebytes Anti-Malware (PRO) 1.65.0.1400

www.malwarebytes.org

Database version: v2013.04.17.13

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Peg :: PEG-PC [administrator]

Protection: Enabled

4/17/2013 4:32:08 PM

mbam-log-2013-04-17 (16-32-08).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 212126

Time elapsed: 1 minute(s),

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

2013/04/17 07:46:31 -0700 PEG-PC Peg MESSAGE Starting protection

2013/04/17 07:46:31 -0700 PEG-PC Peg MESSAGE Protection started successfully

2013/04/17 07:46:31 -0700 PEG-PC Peg MESSAGE Starting IP protection

2013/04/17 07:46:31 -0700 PEG-PC Peg MESSAGE IP Protection started successfully

2013/04/17 08:43:00 -0700 PEG-PC Peg MESSAGE Executing scheduled update: Realtime

2013/04/17 08:43:05 -0700 PEG-PC Peg MESSAGE Scheduled update executed successfully: database updated from version v2013.04.17.02 to version v2013.04.17.07

2013/04/17 08:43:05 -0700 PEG-PC Peg MESSAGE Starting database refresh

2013/04/17 08:43:05 -0700 PEG-PC Peg MESSAGE Stopping IP protection

2013/04/17 08:43:05 -0700 PEG-PC Peg MESSAGE IP Protection stopped successfully

2013/04/17 08:43:07 -0700 PEG-PC Peg MESSAGE Database refreshed successfully

2013/04/17 08:43:07 -0700 PEG-PC Peg MESSAGE Starting IP protection

2013/04/17 08:43:08 -0700 PEG-PC Peg MESSAGE IP Protection started successfully

2013/04/17 09:42:00 -0700 PEG-PC Peg MESSAGE Executing scheduled update: Realtime

2013/04/17 09:42:00 -0700 PEG-PC Peg MESSAGE Database already up-to-date

2013/04/17 10:41:00 -0700 PEG-PC Peg MESSAGE Executing scheduled update: Realtime

2013/04/17 10:41:00 -0700 PEG-PC Peg MESSAGE Database already up-to-date

2013/04/17 11:40:00 -0700 PEG-PC Peg MESSAGE Executing scheduled update: Realtime

2013/04/17 11:40:04 -0700 PEG-PC Peg MESSAGE Scheduled update executed successfully: database updated from version v2013.04.17.07 to version v2013.04.17.09

2013/04/17 11:40:04 -0700 PEG-PC Peg MESSAGE Starting database refresh

2013/04/17 11:40:04 -0700 PEG-PC Peg MESSAGE Stopping IP protection

2013/04/17 11:40:04 -0700 PEG-PC Peg MESSAGE IP Protection stopped successfully

2013/04/17 11:40:05 -0700 PEG-PC Peg MESSAGE Database refreshed successfully

2013/04/17 11:40:05 -0700 PEG-PC Peg MESSAGE Starting IP protection

2013/04/17 11:40:06 -0700 PEG-PC Peg MESSAGE IP Protection started successfully

2013/04/17 12:39:00 -0700 PEG-PC Peg MESSAGE Executing scheduled update: Realtime

2013/04/17 12:39:00 -0700 PEG-PC Peg MESSAGE Database already up-to-date

2013/04/17 13:38:00 -0700 PEG-PC Peg MESSAGE Executing scheduled update: Realtime

2013/04/17 13:38:03 -0700 PEG-PC Peg MESSAGE Scheduled update executed successfully: database updated from version v2013.04.17.09 to version v2013.04.17.10

2013/04/17 13:38:03 -0700 PEG-PC Peg MESSAGE Starting database refresh

2013/04/17 13:38:03 -0700 PEG-PC Peg MESSAGE Stopping IP protection

2013/04/17 13:38:03 -0700 PEG-PC Peg MESSAGE IP Protection stopped successfully

2013/04/17 13:38:05 -0700 PEG-PC Peg MESSAGE Database refreshed successfully

2013/04/17 13:38:05 -0700 PEG-PC Peg MESSAGE Starting IP protection

2013/04/17 13:38:05 -0700 PEG-PC Peg MESSAGE IP Protection started successfully

2013/04/17 14:35:50 -0700 PEG-PC Peg IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 52150, Process: avastsvc.exe)

2013/04/17 14:35:50 -0700 PEG-PC Peg IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 52152, Process: avastsvc.exe)

2013/04/17 14:36:54 -0700 PEG-PC Peg IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 52196, Process: avastsvc.exe)

2013/04/17 14:36:54 -0700 PEG-PC Peg IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 52197, Process: avastsvc.exe)

2013/04/17 14:37:00 -0700 PEG-PC Peg MESSAGE Executing scheduled update: Realtime

2013/04/17 14:37:00 -0700 PEG-PC Peg MESSAGE Database already up-to-date

2013/04/17 14:39:34 -0700 PEG-PC Peg IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 52243, Process: avastsvc.exe)

2013/04/17 14:39:34 -0700 PEG-PC Peg IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 52244, Process: avastsvc.exe)

2013/04/17 15:36:00 -0700 PEG-PC Peg MESSAGE Executing scheduled update: Realtime

2013/04/17 15:36:04 -0700 PEG-PC Peg MESSAGE Scheduled update executed successfully: database updated from version v2013.04.17.10 to version v2013.04.17.12

2013/04/17 15:36:04 -0700 PEG-PC Peg MESSAGE Starting database refresh

2013/04/17 15:36:04 -0700 PEG-PC Peg MESSAGE Stopping IP protection

2013/04/17 15:36:04 -0700 PEG-PC Peg MESSAGE IP Protection stopped successfully

2013/04/17 15:36:05 -0700 PEG-PC Peg MESSAGE Database refreshed successfully

2013/04/17 15:36:05 -0700 PEG-PC Peg MESSAGE Starting IP protection

2013/04/17 15:36:06 -0700 PEG-PC Peg MESSAGE IP Protection started successfully

2013/04/17 16:28:15 -0700 PEG-PC Peg IP-BLOCK 50.97.218.220 (Type: outgoing, Port: 53545, Process: avastsvc.exe)

2013/04/17 16:28:15 -0700 PEG-PC Peg IP-BLOCK 50.97.218.220 (Type: outgoing, Port: 53546, Process: avastsvc.exe)

2013/04/17 16:28:15 -0700 PEG-PC Peg IP-BLOCK 50.97.218.220 (Type: outgoing, Port: 53626, Process: avastsvc.exe)

2013/04/17 16:28:15 -0700 PEG-PC Peg IP-BLOCK 50.97.218.220 (Type: outgoing, Port: 53627, Process: avastsvc.exe)

2013/04/17 16:28:15 -0700 PEG-PC Peg IP-BLOCK 50.97.218.220 (Type: outgoing, Port: 53630, Process: avastsvc.exe)

2013/04/17 16:28:15 -0700 PEG-PC Peg IP-BLOCK 50.97.218.220 (Type: outgoing, Port: 53631, Process: avastsvc.exe)

2013/04/17 16:28:15 -0700 PEG-PC Peg IP-BLOCK 50.97.218.220 (Type: outgoing, Port: 53651, Process: avastsvc.exe)

2013/04/17 16:28:15 -0700 PEG-PC Peg IP-BLOCK 50.97.218.220 (Type: outgoing, Port: 53652, Process: avastsvc.exe)

2013/04/17 16:28:16 -0700 PEG-PC Peg IP-BLOCK 50.97.218.220 (Type: outgoing, Port: 53655, Process: avastsvc.exe)

2013/04/17 16:28:16 -0700 PEG-PC Peg IP-BLOCK 50.97.218.220 (Type: outgoing, Port: 53656, Process: avastsvc.exe)

2013/04/17 16:28:16 -0700 PEG-PC Peg IP-BLOCK 50.97.218.220 (Type: outgoing, Port: 53688, Process: avastsvc.exe)

2013/04/17 16:28:16 -0700 PEG-PC Peg IP-BLOCK 50.97.218.220 (Type: outgoing, Port: 53689, Process: avastsvc.exe)

2013/04/17 16:28:16 -0700 PEG-PC Peg IP-BLOCK 50.97.218.220 (Type: outgoing, Port: 53692, Process: avastsvc.exe)

2013/04/17 16:28:16 -0700 PEG-PC Peg IP-BLOCK 50.97.218.220 (Type: outgoing, Port: 53693, Process: avastsvc.exe)

2013/04/17 16:31:26 -0700 PEG-PC Peg MESSAGE Starting database refresh

2013/04/17 16:31:26 -0700 PEG-PC Peg MESSAGE Stopping IP protection

2013/04/17 16:31:26 -0700 PEG-PC Peg MESSAGE IP Protection stopped successfully

2013/04/17 16:31:28 -0700 PEG-PC Peg MESSAGE Database refreshed successfully

2013/04/17 16:31:28 -0700 PEG-PC Peg MESSAGE Starting IP protection

2013/04/17 16:31:28 -0700 PEG-PC Peg MESSAGE IP Protection started successfully

Link to post
Share on other sites

Please post the log as requested

Sorry, didn't see request to post log. I have never done this so here goes:

Database version: v2013.04.17.10

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

JPs :: FALCONSLI7 [administrator]

Protection: Enabled

4/17/2013 1:45:38 PM

mbam-log-2013-04-17 (13-45-38).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 240600

Time elapsed: 1 minute(s), 54 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

2013/04/17 07:11:16 -0700 FALCONSLI7 (null) MESSAGE Starting protection

2013/04/17 07:11:16 -0700 FALCONSLI7 (null) MESSAGE Protection started successfully

2013/04/17 07:11:16 -0700 FALCONSLI7 (null) MESSAGE Starting IP protection

2013/04/17 07:11:17 -0700 FALCONSLI7 (null) MESSAGE IP Protection started successfully

2013/04/17 07:16:32 -0700 FALCONSLI7 JPs IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 49253, Process: firefox.exe)

2013/04/17 07:16:32 -0700 FALCONSLI7 JPs IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 49254, Process: firefox.exe)

2013/04/17 07:20:33 -0700 FALCONSLI7 JPs IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 49433, Process: firefox.exe)

2013/04/17 07:20:33 -0700 FALCONSLI7 JPs IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 49436, Process: firefox.exe)

2013/04/17 07:20:49 -0700 FALCONSLI7 JPs IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 49494, Process: firefox.exe)

2013/04/17 07:20:49 -0700 FALCONSLI7 JPs IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 49495, Process: firefox.exe)

2013/04/17 07:20:49 -0700 FALCONSLI7 JPs IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 49499, Process: firefox.exe)

2013/04/17 07:20:49 -0700 FALCONSLI7 JPs IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 49500, Process: firefox.exe)

2013/04/17 08:14:10 -0700 FALCONSLI7 JPs IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 49989, Process: firefox.exe)

2013/04/17 08:14:10 -0700 FALCONSLI7 JPs IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 49990, Process: firefox.exe)

2013/04/17 08:22:50 -0700 FALCONSLI7 JPs MESSAGE Executing scheduled update: Flash Scan | Hourly | Silent

2013/04/17 08:22:57 -0700 FALCONSLI7 JPs MESSAGE Scheduled update executed successfully: database updated from version v2013.04.17.01 to version v2013.04.17.06

2013/04/17 08:22:57 -0700 FALCONSLI7 JPs MESSAGE Starting database refresh

2013/04/17 08:22:57 -0700 FALCONSLI7 JPs MESSAGE Stopping IP protection

2013/04/17 08:22:57 -0700 FALCONSLI7 JPs MESSAGE IP Protection stopped successfully

2013/04/17 08:23:00 -0700 FALCONSLI7 JPs MESSAGE Database refreshed successfully

2013/04/17 08:23:00 -0700 FALCONSLI7 JPs MESSAGE Starting IP protection

2013/04/17 08:23:00 -0700 FALCONSLI7 JPs MESSAGE Executing scheduled scan: Flash Scan | -terminate

2013/04/17 08:23:00 -0700 FALCONSLI7 JPs MESSAGE Scheduled scan executed successfully

2013/04/17 08:23:01 -0700 FALCONSLI7 JPs MESSAGE IP Protection started successfully

2013/04/17 08:32:15 -0700 FALCONSLI7 JPs IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 50600, Process: firefox.exe)

2013/04/17 08:32:15 -0700 FALCONSLI7 JPs IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 50601, Process: firefox.exe)

2013/04/17 08:34:15 -0700 FALCONSLI7 JPs IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 50690, Process: firefox.exe)

2013/04/17 08:34:15 -0700 FALCONSLI7 JPs IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 50691, Process: firefox.exe)

2013/04/17 08:41:52 -0700 FALCONSLI7 JPs IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 51080, Process: firefox.exe)

2013/04/17 08:41:52 -0700 FALCONSLI7 JPs IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 51086, Process: firefox.exe)

2013/04/17 09:29:55 -0700 FALCONSLI7 JPs MESSAGE Executing scheduled update: Flash Scan | Hourly | Silent

2013/04/17 09:30:00 -0700 FALCONSLI7 JPs MESSAGE Scheduled update executed successfully: database updated from version v2013.04.17.06 to version v2013.04.17.07

2013/04/17 09:30:00 -0700 FALCONSLI7 JPs MESSAGE Starting database refresh

2013/04/17 09:30:00 -0700 FALCONSLI7 JPs MESSAGE Stopping IP protection

2013/04/17 09:30:00 -0700 FALCONSLI7 JPs MESSAGE IP Protection stopped successfully

2013/04/17 09:30:03 -0700 FALCONSLI7 JPs MESSAGE Database refreshed successfully

2013/04/17 09:30:03 -0700 FALCONSLI7 JPs MESSAGE Starting IP protection

2013/04/17 09:30:03 -0700 FALCONSLI7 JPs MESSAGE Executing scheduled scan: Flash Scan | -terminate

2013/04/17 09:30:03 -0700 FALCONSLI7 JPs MESSAGE Scheduled scan executed successfully

2013/04/17 09:30:04 -0700 FALCONSLI7 JPs MESSAGE IP Protection started successfully

2013/04/17 10:37:47 -0700 FALCONSLI7 JPs MESSAGE Executing scheduled update: Flash Scan | Hourly | Silent

2013/04/17 10:37:48 -0700 FALCONSLI7 JPs MESSAGE Database already up-to-date

2013/04/17 11:36:09 -0700 FALCONSLI7 JPs MESSAGE Executing scheduled update: Flash Scan | Hourly | Silent

2013/04/17 11:36:15 -0700 FALCONSLI7 JPs MESSAGE Scheduled update executed successfully: database updated from version v2013.04.17.07 to version v2013.04.17.09

2013/04/17 11:36:15 -0700 FALCONSLI7 JPs MESSAGE Starting database refresh

2013/04/17 11:36:15 -0700 FALCONSLI7 JPs MESSAGE Stopping IP protection

2013/04/17 11:36:15 -0700 FALCONSLI7 JPs MESSAGE IP Protection stopped successfully

2013/04/17 11:36:17 -0700 FALCONSLI7 JPs MESSAGE Database refreshed successfully

2013/04/17 11:36:17 -0700 FALCONSLI7 JPs MESSAGE Starting IP protection

2013/04/17 11:36:18 -0700 FALCONSLI7 JPs MESSAGE Executing scheduled scan: Flash Scan | -terminate

2013/04/17 11:36:18 -0700 FALCONSLI7 JPs MESSAGE Scheduled scan executed successfully

2013/04/17 11:36:18 -0700 FALCONSLI7 JPs MESSAGE IP Protection started successfully

2013/04/17 12:12:09 -0700 FALCONSLI7 JPs MESSAGE Executing scheduled update: Flash Scan | Hourly | Silent

2013/04/17 12:12:10 -0700 FALCONSLI7 JPs MESSAGE Database already up-to-date

2013/04/17 13:43:07 -0700 FALCONSLI7 JPs MESSAGE Executing scheduled update: Flash Scan | Hourly | Silent

2013/04/17 13:43:21 -0700 FALCONSLI7 JPs MESSAGE Scheduled update executed successfully: database updated from version v2013.04.17.09 to version v2013.04.17.10

2013/04/17 13:43:21 -0700 FALCONSLI7 JPs MESSAGE Starting database refresh

2013/04/17 13:43:22 -0700 FALCONSLI7 JPs MESSAGE Stopping IP protection

2013/04/17 13:43:22 -0700 FALCONSLI7 JPs MESSAGE IP Protection stopped successfully

2013/04/17 13:43:24 -0700 FALCONSLI7 JPs MESSAGE Executing scheduled scan: Flash Scan | -terminate

2013/04/17 13:43:24 -0700 FALCONSLI7 JPs MESSAGE Scheduled scan executed successfully

2013/04/17 13:43:25 -0700 FALCONSLI7 JPs MESSAGE Database refreshed successfully

2013/04/17 13:43:25 -0700 FALCONSLI7 JPs MESSAGE Starting IP protection

2013/04/17 13:43:26 -0700 FALCONSLI7 JPs MESSAGE IP Protection started successfully

2013/04/17 13:53:09 -0700 FALCONSLI7 JPs IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 51888, Process: firefox.exe)

2013/04/17 13:53:09 -0700 FALCONSLI7 JPs IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 51890, Process: firefox.exe)

2013/04/17 14:15:48 -0700 FALCONSLI7 JPs MESSAGE Executing scheduled update: Flash Scan | Hourly | Silent

2013/04/17 14:15:49 -0700 FALCONSLI7 JPs MESSAGE Database already up-to-date

2013/04/17 14:17:34 -0700 FALCONSLI7 JPs IP-BLOCK 50.97.218.220 (Type: outgoing, Port: 52303, Process: firefox.exe)

2013/04/17 14:17:34 -0700 FALCONSLI7 JPs IP-BLOCK 50.97.218.220 (Type: outgoing, Port: 52305, Process: firefox.exe)

2013/04/17 14:17:34 -0700 FALCONSLI7 JPs IP-BLOCK 50.97.218.220 (Type: outgoing, Port: 52359, Process: firefox.exe)

2013/04/17 14:17:34 -0700 FALCONSLI7 JPs IP-BLOCK 50.97.218.220 (Type: outgoing, Port: 52378, Process: firefox.exe)

2013/04/17 14:17:34 -0700 FALCONSLI7 JPs IP-BLOCK 50.97.218.220 (Type: outgoing, Port: 52379, Process: firefox.exe)

2013/04/17 14:25:10 -0700 FALCONSLI7 JPs IP-BLOCK 50.97.218.220 (Type: outgoing, Port: 52539, Process: firefox.exe)

Hope this helps. Saw earlier post that the company works with MBAM, this is very good. It makes me feel much better and I won't worry so much about all this.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.