Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBAM blocking outgoing to malicious site


  • Please log in to reply
12 replies to this topic

#1 siglow

siglow

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:usa
  • Local time:03:52 AM

Posted 19 March 2012 - 01:49 PM

Hello: I have been getting popup warnings from Malwarebytes that it has blocked an outgoing connection to a malicious website. Other symptoms are BSOD errors during web browsing, and the system freezes while the hard disk runs for 5 minutes. Back in 2010 I had simular problems and eventually i hired Norton service to work on it. They found and removed a virus in the temporary. Since then it has slowly developed more and more problems until now it is hardly worth useing.

This morning I tried running DDS from multiple sites but it locked up. I was able to run GMER and i have a report from it. Over the last month removed many old programs and files, ran check disk and Defragmented. Also cleaned out inside pc case.

we are using: Avast internet security 7.01426
MalwareBytes 1.60.1.1000
Windows XP sp3

Thanks in advance for any help!

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:52 AM

Posted 19 March 2012 - 01:59 PM

Can you post the malwarebytes log as well as with the GMER, and can you perform a complete scan with malwarebytes?

#3 siglow

siglow
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:usa
  • Local time:03:52 AM

Posted 19 March 2012 - 05:14 PM

hi: I have run a full scan- nothing found. One strange thing happened several times. DDS kept trying to run during the scan but each time the command prompt window opened i closed it

here is the MBAM protection log showing blocked outgoing:

updated from version v2012.03.17.04 to version v2012.03.18.02
2012/03/18 10:19:13 -0400 M-H-N MESSAGE Starting database refresh
2012/03/18 10:19:13 -0400
M-H-N MESSAGE Stopping IP protection
2012/03/18 10:19:14 -0400
M-H-N MESSAGE IP Protection stopped
2012/03/18 10:21:46 -0400
M-H-N MESSAGE Database refreshed successfully
2012/03/18 10:21:46 -0400
M-H-N MESSAGE Starting IP protection
2012/03/18 10:22:13 -0400
M-H-N MESSAGE IP Protection started successfully
2012/03/18 14:11:53 -0400
M-H-N IP-BLOCK 64.94.137.117 (Type: outgoing)
2012/03/18 14:12:01 -0400 M-H-N IP-BLOCK 64.94.137.117 (Type: outgoing)
2012/03/18 14:12:13 -0400 M-H-N IP-BLOCK 64.94.137.117 (Type: outgoing)
2012/03/18 14:12:16 -0400 M-H-N IP-BLOCK 64.94.137.117 (Type: outgoing)
2012/03/18 14:12:22 -0400 M-H-N IP-BLOCK 64.94.137.117 (Type: outgoing)
2012/03/18 14:12:42 -0400 M-H-N IP-BLOCK 64.94.137.117 (Type: outgoing)
2012/03/18 14:12:45 -0400 M-H-N IP-BLOCK 64.94.137.117 (Type: outgoing)
2012/03/18 14:12:51 -0400 M-H-N IP-BLOCK 64.94.137.117 (Type: outgoing)
2012/03/18 14:13:03 -0400 M-H-N IP-BLOCK 64.94.137.117 (Type: outgoing)
2012/03/18 14:13:06 -0400 M-H-N IP-BLOCK 64.94.137.117 (Type: outgoing)
2012/03/18 14:13:12 -0400 M-H-N IP-BLOCK 64.94.137.117 (Type: outgoing)
2012/03/18 15:00:43 -0400 M-H-N MESSAGE Starting protection
2012/03/18 15:01:33 -0400 M-H-N MESSAGE Protection started successfully


Here is the Mbam full scan run today:

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 7.0.5730.13
Helen :: M-H-N [administrator]

Protection: Enabled

3/19/2012 3:04:20 PM
mbam-log-2012-03-19 (15-04-20).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 275144
Time elapsed: 2 hour(s), 26 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Here is the GMER :

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-19 13:26:38
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\ultra1Port1Path0Target0Lun0 IBM-DPTA rev.P76G
Running: gmer.exe; Driver: C:\DOCUME~1\Helen\LOCALS~1\Temp\awtyrpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xEE99ADF8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xEE99B85E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xEE9C7D5D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xEE9A02E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xEE9A0330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xEE9A0422]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xEE9C7711]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xEE9A0252]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xEE9A0374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xEE9A029A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xEE9A03DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xEE99AE44]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xEE9C8423]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xEE9C86D9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xEE99D9A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xEE9C828E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xEE9C80F9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xEE99AAD6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xEE99AE90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xEE99DD1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xEE99BB02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xEE9A030E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xEE9A0352]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xEE9A0446]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xEE9C7A6D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xEE9A0278]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xEE99D518]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xEE9A03AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xEE9A02C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xEE99D74C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xEE9A0400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xEE9C7F74]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xEE99B9CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xEE9C7DC6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xEEA31B68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xEE9C6D84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xEE99AEDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xEE99AF28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xEE99AB46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xEE99ACEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xEE9C852A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xEE99AC92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xEE99AD5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xEE99AF74]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xEEA3DD92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!ObInsertObject 805650BA 5 Bytes JMP EEA3C74C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056BB08 4 Bytes CALL EE99C19F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058124C 7 Bytes JMP EEA3DD96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A038B 5 Bytes JMP EEA3AC8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF7C45340, 0xFFF3F, 0xF8000020]
.text win32k.sys!EngFreeUserMem + 674 BF8098F2 5 Bytes JMP EE99F180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C84E 5 Bytes JMP EE99F07C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF8138E6 5 Bytes JMP EE99F036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C550 5 Bytes JMP EE99E724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF8240C0 5 Bytes JMP EE99DF84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828A2A 5 Bytes JMP EE99F2EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF831475 5 Bytes JMP EE99F4F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B68E BF839EB3 5 Bytes JMP EE99EF3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF851745 5 Bytes JMP EE99DE66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC6A 5 Bytes JMP EE99E7E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E2D4 5 Bytes JMP EE99E384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E35F 5 Bytes JMP EE99E562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F5D2 5 Bytes JMP EE99DE4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5457 BF8649A1 5 Bytes JMP EE99F0BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4128 BF873CF0 5 Bytes JMP EE99E51C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF890FA2 5 Bytes JMP EE99E7FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF89454D 5 Bytes JMP EE99F232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF895025 5 Bytes JMP EE99F450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 3857 BF89C3CB 5 Bytes JMP EE99E70C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DEC BF89D960 5 Bytes JMP EE99DFF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9E0 BF8C1EE0 5 Bytes JMP EE99E104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA342 5 Bytes JMP EE99E1AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA5C2 5 Bytes JMP EE99E2E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC017 5 Bytes JMP EE99DD52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + CB3D BF8F5016 5 Bytes JMP EE99E73C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19DF BF913566 5 Bytes JMP EE99DF22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 25B3 BF91413A 5 Bytes JMP EE99E0B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F2C BF916AB3 5 Bytes JMP EE99E67C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1940 BF946632 5 Bytes JMP EE99F3A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012300, 0x234A20, 0xF8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\devldr32.exe[248] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\2Wire\2PortalMon.exe[424] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[588] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\DOCUME~1\Helen\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[740] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[1444] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 011D5B60 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1444] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1500] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[1516] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[1588] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe[1624] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text ...
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1680] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\WINDOWS\system32\spoolsv.exe[1728] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\nvsvc32.exe[1824] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[1832] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe[1988] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2028] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text ...
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3328] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 10450924 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3328] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10450ECF C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6ADBDE07-FC1B-5DE8-0AD6-DFBE6FF9CF25}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6ADBDE07-FC1B-5DE8-0AD6-DFBE6FF9CF25}@dbhdcgfjfnmlfpbgmaialdmhgpckfkgoncekmpgg 0x6A 0x61 0x61 0x65 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6ADBDE07-FC1B-5DE8-0AD6-DFBE6FF9CF25}@cbbcegeikbpdglhnfchngkmcjomabekhpnnbgk 0x6A 0x61 0x61 0x65 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6FDB0038-95DA-EC3B-BD4D-F71662D0AFB8}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6FDB0038-95DA-EC3B-BD4D-F71662D0AFB8}@dbcheembeehbbcgcpappffblhbdlghnbohlmghee 0x6A 0x61 0x6F 0x64 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6FDB0038-95DA-EC3B-BD4D-F71662D0AFB8}@cbihcladeppdobpemfomefpjilanmcmmnnieai 0x6A 0x61 0x6F 0x64 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7CDCE587-2F2A-D249-606C-D0C5028839F5}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7CDCE587-2F2A-D249-606C-D0C5028839F5}@bbklhminamkkcoblidfgcmcpdemcphmdfbhm 0x6A 0x61 0x62 0x62 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7CDCE587-2F2A-D249-606C-D0C5028839F5}@abmkfjbijcpebimbogdhofiigifppfkdjh 0x6A 0x61 0x62 0x62 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7CDCE587-2F2A-D249-606C-D0C5028839F5}@iaklhminamkkcoblid 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7CDCE587-2F2A-D249-606C-D0C5028839F5}@hamkfjbijcpebimb 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7CDCE587-2F2A-D249-606C-D0C5028839F5}@iaglhnjbhdenbbaeed 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7CDCE587-2F2A-D249-606C-D0C5028839F5}@bbklhminamkkcoblidfgcmcpdemckhingiab 0x6A 0x61 0x62 0x62 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7CDCE587-2F2A-D249-606C-D0C5028839F5}@abmkfjbijcpebimbogdhofiigikamejcmo 0x6A 0x61 0x67 0x62 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E50F7633-4159-FB04-12A9-BEB7952DEE7E}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E50F7633-4159-FB04-12A9-BEB7952DEE7E}@dbmnljbldpgnbpohmiclghonakmblkfcahpnhpej 0x6A 0x61 0x6C 0x67 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E50F7633-4159-FB04-12A9-BEB7952DEE7E}@cbgoiglkkeljjhabcpmapoepdfhlmebbppnfla 0x6A 0x61 0x69 0x68 ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4oluye8k.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(2)\Setup(2)\bin(2)\PandaSecurityTb_2.0.0(2).9\$[56](2)\extensions(2)\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}(2)\install.rdf
File C:\avast! sandbox
File C:\avast! sandbox\snx_rhive
File C:\avast! sandbox\snx_rhive.LOG
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\WINDOWS
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\WINDOWS\Prefetch
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\WINDOWS\Prefetch\FIREFOX.EXE-28641590.pf
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\WINDOWS\Prefetch\DEVLDR32.EXE-2CF621DF.pf
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\WINDOWS\Prefetch\PLUGIN-CONTAINER.EXE-15EDC9DD.pf
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\WINDOWS\Prefetch\JQSNOTIFY.EXE-39C27936.pf
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Documents and Settings
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Documents and Settings\Helen
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Documents and Settings\Helen\Application Data
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Documents and Settings\Helen\Application Data\Mozilla
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Documents and Settings\Helen\Application Data\Mozilla\Firefox
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Documents and Settings\Helen\Application Data\Mozilla\Firefox\Profiles
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Documents and Settings\Helen\Application Data\Mozilla\Firefox\Profiles\h1pi2kg6.default
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Documents and Settings\Helen\Application Data\Mozilla\Firefox\Profiles\h1pi2kg6.default\cert8.db
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Documents and Settings\Helen\Application Data\Mozilla\Firefox\Profiles\h1pi2kg6.default\key3.db
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Documents and Settings\Helen\Application Data\Mozilla\Firefox\Profiles\h1pi2kg6.default\pluginreg.dat
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Documents and Settings\Helen\Application Data\Mozilla\Firefox\Profiles\h1pi2kg6.default\urlclassifierkey3.txt
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Documents and Settings\Helen\Application Data\Mozilla\Firefox\Profiles\h1pi2kg6.default\wrcUserStorage.json
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Documents and Settings\Helen\Application Data\Mozilla\Firefox\Profiles\h1pi2kg6.default\wrcRatingStorage.json
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Documents and Settings\Helen\Application Data\Mozilla\Firefox\Profiles\h1pi2kg6.default\wrcVotingStorage.json
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Documents and Settings\Helen\Application Data\Mozilla\Firefox\Profiles\h1pi2kg6.default\wrcPhishingStorage.json
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Documents and Settings\Helen\Application Data\Mozilla\Firefox\Profiles\h1pi2kg6.default\wrcWarningStorage.json
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Documents and Settings\Helen\Application Data\Mozilla\Firefox\Profiles\h1pi2kg6.default\blocklist.xml
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Documents and Settings\Helen\Application Data\Mozilla\Firefox\Profiles\h1pi2kg6.default\localstore.rdf
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Documents and Settings\Helen\Application Data\Mozilla\Firefox\Profiles\h1pi2kg6.default\parent.lock
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Documents and Settings\Helen\Application Data\Mozilla\Firefox\Profiles\h1pi2kg6.default\prefs.js
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Documents and Settings\Helen\Application Data\Mozilla\Firefox\Crash Reports
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Documents and Settings\Helen\Application Data\Mozilla\Firefox\Crash Reports\InstallTime20100722155716
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Documents and Settings\Helen\Local Settings
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Documents and Settings\Helen\Local Settings\Temp
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Documents and Settings\Helen\Local Settings\Temp\_avast_
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Documents and Settings\Helen\Local Settings\Application Data
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Documents and Settings\Helen\Local Settings\Application Data\Mozilla
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Documents and Settings\Helen\Local Settings\Application Data\Mozilla\Firefox
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Documents and Settings\Helen\Local Settings\Application Data\Mozilla\Firefox\Profiles
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Documents and Settings\Helen\Local Settings\Application Data\Mozilla\Firefox\Profiles\h1pi2kg6.default
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Documents and Settings\Helen\Local Settings\Application Data\Mozilla\Firefox\Profiles\h1pi2kg6.default\Cache
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Documents and Settings\Helen\Local Settings\Application Data\Mozilla\Firefox\Profiles\h1pi2kg6.default\Cache\_CACHE_MAP_
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Documents and Settings\Helen\Local Settings\Application Data\Mozilla\Firefox\Profiles\h1pi2kg6.default\Cache\_CACHE_001_
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Documents and Settings\Helen\Local Settings\Application Data\Mozilla\Firefox\Profiles\h1pi2kg6.default\Cache\_CACHE_002_
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Documents and Settings\Helen\Local Settings\Application Data\Mozilla\Firefox\Profiles\h1pi2kg6.default\Cache\_CACHE_003_
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Documents and Settings\Helen\Local Settings\Application Data\Mozilla\Firefox\Profiles\h1pi2kg6.default\XUL.mfl
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Program Files
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Program Files\Java
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Program Files\Java\jre6
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Program Files\Java\jre6\bin
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Program Files\Java\jre6\bin\jqsnotify.exe
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Program Files\Mozilla Firefox
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Program Files\Mozilla Firefox\components
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Program Files\Mozilla Firefox\components\xpti.dat
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\C\Program Files\Mozilla Firefox\components\compreg.dat
File C:\avast! sandbox\S-1-5-21-823518204-1580436667-1060284298-1004\webStorage\snx_fs.dat

---- EOF - GMER 1.0.15 ----


thanks for your help.

Edited by siglow, 19 March 2012 - 07:40 PM.


#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:52 AM

Posted 20 March 2012 - 02:30 PM

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are unchecked (leave all others checked):
    • Ignore files larger then 4mb
    • Ignore non-executable files

    Now Perform the scan with SUPERAntiSpyware as follows:
    • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes" and reboot normally.
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.[list]
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

SAS Portable
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

#5 siglow

siglow
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:usa
  • Local time:03:52 AM

Posted 21 March 2012 - 11:39 AM

Hello: I ran the SuperAntispyware application and it found and removed 16 cookies. Here is the scan report. Thanks for all your help

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/20/2012 at 07:13 PM

Application Version : 5.0.1146

Core Rules Database Version : 8357
Trace Rules Database Version: 6169

Scan type : Complete Scan
Total Scan Time : 01:53:44

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 444
Memory threats detected : 0
Registry items scanned : 34198
Registry threats detected : 0
File items scanned : 41188
File threats detected : 16

Adware.Tracking Cookie
.eyewonder.com [ C:\DOCUMENTS AND SETTINGS\HELEN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\H1PI2KG6.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\DOCUMENTS AND SETTINGS\HELEN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\H1PI2KG6.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\HELEN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\H1PI2KG6.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\DOCUMENTS AND SETTINGS\HELEN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\H1PI2KG6.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\HELEN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\H1PI2KG6.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\HELEN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\H1PI2KG6.DEFAULT\COOKIES.SQLITE ]
.kanoodle.com [ C:\DOCUMENTS AND SETTINGS\HELEN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\H1PI2KG6.DEFAULT\COOKIES.SQLITE ]
.media.lintvnews.com [ C:\DOCUMENTS AND SETTINGS\HELEN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\H1PI2KG6.DEFAULT\COOKIES.SQLITE ]
.media.lintvnews.com [ C:\DOCUMENTS AND SETTINGS\HELEN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\H1PI2KG6.DEFAULT\COOKIES.SQLITE ]
.media.lintvnews.com [ C:\DOCUMENTS AND SETTINGS\HELEN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\H1PI2KG6.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\HELEN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\H1PI2KG6.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\HELEN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\H1PI2KG6.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\HELEN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\H1PI2KG6.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\HELEN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\H1PI2KG6.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\HELEN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\H1PI2KG6.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\HELEN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\H1PI2KG6.DEFAULT\COOKIES.SQLITE ]

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:52 AM

Posted 21 March 2012 - 12:49 PM

I would just disable the IP Protection via mbam settings. Nothing malicious in your logs.

#7 siglow

siglow
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:usa
  • Local time:03:52 AM

Posted 21 March 2012 - 01:41 PM

Hello again: I can disable ip protection. But I don't understand what executable or script etc. could be causing an attempt to communicate with these malicious web sites.
Also I would like to understand why DDS will not run on this PC. Is there any way to find our what is stopping it? Thanks for your patience with a newbie.

Thanks again.

#8 Porthos

Porthos

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 21 March 2012 - 03:20 PM

Sounds like Pogo from this thread.

http://forums.malwarebytes.org/index.php?showtopic=97285

#9 siglow

siglow
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:usa
  • Local time:03:52 AM

Posted 22 March 2012 - 03:11 PM

Hello: I read the thread linked to by Porthos and at the bottom of it the forum moderator asked him to run DDS. Then he was to open a thread with the DDS logs in MalwareBytes Hijackthis / Malware removal forum. My pc seems to be running better for the past day except i still can't run DDS.. Are we done or should I do something more?

Thanks again

#10 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:52 AM

Posted 22 March 2012 - 03:16 PM

When trying to run DDS.scr what errors popup?

#11 siglow

siglow
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:usa
  • Local time:03:52 AM

Posted 22 March 2012 - 08:55 PM

Hello: When i try to run DDS.scr it runs about 3/4 of the way, judging by the progress bar, but it then locks up the pc. The cursor does not work and no inputs can be given. The only way out is to power down and up again. Also it seems that there is about a 2 hour delay from when you send a reply to when i can read it. You are on the east coast right? I am in the same time zone but your message from 3:16 pm did not come up at around 5 pm. does this sound unusual?

Thanks

#12 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:52 AM

Posted 22 March 2012 - 09:51 PM

If you want to run DDS, then Please follow the instructions in ==>Malware Removal and Log Section Preparation Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

Most importantly please be patient till you get a reply to your topic. If you receive a reply from the HelpBot, then please follow the instructions outlined in the helpbot's post.

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,766 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:52 AM

Posted 22 March 2012 - 10:48 PM

I don't understand what executable or script etc. could be causing an attempt to communicate with these malicious web sites.

Malwarebytes Anti-Malware IP Protection (malicious website blocking) is part of the Protection Module and works after it is enabled. When attempting to go to a potential malicious website, Malwarebytes will block the attempt and provide an alert. Notification that an IP address has been blocked does not necessarily mean the computer is infected. Some legitimate programs on your computer (i.e. iTunes, Instant Messenger client, P2P programs, web browsers)) have access to the Internet and that action can trigger an IP alert if it tried to access a malicious IP address. These events are stored in the "protection-log". Your firewall should be able to give you a list of such programs so you can confirm if they are legitimate. IP Protection is also designed to block incoming connections it determines to be malicious. Botnets and Zombie computers scour the net, randomly scanning a block of IP addresses, searching for vulnerable ports - commonly probed ports and make repeated attempts to access them. Hackers use "port scanning", a popular reconnaissance technique, to search for vulnerable computers with open ports using IP addresses or a group of random IP address ranges so they can break in and install malicious programs. Malwarebytes is doing its job by blocking this kind of traffic and alerting you about these intrusion attempts.

If you suspect false detections, find a site is being blocked and don't know why or you're not sure if it's safe, the Malwarebytes Team advises that you report it at the Malwarebytes False Positives Forum so the Research Team can investigate.

More information about IP Protection can be found in the Malwarebytes Anti-Malware IP Protection FAQs.

What does IP Protection do?
IP Protection provides an additional layer of security for your computer, by preventing access to known malicious IP addresses and IP ranges...

What does this notification mean?
This notification means quite simply, that an IP address has been blocked. It does NOT necessarily mean you are infected, it simply means a program on your computer (e.g. your browser, IM program, P2P program etc), tried accessing a malicious IP address...

Other FAQs about IP Protection
How does it do this?
How does it inform you?
I got an alert and I wasn't even surfing, how's that happen?
I received a notification on a safe site, why?
How do I disable this?
I got an alert for an IP or website I think is safe, how can I report it?
Does the IP Protection replace my firewall?
Where do I find the IP Protection logs?
How can I add an IP so it won't be detected and can access a site I need to?[/b]


If you are using peer-to-peer (P2P) file sharing programs (i.e. Limewire, eMule, Kontiki, BitTorrent, uTorrent, BitLord, BitLord, BearShare, Azureus/Vuze, etc) or an Instant messaging (IM) client, be aware they can trigger IP Protection alerts. Why? Because these kind of programs are a security risk which can make your system susceptible to a smörgåsbord of malware infections and remote attacks. Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users