We'd like to remind Forumites to please avoid political debate on the Forum. This is to keep it a safe and useful space for MoneySaving discussions. Threads that are - or become - political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

Malwarebytes pop up

retired1aswell
retired1aswell Posts: 16 Forumite
edited 31 October 2013 at 11:16PM in Techie Stuff
I recently installed Malwarebytes on my Windows 8.1 computer and about every 15 minutes I get a pop up saying that Malwarebytes blocked access to web site 89.28.101.176


What is going on and why is my computer trying to get to 89.28.101.176?

Comments

  • System
    System Posts: 178,258 Community Admin
    10,000 Posts Photogenic Name Dropper
    Have you done a full Malwarebytes scan of your machine? The IP address is one of the Time Warner cable addresses so you could have a virus/trojan on your machine
    This is a system account and does not represent a real person. To contact the Forum Team email forumteam@moneysavingexpert.com
  • retired1aswell
    retired1aswell Posts: 16 Forumite
    The IP address is one of the Time Warner cable addresses so you could have a virus/trojan on your machine

    Why would a virus/trojan try to get to a Time Warner site?
    Have you done a full Malwarebytes scan of your machine?
    Yes
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Post me a DDS log - should take 2-3 minutes.

    Download DDS from the link below and save it to your desktop:

    Link

    After you've downloaded it and saved it to your desktop:
    • Double click DDS to run it.
    • Click Start
    • When it's finished, DDS will open two logs:
    1. DDS.txt
    2. Attach.txt
    Save both reports to your desktop.

    Copy & paste the contents of just DDS.txt for now and post it here (you may need to split the log over separate posts)
  • retired1aswell
    retired1aswell Posts: 16 Forumite
    Here it is

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 11.0.9600.16384
    Run by James at 22:08:29 on 2013-10-31
    Microsoft Windows 8.1 Pro with Media Center 6.3.9600.0.1252.44.2057.18.3566.2378 [GMT 0:00]
    .
    AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\wininit.exe
    C:\WINDOWS\system32\dwm.exe
    C:\WINDOWS\system32\atiesrxx.exe
    C:\WINDOWS\system32\atieclxx.exe
    C:\WINDOWS\System32\spoolsv.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
    C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
    C:\WINDOWS\system32\BtwRSupportService.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\WINDOWS\system32\dashost.exe
    C:\WINDOWS\system32\taskhostex.exe
    C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
    C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
    C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\System32\SettingSyncHost.exe
    C:\Windows\System32\WUDFHost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Windows\System32\skydrive.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\WINDOWS\system32\DllHost.exe
    C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
    C:\WINDOWS\system32\taskhost.exe
    C:\Windows\System32\RuntimeBroker.exe
    C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20279_x86__8wekyb3d8bbwe\LiveComm.exe
    C:\WINDOWS\system32\conhost.exe
    C:\WINDOWS\system32\conhost.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k RPCSS
    C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
    C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
    C:\WINDOWS\system32\svchost.exe -k HPService
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    uSearch Bar = Preserve
    uProxyServer = 198.147.22.212
    uProxyOverride = <local>
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
    BHO: TBSB02125 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - c:\program files\nectar toolbar\tbcore3.dll
    TB: Nectar Toolbar: {8CB26F89-C950-4CC2-9100-69635A8E721D} - c:\program files\nectar toolbar\tbcore3.dll
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\x86\CLIStart.exe" MSRun
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    TCP: NameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{66AF6966-0E1A-4DAC-88F5-152E8880A344} : DHCPNameServer = 194.168.4.100 194.168.8.100
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-6-12 13560]
    R0 intelpep;Intel(R) Power Engine Plug-in Driver;c:\windows\system32\drivers\intelpep.sys [2013-9-30 36696]
    R1 ahcache;Application Compatibility Cache;c:\windows\system32\drivers\ahcache.sys [2013-8-22 63488]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-9-26 209408]
    R2 AVerRemote;AVerRemote;c:\program files\common files\avermedia\service\AVerRemote.exe [2012-11-21 352256]
    R2 AVerScheduleService;AVerScheduleService;c:\program files\common files\avermedia\service\AVerScheduleService.exe [2012-11-21 409600]
    R2 BcmBtRSupport;Bluetooth Driver Management Service;c:\windows\system32\BtwRSupportService.exe [2013-10-28 1680088]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\intel\icls client\HeciServer.exe [2012-4-20 462048]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files\intel\intel(r) management engine components\dal\Jhi_service.exe [2012-10-30 166720]
    R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2013-3-15 395640]
    R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\kodak\aio\statusmonitor\EKPrinterSDK.exe [2013-1-15 780152]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-10-27 418376]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-10-27 701512]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2012-10-30 365376]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW83.sys [2013-7-5 113664]
    R3 aver7700;AVerMedia aver7700 DVB-T;c:\windows\system32\drivers\aver7700.sys [2007-3-7 167424]
    R3 bcbtums;Bluetooth USB LD Filter;c:\windows\system32\drivers\bcbtums.sys [2013-10-28 175320]
    R3 BthA2DP;Bluetooth Stereo;c:\windows\system32\drivers\BthA2DP.sys [2013-8-22 107648]
    R3 BthHFAud;Bluetooth Hands-Free;c:\windows\system32\drivers\BthHfAud.sys [2013-8-22 26624]
    R3 BthHFSrv;Bluetooth Handsfree Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2013-8-22 31552]
    R3 CX88VID;Conexant 2388x AvStream Video Capture;c:\windows\system32\drivers\cxavsvid.sys [2012-10-28 301104]
    R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C63x86.sys [2013-8-21 110792]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-10-27 22856]
    R3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2012-10-30 55104]
    R3 NcbService;Network Connection Broker;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 31552]
    R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;c:\windows\system32\drivers\NdisVirtualBus.sys [2013-8-22 13312]
    R3 WdNisDrv;Windows Defender Network Inspection System Driver;c:\windows\system32\drivers\WdNisDrv.sys [2013-8-22 93024]
    R3 WdNisSvc;Windows Defender Network Inspection Service;c:\program files\windows defender\NisSrv.exe [2013-8-22 278264]
    S2 CX88TS;Conexant DVBS 2388x Transport Stream Capture;c:\windows\system32\drivers\cx88ts.sys [2005-11-30 13440]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
    S3 ADP80XX;ADP80XX;c:\windows\system32\drivers\adp80xx.sys [2013-8-21 773472]
    S3 amdkmafd;AMD Audio Bus Lower Filter;c:\windows\system32\drivers\amdkmafd.sys [2013-3-29 15968]
    S3 AppReadiness;App Readiness;c:\windows\system32\svchost.exe -k AppReadiness [2013-8-22 31552]
    S3 AppXSvc;AppX Deployment Service (AppXSVC);c:\windows\system32\svchost.exe -k wsappx [2013-8-22 31552]
    S3 bcmfn2;bcmfn2 Service;c:\windows\system32\drivers\bcmfn2.sys [2013-8-21 16088]
    S3 btwampfl;btwampfl;c:\windows\system32\drivers\btwampfl.sys [2013-10-2 144600]
    S3 etdrv;etdrv;c:\windows\etdrv.sys [2012-11-12 17488]
    S3 GPIO;Intel SoC GPIO Controller Driver;c:\windows\system32\drivers\iaiogpio.sys [2013-8-21 22016]
    S3 iaioi2c;Intel(R) Atom(TM) Processor I2C Controller Service;c:\windows\system32\drivers\iaioi2c.sys [2013-8-21 61936]
    S3 iaStorAV;Intel(R) SATA RAID Controller Windows;c:\windows\system32\drivers\iaStorAV.sys [2013-8-21 524784]
    S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files\intel\intel(r) integrated clock controller service\ICCProxy.exe [2012-11-12 160256]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-8-22 108032]
    S3 kbldfltr;kbldfltr;c:\windows\system32\drivers\kbldfltr.sys [2013-9-30 19680]
    S3 lfsvc;Windows Location Framework Service;c:\windows\system32\svchost.exe -k netsvcs [2013-8-22 31552]
    S3 LSI_SAS3;LSI_SAS3;c:\windows\system32\drivers\lsi_sas3.sys [2013-8-21 68960]
    S3 netvsc;netvsc;c:\windows\system32\drivers\netvsc63.sys [2013-8-22 72192]
    S3 ScDeviceEnum;Smart Card Device Enumeration Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 31552]
    S3 SerCx2;Serial UART Support Library;c:\windows\system32\drivers\SerCx2.sys [2013-8-22 119648]
    S3 smphost;Microsoft Storage Spaces SMP;c:\windows\system32\svchost.exe -k smphost [2013-8-22 31552]
    S3 stornvme;Microsoft Standard NVM Express Driver;c:\windows\system32\drivers\stornvme.sys [2013-8-22 47456]
    S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-11-8 10496]
    S3 UEFI;Microsoft UEFI Driver;c:\windows\system32\drivers\uefi.sys [2013-8-22 23904]
    S3 vmicguestinterface;Hyper-V Guest Service Interface;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 31552]
    S3 WEPHOSTSVC;Windows Encryption Provider Host Service;c:\windows\system32\svchost.exe -k WepHostSvcGroup [2013-8-22 31552]
    S3 workfolderssvc;Work Folders;c:\windows\system32\svchost.exe -k LocalService [2013-8-22 31552]
    S3 YGEJZFIRYSV;YGEJZFIRYSV;c:\users\James\appdata\local\temp\YGEJZFIRYSV.exe [2013-10-30 428928]
    S4 MsKeyboardFilter;Microsoft Keyboard Filter;c:\windows\system32\svchost.exe -k netsvcs [2013-8-22 31552]
    .
    =============== Created Last 30 ================
    .
    2013-10-31 22:05:15 688992
    r- c:\windows\system32\dds.com
    2013-10-31 18:37:42 7796464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d548c1a7-cc46-4767-ba0b-a3fdbd7d75bf}\mpengine.dll
    2013-10-31 13:09:49 304304 ----a-w- c:\programdata\microsoft\windows\sqm\manifest\Sqm10223.bin
    2013-10-30 15:07:48
    d
    w- c:\windows\LastGood.Tmp
    2013-10-30 10:44:18 7796464
    w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
    2013-10-29 10:23:40 698232 ----a-w- c:\windows\system32\mfplat.dll
    2013-10-28 18:02:16 1680088 ----a-w- c:\windows\system32\BtwRSupportService.exe
    2013-10-28 18:02:14 175320 ----a-w- c:\windows\system32\drivers\bcbtums.sys
    2013-10-27 21:19:51
    d
    w- c:\users\James\appdata\roaming\Malwarebytes
    2013-10-27 21:19:42
    d
    w- c:\programdata\Malwarebytes
    2013-10-27 21:19:41 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-10-27 21:19:41
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2013-10-20 18:41:59
    d--h--r- C:\ESD
    2013-10-19 12:11:59
    d
    r- c:\windows\BrowserChoice
    2013-10-19 12:11:43 18673008 ----a-w- c:\program files\common files\microsoft shared\microsoft camera codec pack\MicrosoftRawCodec.dll
    2013-10-19 11:34:31 719224
    w- c:\programdata\microsoft\windows defender\definition updates\{f890ccee-13ed-42b9-a473-501ae8becac4}\gapaengine.dll
    2013-10-17 17:01:18 50784 ----a-w- c:\programdata\microsoft\windowsfiltering\sqm\manifest\Sqm3.bin
    2013-10-17 17:00:38 17536 ----a-w- c:\programdata\microsoft\windowssampling\sqm\manifest\Sqm3.bin
    2013-10-17 16:52:08
    dc----w- c:\windows\Panther
    2013-10-17 16:51:15 977408 ----a-w- c:\windows\system32\Windows.Media.Streaming.dll
    2013-10-17 16:51:15 698880 ----a-w- c:\windows\system32\WSShared.dll
    2013-10-17 16:51:15 621056 ----a-w- c:\windows\system32\MrmCoreR.dll
    2013-10-17 16:51:15 406400 ----a-w- c:\windows\system32\dxgi.dll
    2013-10-17 16:51:15 320856 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2013-10-17 16:51:15 225792 ----a-w- c:\windows\system32\Windows.Devices.Sensors.dll
    2013-10-17 16:51:15 189952 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2013-10-17 16:51:15 1765384 ----a-w- c:\windows\system32\d3d11.dll
    2013-10-17 16:51:15 1765376 ----a-w- c:\windows\system32\dwmcore.dll
    2013-10-17 16:51:15 1306968 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2013-10-17 16:51:15 1018960 ----a-w- c:\windows\system32\msctf.dll
    2013-10-17 16:48:43 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
    2013-10-17 16:48:43 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2013-10-17 16:48:42 778936 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
    2013-10-17 16:18:27
    d---a-r- c:\users\James\SkyDrive
    2013-10-17 15:58:17
    d--h--w- c:\users\James\AppData
    2013-10-17 15:58:17
    d
    w- c:\users\James\appdata\local\Temp
    2013-10-17 15:58:17
    d
    w- c:\users\James\appdata\local\Microsoft
    2013-10-17 15:54:46 0 ----a-w- c:\windows\ativpsrm.bin
    2013-10-17 15:54:44
    d
    w- c:\program files\common files\ATI Technologies
    2013-10-17 15:54:43
    d
    w- c:\program files\AMD
    2013-10-17 15:54:36
    d
    w- c:\windows\system32\RTCOM
    2013-10-17 15:54:36
    d
    w- c:\program files\Realtek
    2013-10-17 10:34:42 271256 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
    2013-10-16 22:11:16
    d
    w- c:\program files\Nectar Toolbar
    2013-10-16 12:00:54
    d
    w- c:\program files\AMD AVT
    2013-10-16 11:58:27
    d
    w- c:\programdata\Package Cache
    2013-10-15 16:02:32
    d
    w- c:\program files\Passcape
    2013-10-15 15:57:30
    d
    w- c:\windows\system32\MRT
    2013-10-15 15:26:59 5402832 ----a-w- c:\programdata\pclunst.exe
    2013-10-15 15:26:58
    d
    w- c:\programdata\PC1Data
    2013-10-15 15:20:51 27544 ----a-w- c:\program files\mozilla firefox\plugin-hang-ui.exe
    2013-10-15 15:01:00
    d
    w- C:\AdwCleaner
    2013-10-02 17:02:14 60120 ----a-w- c:\windows\system32\btwdi.dll
    2013-10-02 17:02:12 1640152 ----a-w- c:\windows\system32\BcmBtRSupport.dll
    2013-10-02 17:02:12 144600 ----a-w- c:\windows\system32\drivers\btwampfl.sys
    .
    ==================== Find3M ====================
    .
    2013-10-19 23:05:49 17488 ----a-w- c:\windows\gdrv.sys
    2013-10-17 16:48:31 442880 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2013-10-17 16:48:31 2413568 ----a-w- c:\windows\apppatch\AcGenral.dll
    2013-10-02 01:04:52 693240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-10-02 01:04:52 105464 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-09-30 04:06:56 1380632 ----a-w- c:\windows\system32\winload.efi
    2013-09-30 04:06:56 1270640 ----a-w- c:\windows\system32\winload.exe
    2013-09-30 04:06:56 1261320 ----a-w- c:\windows\system32\winresume.efi
    2013-09-30 04:06:56 1159080 ----a-w- c:\windows\system32\winresume.exe
    2013-09-30 04:06:30 584192 ----a-w- c:\windows\system32\SettingSyncCore.dll
    2013-09-30 04:06:30 476672 ----a-w- c:\windows\system32\SettingSyncHost.exe
    2013-09-30 04:06:30 454656 ----a-w- c:\windows\system32\SkyDrive.exe
    2013-09-30 04:06:30 3403776 ----a-w- c:\windows\system32\SyncEngine.dll
    2013-09-30 04:06:29 552448 ----a-w- c:\windows\system32\SkyDriveTelemetry.dll
    2013-09-30 04:06:29 515072 ----a-w- c:\windows\system32\MrmIndexer.dll
    2013-09-30 03:53:41 66560 ----a-w- c:\windows\system32\Mcx2Svc.dll
    2013-09-30 03:50:35 2560 ----a-w- c:\windows\system32\drivers\en-us\srv.sys.mui
    2013-09-26 17:22:30 83456 ----a-w- c:\windows\system32\OpenVideo.dll
    2013-08-30 18:53:48 38912 ----a-w- c:\windows\system32\kdbsdk32.dll
    2013-08-22 08:16:47 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys
    2013-08-22 08:16:46 195584 ----a-w- c:\windows\system32\msclmd.dll
    2013-08-22 06:15:13 123904 ----a-w- c:\windows\system32\poqexec.exe
    2013-08-22 05:35:21 63840 ----a-w- c:\windows\system32\drivers\fileinfo.sys
    2013-08-22 05:35:21 53088 ----a-w- c:\windows\system32\drivers\dam.sys
    2013-08-22 05:35:21 49504 ----a-w- c:\windows\system32\drivers\fsdepends.sys
    2013-08-22 05:35:21 39264 ----a-w- c:\windows\system32\kdusb.dll
    2013-08-22 05:35:20 76128 ----a-w- c:\windows\system32\mcupdate_AuthenticAMD.dll
    2013-08-22 05:35:20 61280 ----a-w- c:\windows\system32\drivers\acpiex.sys
    2013-08-22 05:35:20 30560 -c--a-w- c:\windows\system32\drivers\battc.sys
    2013-08-22 05:35:20 179552 ----a-w- c:\windows\system32\drivers\fastfat.sys
    2013-08-22 05:34:53 98656 -c--a-w- c:\windows\system32\drivers\pcmcia.sys
    2013-08-22 05:34:53 54624 ----a-w- c:\windows\system32\drivers\mup.sys
    2013-08-22 05:34:53 403808 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
    2013-08-22 05:34:52 32608 -c--a-w- c:\windows\system32\drivers\mssmbios.sys
    2013-08-22 05:34:52 18784 ----a-w- c:\windows\system32\drivers\tbs.sys
    2013-08-22 05:34:52 133472 -c--a-w- c:\windows\system32\drivers\tpm.sys
    2013-08-22 05:32:58 59744 ----a-w- c:\windows\system32\drivers\ULIAGPKX.SYS
    2013-08-22 05:31:48 29536 ----a-w- c:\windows\system32\drivers\wimmount.sys
    2013-08-22 05:30:58 31552 ----a-w- c:\windows\system32\svchost.exe
    2013-08-22 05:30:48 785600 ----a-w- c:\windows\system32\taskschd.dll
    2013-08-22 05:30:48 66632 ----a-w- c:\windows\system32\taskhostex.exe
    2013-08-22 05:30:48 64544 ----a-w- c:\windows\system32\taskhost.exe
    2013-08-22 05:30:48 308848 ----a-w- c:\windows\system32\wevtapi.dll
    2013-08-22 05:30:48 140968 ----a-w- c:\windows\system32\wscapi.dll
    2013-08-22 05:30:39 394072 ----a-w- c:\windows\system32\netcfgx.dll
    2013-08-22 05:30:36 82576 ----a-w- c:\windows\system32\mpr.dll
    2013-08-22 05:30:36 50616 ----a-w- c:\windows\system32\wwapi.dll
    2013-08-22 05:30:36 392000 ----a-w- c:\windows\system32\WWanAPI.dll
    2013-08-22 05:28:07 2873208 ----a-w- c:\windows\system32\WSService.dll
    2013-08-22 05:28:06 1721000 ----a-w- c:\windows\system32\msxml6.dll
    2013-08-22 05:27:30 27872 ----a-w- c:\windows\system32\PrintDialogHost.exe
    2013-08-22 05:26:54 212832 ----a-w- c:\windows\system32\WMASF.DLL
    2013-08-22 05:26:00 1468880 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
    2013-08-22 05:26:00 14008 -c--a-w- c:\windows\system32\drivers\drmkaud.sys
    2013-08-22 05:24:59 92960 ----a-w- c:\windows\system32\MP3DMOD.DLL
    2013-08-22 05:23:54 45056 ----a-w- c:\windows\system32\AutoWorkplace.exe
    2013-08-22 05:22:26 178688 ----a-w- c:\windows\system32\cdd.dll
    2013-08-22 05:22:09 489088 ----a-w- c:\windows\system32\advapi32.dll
    2013-08-22 05:22:00 163328 ----a-w- c:\windows\system32\Windows.Help.Runtime.dll
    2013-08-22 05:21:53 70496 ----a-w- c:\windows\system32\apisetschema.dll
    2013-08-22 05:21:42 508680 ----a-w- c:\windows\system32\clbcatq.dll
    2013-08-22 05:21:42 506672 ----a-w- c:\windows\system32\WinTypes.dll
    2013-08-22 05:21:42 49552 ----a-w- c:\windows\system32\RpcRtRemote.dll
    2013-08-22 05:21:42 29920 ----a-w- c:\windows\system32\RuntimeBroker.exe
    2013-08-22 05:21:42 1085152 ----a-w- c:\windows\system32\webservices.dll
    2013-08-22 05:21:13 412000 -c--a-w- c:\windows\system32\drivers\vhdmp.sys
    2013-08-22 05:21:13 34656 -c--a-w- c:\windows\system32\drivers\vdrvroot.sys
    2013-08-22 05:21:13 18272 ----a-w- c:\windows\system32\kdhv1394.dll
    2013-08-22 05:19:45 552632 ----a-w- c:\windows\system32\oleaut32.dll
    2013-08-22 05:17:52 735584 ----a-w- c:\windows\system32\drivers\http.sys
    2013-08-22 05:17:00 29128 ----a-w- c:\windows\system32\drivers\WdBoot.sys
    2013-08-22 05:11:50 19456 ----a-w- c:\windows\system32\mscorier.dll
    2013-08-22 05:11:13 44544 ----a-w- c:\windows\system32\netvscres.dll
    2013-08-22 05:11:12 208384 ----a-w- c:\windows\system32\vmicres.dll
    2013-08-22 05:11:09 54784 ----a-w- c:\windows\system32\vmbusres.dll
    2013-08-22 05:11:09 38912 ----a-w- c:\windows\system32\vmstorfltres.dll
    2013-08-22 05:11:08 33792 ----a-w- c:\windows\system32\dmvscres.dll
    2013-08-22 05:00:02 924944 ----a-w- c:\windows\system32\mfc40u.dll
    2013-08-22 04:23:04 1049088 ----a-w- c:\windows\system32\MSMPEG2ENC.DLL
    2013-08-22 04:23:01 501760 ----a-w- c:\windows\system32\mfh264enc.dll
    2013-08-22 04:16:59 733184 ----a-w- c:\windows\system32\qedwipes.dll
    2013-08-22 04:15:59 7168 ----a-w- c:\windows\system32\MsraLegacy.tlb
    2013-08-22 04:14:59 7168 ----a-w- c:\windows\system32\KBDFC.DLL
    2013-08-22 04:13:59 4608 ---ha-w- c:\windows\system32\ext-ms-win-ntuser-misc-l1-2-0.dll
    2013-08-22 04:12:57 3584 ---ha-w- c:\windows\system32\ext-ms-win-networking-wcmapi-l1-1-0.dll
    2013-08-22 04:11:59 164864 ----a-w- c:\windows\system32\drivers\exfat.sys
    2013-08-22 04:10:59 82944 -c--a-w- c:\windows\system32\drivers\i8042prt.sys
    2013-08-22 04:09:59 16384 -c--a-w- c:\windows\system32\drivers\kdnic.sys
    2013-08-22 04:08:47 102400 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
    2013-08-22 04:07:58 535552 ----a-w- c:\windows\system32\comctl32.dll
    2013-08-22 04:06:58 38912 ----a-w- c:\windows\system32\sfc_os.dll
    2013-08-22 04:05:59 33280 ----a-w- c:\windows\system32\cnvfat.dll
    2013-08-22 04:04:59 9216 ----a-w- c:\windows\system32\spmpm.dll
    2013-08-22 04:03:59 18944 ----a-w- c:\windows\system32\chkntfs.exe
    2013-08-22 04:02:57 16896 ----a-w- c:\windows\system32\gpupdate.exe
    2013-08-22 04:01:50 23040 ----a-w- c:\windows\system32\linkinfo.dll
    2013-08-22 04:00:58 11264 ----a-w- c:\windows\system32\bitsprx4.dll
    2013-08-22 03:59:58 65536 ----a-w- c:\windows\system32\avicap32.dll
    2013-08-22 03:58:50 29696 ----a-w- c:\windows\system32\extrac32.exe
    2013-08-22 03:57:54 1007104 ----a-w- c:\windows\system32\d3d8.dll
    .
    ============= FINISH: 22:09:09.01 ===============
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Open mbam and go to the logs tab and post the contents of the latest protection log - one that shows the IP address being blocked.
  • retired1aswell
    retired1aswell Posts: 16 Forumite
    2013/10/31 12:35:50 GMT JAMES James MESSAGE Starting protection
    2013/10/31 12:35:50 GMT JAMES James MESSAGE Protection started successfully
    2013/10/31 12:35:50 GMT JAMES James MESSAGE Starting IP protection
    2013/10/31 12:35:53 GMT JAMES James MESSAGE IP Protection started successfully
    2013/10/31 12:45:06 GMT JAMES James MESSAGE Executing scheduled update: Daily
    2013/10/31 12:45:14 GMT JAMES James MESSAGE Starting database refresh
    2013/10/31 12:45:14 GMT JAMES James MESSAGE Scheduled update executed successfully: database updated from version v2013.10.30.02 to version v2013.10.31.03
    2013/10/31 12:45:14 GMT JAMES James MESSAGE Stopping IP protection
    2013/10/31 12:45:14 GMT JAMES James MESSAGE IP Protection stopped successfully
    2013/10/31 12:45:17 GMT JAMES James MESSAGE Database refreshed successfully
    2013/10/31 12:45:17 GMT JAMES James MESSAGE Starting IP protection
    2013/10/31 12:45:19 GMT JAMES James MESSAGE IP Protection started successfully
    2013/10/31 13:49:23 GMT JAMES James IP-BLOCK 109.201.151.93 (Type: outgoing, Port: 50730, Process: chrome.exe)
    2013/10/31 13:52:20 GMT JAMES James IP-BLOCK 109.201.151.93 (Type: outgoing, Port: 51029, Process: iexplore.exe)
    2013/10/31 13:52:20 GMT JAMES James IP-BLOCK 109.201.151.93 (Type: outgoing, Port: 51028, Process: iexplore.exe)
    2013/10/31 13:52:20 GMT JAMES James IP-BLOCK 109.201.151.93 (Type: outgoing, Port: 51030, Process: iexplore.exe)
    2013/10/31 16:01:47 GMT JAMES James IP-BLOCK 89.28.100.112 (Type: incoming, Port: 11281, Process: skype.exe)
    2013/10/31 16:01:47 GMT JAMES James IP-BLOCK 89.28.100.112 (Type: incoming, Port: 11281, Process: skype.exe)
    2013/10/31 16:01:47 GMT JAMES James IP-BLOCK 89.28.100.112 (Type: incoming, Port: 11281, Process: skype.exe)
    2013/10/31 17:31:28 GMT JAMES James IP-BLOCK 89.28.100.112 (Type: incoming, Port: 11281, Process: skype.exe)
    2013/10/31 17:31:28 GMT JAMES James IP-BLOCK 89.28.100.112 (Type: incoming, Port: 11281, Process: skype.exe)
    2013/10/31 17:31:28 GMT JAMES James IP-BLOCK 89.28.100.112 (Type: incoming, Port: 11281, Process: skype.exe)
    2013/10/31 17:31:36 GMT JAMES James IP-BLOCK 89.28.100.112 (Type: incoming, Port: 11281, Process: skype.exe)
    2013/10/31 17:31:36 GMT JAMES James IP-BLOCK 89.28.100.112 (Type: incoming, Port: 11281, Process: skype.exe)
    2013/10/31 17:54:09 GMT JAMES James IP-BLOCK 89.28.100.170 (Type: incoming, Port: 11281, Process: skype.exe)
    2013/10/31 17:54:09 GMT JAMES James IP-BLOCK 89.28.100.170 (Type: incoming, Port: 11281, Process: skype.exe)
    2013/10/31 17:54:09 GMT JAMES James IP-BLOCK 89.28.100.170 (Type: incoming, Port: 11281, Process: skype.exe)
    2013/10/31 17:54:33 GMT JAMES James IP-BLOCK 89.28.100.112 (Type: incoming, Port: 11281, Process: skype.exe)
    2013/10/31 17:54:41 GMT JAMES James IP-BLOCK 89.28.100.112 (Type: incoming, Port: 11281, Process: skype.exe)
    2013/10/31 17:54:41 GMT JAMES James IP-BLOCK 89.28.100.112 (Type: incoming, Port: 11281, Process: skype.exe)
    2013/10/31 17:54:41 GMT JAMES James IP-BLOCK 89.28.100.112 (Type: incoming, Port: 11281, Process: skype.exe)
    2013/10/31 17:54:50 GMT JAMES James IP-BLOCK 89.28.100.112 (Type: incoming, Port: 11281, Process: skype.exe)
    2013/10/31 17:54:50 GMT JAMES James IP-BLOCK 89.28.100.112 (Type: incoming, Port: 11281, Process: skype.exe)
    2013/10/31 18:37:24 GMT JAMES James MESSAGE Executing scheduled update: Daily
    2013/10/31 18:37:30 GMT JAMES James MESSAGE Starting database refresh
    2013/10/31 18:37:30 GMT JAMES James MESSAGE Stopping IP protection
    2013/10/31 18:37:31 GMT JAMES James MESSAGE Scheduled update executed successfully: database updated from version v2013.10.31.03 to version v2013.10.31.07
    2013/10/31 18:37:31 GMT JAMES James MESSAGE IP Protection stopped successfully
    2013/10/31 18:37:33 GMT JAMES James MESSAGE Database refreshed successfully
    2013/10/31 18:37:33 GMT JAMES James MESSAGE Starting IP protection
    2013/10/31 18:37:36 GMT JAMES James MESSAGE IP Protection started successfully
    2013/10/31 19:35:41 GMT JAMES James IP-BLOCK 89.28.101.176 (Type: incoming, Port: 11281, Process: skype.exe)
    2013/10/31 19:35:41 GMT JAMES James IP-BLOCK 89.28.101.176 (Type: incoming, Port: 11281, Process: skype.exe)
    2013/10/31 19:35:41 GMT JAMES James IP-BLOCK 89.28.101.176 (Type: incoming, Port: 11281, Process: skype.exe)
    2013/10/31 19:35:49 GMT JAMES James IP-BLOCK 89.28.101.176 (Type: incoming, Port: 11281, Process: skype.exe)
    2013/10/31 19:56:31 GMT JAMES James IP-BLOCK 89.28.101.176 (Type: incoming, Port: 11281, Process: skype.exe)
    2013/10/31 20:28:10 GMT JAMES James IP-BLOCK 41.203.69.4 (Type: incoming, Port: 11281, Process: skype.exe)
    2013/10/31 20:28:10 GMT JAMES James IP-BLOCK 41.203.69.4 (Type: incoming, Port: 11281, Process: skype.exe)
    2013/10/31 20:28:18 GMT JAMES James IP-BLOCK 41.203.69.4 (Type: incoming, Port: 11281, Process: skype.exe)
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    2013/10/31 19:35:41 GMT JAMES James IP-BLOCK 89.28.101.176 (Type: incoming, Port: 11281, Process: skype.exe)
    https://helpdesk.malwarebytes.org/entries/21206222-Why-does-Malwarebytes-Anti-Malware-block-Skype-
  • retired1aswell
    retired1aswell Posts: 16 Forumite
    Hi Thanks, I will give that a try and see what happens.

    I originally transposed the first 2 numbers of the IP address fixed now.
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 349K Banking & Borrowing
  • 252.4K Reduce Debt & Boost Income
  • 452.7K Spending & Discounts
  • 241.9K Work, Benefits & Business
  • 618.4K Mortgages, Homes & Bills
  • 176.1K Life & Family
  • 254.9K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 15.1K Coronavirus Support Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture