Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Conduit, Connections to Bosnia and the Eastern Bloc


  • This topic is locked This topic is locked
21 replies to this topic

#1 badcomputer

badcomputer

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 23 January 2014 - 04:56 PM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512  BrowserJavaVersion: 10.45.2
Run by Danny at 16:53:08 on 2014-01-23
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2046.392 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Emsisoft Anti-Malware *Enabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [iFunBox Price Watch] c:\program files\ifunbox 2014\iFunBox2014.exe /tray
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Nvtmru] "c:\program files\nvidia corporation\nvidia update core\nvtmru.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [emsisoft anti-malware] "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{B1B23045-9D41-4B31-8D0D-5BFF5BA1622C} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\danny\application data\mozilla\firefox\profiles\gcvkjrpr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287822&SearchSource=3&q={searchTerms}&CUI=UN27253776682103421
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287822&SearchSource=2&CUI=UN27253776682103421&UM=UM_ID&q=
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\browser\nppdf32(2).dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-10-25 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-10-25 180248]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2014-1-23 22056]
R1 a2injectiondriver;a2injectiondriver;c:\program files\emsisoft anti-malware\a2dix86.sys [2014-1-23 38248]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\emsisoft anti-malware\a2util32.sys [2014-1-23 14432]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-1-17 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2013-1-17 410528]
R2 a2AntiMalware;Emsisoft Anti-Malware 8.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2014-1-23 4161512]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-10-25 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-1-17 50344]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\hi-rez studios\HiPatchService.exe [2013-10-24 9216]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2014-1-19 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2014-1-19 701512]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2014-1-23 57944]
R3 cleanhlp;cleanhlp;c:\program files\emsisoft anti-malware\cleanhlp32.sys [2014-1-23 50200]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-1-19 22856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2013-1-30 1691480]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2014-01-23 18:27:37    --------    d-----w-    c:\program files\Emsisoft Anti-Malware
2014-01-23 17:12:08    --------    d-sha-r-    C:\cmdcons
2014-01-23 17:10:18    98816    ----a-w-    c:\windows\sed.exe
2014-01-23 17:10:18    256000    ----a-w-    c:\windows\PEV.exe
2014-01-23 17:10:18    208896    ----a-w-    c:\windows\MBR.exe
2014-01-22 16:30:12    --------    d-----w-    c:\program files\Speccy
2014-01-19 09:31:34    --------    d-----w-    C:\AdwCleaner
2014-01-19 07:31:12    --------    d-----w-    c:\documents and settings\danny\application data\Malwarebytes
2014-01-19 07:31:05    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes
2014-01-19 07:31:04    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-01-19 07:31:04    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2014-01-19 07:20:05    --------    d-----w-    c:\windows\system32\wbem\repository\FS
2014-01-19 07:20:05    --------    d-----w-    c:\windows\system32\wbem\Repository
2014-01-14 23:29:28    --------    d-----w-    c:\documents and settings\danny\local settings\application data\NativeMessaging
2014-01-14 23:28:20    --------    d-----w-    c:\program files\SpeedFan
.
==================== Find3M  ====================
.
2014-01-19 07:26:14    775952    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-01-19 07:26:14    67824    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-01-19 07:26:14    43152    ----a-w-    c:\windows\avastSS.scr
2014-01-19 07:26:14    180248    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-01-19 07:22:40    403440    ----a-w-    c:\windows\system32\drivers\aswsp.sys.1390116203
2013-12-11 02:23:17    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 02:23:17    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-11-22 21:02:08    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-11-22 21:02:04    145408    ----a-w-    c:\windows\system32\javacpl.cpl
.
============= FINISH: 16:54:14.00 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:28 PM

Posted 23 January 2014 - 05:15 PM


Hello badcomputer

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 badcomputer

badcomputer
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 23 January 2014 - 11:23 PM

AdwCleaner froze when I chose to clean the infections. Will try again now that JRT deleted some of these infections.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Microsoft Windows XP x86
Ran by Danny on Thu 01/23/2014 at 23:08:41.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181102}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\Danny\Application Data\mozilla\firefox\profiles\gcvkjrpr.default\searchplugins\conduit.xml
Successfully deleted the following from C:\Documents and Settings\Danny\Application Data\mozilla\firefox\profiles\gcvkjrpr.default\prefs.js

user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3287822&octid=CT3287822&SearchSource=61&CUI=UN27253776682103421&UM=UM_ID&UP=SPDEBFC18F-585C-4E39-
user_pref("Smartbar.ConduitSearchEngineList", "MixiDJ V8 Customized Web Search");
user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287822&SearchSource=2&CUI=UN27253776682103421&UM=UM_ID&q=");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
user_pref("Smartbar.keywordURLSelectedCTID", "CT3287822");
user_pref("browser.search.defaultthis.engineName", "MixiDJ V8 Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287822&SearchSource=3&q={searchTerms}&CUI=UN27253776682103421");
user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287822&SearchSource=2&CUI=UN27253776682103421&UM=UM_ID&q=");
user_pref("smartbar.machineId", "XGMY4NRG/6MDUSEWFPPWQAJYH3UNEWMWFY4NJYFJJW/JRCKUEYHHQTFPX3U51DICSRKCB0ON29WTLV05XGMRNQ");
Emptied folder: C:\Documents and Settings\Danny\Application Data\mozilla\firefox\profiles\gcvkjrpr.default\minidumps [1 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/23/2014 at 23:21:35.57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

UPDATE: Pre-emptively posting log of scan number two of AdwCleaner, will try and clean after post.

# AdwCleaner v3.017 - Report created 23/01/2014 at 23:24:32
# Updated 12/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Danny - SKYNET
# Running from : C:\Documents and Settings\Danny\My Documents\Downloads\adwcleaner(1).exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\Extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}
Folder Found C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\CT3306061
Folder Found C:\Documents and Settings\Danny\Local Settings\Application Data\NativeMessaging

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\prefs.js ]


[ File : C:\Documents and Settings\Administrator.SKYNET\Application Data\Mozilla\Firefox\Profiles\4tnzek2q.default\prefs.js ]


-\\ Google Chrome v32.0.1700.76

[ File : C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup
Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup
Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword

*************************

AdwCleaner[R0].txt - [7115 octets] - [19/01/2014 04:33:09]
AdwCleaner[R1].txt - [6037 octets] - [23/01/2014 12:46:27]
AdwCleaner[R2].txt - [1979 octets] - [23/01/2014 12:55:42]
AdwCleaner[R3].txt - [5353 octets] - [23/01/2014 13:01:41]
AdwCleaner[R4].txt - [1203 octets] - [23/01/2014 13:05:41]
AdwCleaner[R5].txt - [5592 octets] - [23/01/2014 13:15:01]
AdwCleaner[R6].txt - [5566 octets] - [23/01/2014 14:39:02]
AdwCleaner[R7].txt - [5685 octets] - [23/01/2014 22:57:55]
AdwCleaner[R8].txt - [2467 octets] - [23/01/2014 23:24:32]
AdwCleaner[S0].txt - [363 octets] - [19/01/2014 04:34:12]
AdwCleaner[S1].txt - [366 octets] - [23/01/2014 12:47:52]
AdwCleaner[S2].txt - [2066 octets] - [23/01/2014 12:56:22]
AdwCleaner[S3].txt - [366 octets] - [23/01/2014 13:02:21]
AdwCleaner[S4].txt - [1265 octets] - [23/01/2014 13:06:08]
AdwCleaner[S5].txt - [366 octets] - [23/01/2014 14:39:55]

########## EOF - C:\AdwCleaner\AdwCleaner[R8].txt - [2883 octets] ##########
 

 

UPDATE #2: Froze on clean.


Edited by badcomputer, 24 January 2014 - 12:01 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:28 PM

Posted 24 January 2014 - 01:32 AM


Hello badcomputer,

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 badcomputer

badcomputer
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 24 January 2014 - 03:13 PM

ComboFix 14-01-23.02 - Danny 01/24/2014  15:00:50.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2046.1248 [GMT -5:00]
Running from: c:\documents and settings\Danny\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Emsisoft Anti-Malware *Disabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-24 to 2014-01-24  )))))))))))))))))))))))))))))))
.
.
2014-01-24 04:01 . 2014-01-24 04:01    --------    d-----w-    c:\windows\ERUNT
2014-01-23 18:27 . 2014-01-24 19:57    --------    d-----w-    c:\program files\Emsisoft Anti-Malware
2014-01-22 16:30 . 2014-01-22 16:30    --------    d-----w-    c:\program files\Speccy
2014-01-19 09:31 . 2014-01-24 04:27    --------    d-----w-    C:\AdwCleaner
2014-01-19 07:31 . 2014-01-19 07:31    --------    d-----w-    c:\documents and settings\Danny\Application Data\Malwarebytes
2014-01-19 07:31 . 2014-01-19 07:31    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2014-01-19 07:31 . 2014-01-19 07:31    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2014-01-19 07:31 . 2013-04-04 19:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-01-19 07:20 . 2014-01-19 07:20    --------    d-----w-    c:\windows\system32\wbem\Repository
2014-01-16 20:50 . 2014-01-19 06:32    --------    d-s---w-    c:\documents and settings\Administrator
2014-01-14 23:29 . 2014-01-14 23:29    --------    d-----w-    c:\documents and settings\Danny\Local Settings\Application Data\NativeMessaging
2014-01-14 23:28 . 2014-01-19 06:34    --------    d-----w-    c:\program files\SpeedFan
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-19 07:26 . 2013-10-25 07:42    180248    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-01-19 07:26 . 2013-10-25 07:42    67824    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-01-19 07:26 . 2013-01-18 00:29    410528    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2014-01-19 07:26 . 2013-01-18 00:29    54832    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2014-01-19 07:26 . 2013-01-18 00:29    775952    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-01-19 07:26 . 2013-01-18 00:29    57672    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2014-01-19 07:26 . 2013-01-18 00:28    43152    ----a-w-    c:\windows\avastSS.scr
2014-01-19 07:26 . 2013-01-18 00:28    270240    ----a-w-    c:\windows\system32\aswBoot.exe
2014-01-19 07:22 . 2013-01-18 00:29    403440    ----a-w-    c:\windows\system32\drivers\aswsp.sys.1390116203
2013-12-11 02:23 . 2013-03-02 03:52    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 02:23 . 2013-03-02 03:52    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-11-22 21:02 . 2013-11-22 21:02    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-11-22 21:02 . 2013-11-22 21:02    145408    ----a-w-    c:\windows\system32\javacpl.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-19 07:26    259464    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2013-01-20 3093624]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
"iFunBox Price Watch"="c:\program files\iFunbox 2014\iFunBox2014.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"RTHDCPL"="RTHDCPL.EXE" [2012-06-06 20065936]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-01-17 295072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-10-15 15709984]
"NvMediaCenter"="NvMCTray.dll" [2013-10-15 209184]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-10-16 2602784]
"Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-10-18 1028384]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-19 3764024]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"emsisoft anti-malware"="c:\program files\emsisoft anti-malware\a2guard.exe" [2013-12-04 4329408]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
Logi_MwX.Exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-02-28 22:50    18642024    ----a-r-    c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2014-01-07 21:00    1815464    ----a-w-    c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-01-17 20:19    295072    ----a-w-    c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Electronic Arts\\BioWare\\Star Wars - The Old Republic\\launcher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Hi-Rez Studios\\HiRezGames\\smite\\Binaries\\Win32\\Smite.exe"=
"c:\\Documents and Settings\\Danny\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Left 4 Dead 2\\left4dead2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57315:TCP"= 57315:TCP:Pando Media Booster
"57315:UDP"= 57315:UDP:Pando Media Booster
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [10/25/2013 2:42 AM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [10/25/2013 2:42 AM 180248]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [1/23/2014 1:27 PM 22056]
R1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [1/23/2014 1:27 PM 38248]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [1/23/2014 1:27 PM 14432]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/17/2013 7:29 PM 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [1/17/2013 7:29 PM 410528]
R2 a2AntiMalware;Emsisoft Anti-Malware 8.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [1/23/2014 1:27 PM 4161512]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [10/25/2013 2:42 AM 67824]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\Hi-Rez Studios\HiPatchService.exe [10/24/2013 4:30 PM 9216]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [1/19/2014 2:31 AM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/19/2014 2:31 AM 701512]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [11/29/2012 8:31 PM 38608]
R3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [1/23/2014 1:27 PM 57944]
R3 cleanhlp;cleanhlp;c:\program files\Emsisoft Anti-Malware\cleanhlp32.sys [1/23/2014 1:27 PM 50200]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/19/2014 2:31 AM 22856]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [10/9/2013 9:58 AM 3275136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/28/2013 5:45 PM 161384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/30/2013 8:01 PM 1691480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-19 13:21    1211672    ----a-w-    c:\program files\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-02 02:23]
.
2014-01-24 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-01-18 07:26]
.
2014-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-17 20:19]
.
2014-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-17 20:19]
.
2014-01-24 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1757981266-1035525444-839522115-1004.job
- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2012-11-30 01:33]
.
2014-01-24 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1757981266-1035525444-839522115-1004.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-11-30 01:31]
.
2014-01-23 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1757981266-1035525444-839522115-1004.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-11-30 01:31]
.
2014-01-24 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1757981266-1035525444-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 20:30]
.
2014-01-21 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1757981266-1035525444-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 20:30]
.
2014-01-24 c:\windows\Tasks\WpsUpdateTask_Danny.job
- c:\program files\Kingsoft\Kingsoft Office\office6\wpsupdate.exe [2012-09-17 16:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-24 15:08
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwOpenFile
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4024)
c:\program files\Emsisoft Anti-Malware\a2hooks32.dll
c:\windows\system32\msi.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\WSOCK32.dll
.
Completion time: 2014-01-24  15:10:05
ComboFix-quarantined-files.txt  2014-01-24 20:10
ComboFix2.txt  2014-01-23 17:21
ComboFix3.txt  2014-01-13 17:46
.
Pre-Run: 229,673,750,528 bytes free
Post-Run: 229,669,617,664 bytes free
.
- - End Of File - - 8441E5EAFEEBC81734EC53A6F7BEF306
8F558EB6672622401DA993E1E865C861

I just logged back on to my PC, and I have not had the chance to notice whether Malwarebytes warns me about incoming/outgoing malicious connections. I was previously advised to run AdwCleaner and clean using this program, but whenever I attempted to clean, the computer would freeze. The symptoms I am experiencing is gradually worsening slowness, and Malwarebytes' warning me of various connections coming from the Eastern Bloc. When running TCP, it reports connections coming from all over Europe sending and receiving packets.

 

Update: Still receiving warnings from Malwarebytes about said connections after Combofix was run.


Edited by badcomputer, 24 January 2014 - 05:59 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:28 PM

Posted 24 January 2014 - 11:09 PM





Hello badcomputer,

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
  • •Internet access
    •Windows Update
    •Windows Firewall
9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.


--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from MBAR and Roguekiller and also let me know how the computer is doing at this time.

Gringo






When you are complete please send me both reports

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 badcomputer

badcomputer
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 25 January 2014 - 01:13 AM

Here are the two reports. Malwarebytes Anti-Rootkit found no infections, RK did. I enabled my avast anti-virus shields and just started receiving my first warning from Malwarebytes that it has blocked a malicious connection.

 

RogueKiller V8.8.3 [Jan 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Danny [Admin rights]
Mode : Remove -- Date : 01/25/2014 01:08:55
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[122] : unknown @ 0x805CB3FC -> HOOKED (C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0x8B1AC184)
[Address] SSDT[128] : NtOpenThread @ 0x805CB688 -> HOOKED (C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0x8B1AC2D0)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200AAKX-001CA0 +++++
--- User ---
[MBR] baeb4834496feee2ff3a3a65bfecf9aa
[BSP] e6049671ba9b54e878ef7364eaca8c93 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_01252014_010855.txt >>
RKreport[0]_S_01252014_010659.txt



RogueKiller V8.8.3 [Jan 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Danny [Admin rights]
Mode : Scan -- Date : 01/25/2014 01:06:59
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[122] : unknown @ 0x805CB3FC -> HOOKED (C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0x8B1AC184)
[Address] SSDT[128] : NtOpenThread @ 0x805CB688 -> HOOKED (C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0x8B1AC2D0)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200AAKX-001CA0 +++++
--- User ---
[MBR] baeb4834496feee2ff3a3a65bfecf9aa
[BSP] e6049671ba9b54e878ef7364eaca8c93 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_01252014_010659.txt >>




 


Edited by badcomputer, 25 January 2014 - 01:15 AM.


#8 badcomputer

badcomputer
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 25 January 2014 - 01:18 AM

The person previously helping me asked me to use TCPview to assess whether or not these connections were malicious. Here is one of the logs I recently took from TCPview.

[System Process]    0    TCP    skynet    57315    173.60.252.139    56898    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    85.114.175.211    49208    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    219.41.38.179    54219    TIME_WAIT                                        
[System Process]    0    TCP    skynet    3346    81.227.30.165    58786    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    88.25.131.54    29599    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    68.10.244.248    57107    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    98.165.229.132    56653    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    92.98.37.198    62094    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    190.164.117.83    60852    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    74.141.49.100    58384    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    68.12.180.215    59236    TIME_WAIT                                        
[System Process]    0    TCP    skynet    3291    190.30.46.4    58886    TIME_WAIT                                        
[System Process]    0    TCP    skynet    3348    190-175-110-232.speedy.com.ar    58714    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    95.165.108.167    55715    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    199.231.242.231    60572    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    71.82.112.169    63681    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    187.250.132.167    49432    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    50.79.199.221    52470    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    190.30.38.46    14422    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    178.90.168.106    18476    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    115.64.228.50    54239    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    178.222.163.94    24132    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    86.26.181.210    55260    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    68.53.62.186    55048    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    94.109.119.139    53411    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    93.173.232.12    2734    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    138.217.93.13    56739    TIME_WAIT                                        
[System Process]    0    TCP    skynet    3361    129.64.210.55    59710    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    24.107.14.176    65157    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    189.158.225.28    29227    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    173.29.138.201    60586    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    76.19.1.9    53121    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    75.80.123.111    61245    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    24.22.213.99    64320    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    200.112.138.44    50552    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    50.164.209.92    56592    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    219.78.125.204    57900    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    68.5.206.69    54218    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    76.167.133.249    59111    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    69.244.14.230    56971    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    212.160.186.138    3632    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    169.236.92.103    56453    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    190.6.249.180    15931    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    218.147.56.68    2644    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    66.189.148.4    53135    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    66.211.26.72    49301    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    91.113.127.52    63607    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    71.82.151.51    51961    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    72.27.14.250    63357    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    72.94.212.156    59260    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    122.151.183.175    62958    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    68.116.208.19    65268    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    200.127.211.116    58937    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    177.96.33.91    61118    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    188.77.21.14    2025    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    153.165.57.134    49416    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    99.229.71.193    61484    TIME_WAIT                                        
[System Process]    0    TCP    skynet    57315    124.169.127.191    59547    TIME_WAIT                                        
AppleMobileDeviceService.exe    1184    TCP    skynet    27015    localhost    1033    ESTABLISHED                                        
AppleMobileDeviceService.exe    1184    TCP    skynet    1031    localhost    5354    ESTABLISHED                                        
AppleMobileDeviceService.exe    1184    TCP    skynet    1032    localhost    5354    ESTABLISHED                                        
AvastSvc.exe    1584    TCP    skynet    3428    108.162.199.21    http    ESTABLISHED                                        
AvastSvc.exe    1584    TCP    skynet    12080    localhost    2075    ESTABLISHED                                        
AvastSvc.exe    1584    TCP    skynet    4667    r-052-044-234-077.ff.avast.com    http    ESTABLISHED                                        
AvastSvc.exe    1584    TCP    skynet    3441    edge-star-shv-09-mia1.facebook.com    http    ESTABLISHED                                        
AvastSvc.exe    1584    TCP    skynet    3415    mia05s18-in-f17.1e100.net    http    ESTABLISHED                                        
AvastSvc.exe    1584    TCP    skynet    3429    108.162.199.21    http    ESTABLISHED                                        
AvastSvc.exe    1584    TCP    skynet    12080    localhost    3452    ESTABLISHED                                        
AvastSvc.exe    1584    TCP    skynet    12080    localhost    3420    ESTABLISHED                                        
AvastSvc.exe    1584    TCP    skynet    3442    edge-star-shv-09-mia1.facebook.com    http    ESTABLISHED                                        
AvastSvc.exe    1584    TCP    skynet    12080    localhost    3437    ESTABLISHED                                        
AvastSvc.exe    1584    TCP    skynet    12080    localhost    3438    ESTABLISHED                                        
AvastSvc.exe    1584    TCP    skynet    12080    localhost    3422    ESTABLISHED                                        
AvastSvc.exe    1584    TCP    skynet    12080    localhost    3423    ESTABLISHED                                        
AvastSvc.exe    1584    TCP    skynet    3333    r-052-012-039-195.avast.com    http    LAST_ACK                                        
AvastSvc.exe    1584    TCP    skynet    3435    mia05s17-in-f1.1e100.net    http    ESTABLISHED                                        
AvastSvc.exe    1584    TCP    skynet    12080    localhost    3425    ESTABLISHED                                        
AvastSvc.exe    1584    TCP    skynet    3419    108.162.199.21    http    ESTABLISHED                                        
AvastSvc.exe    1584    TCP    skynet    3432    23.0.234.239    http    ESTABLISHED                                        
AvastSvc.exe    1584    TCP    skynet    3421    108.162.199.21    http    ESTABLISHED                                        
AvastSvc.exe    1584    TCP    skynet    12080    localhost    3461    ESTABLISHED                                        
AvastSvc.exe    1584    TCP    skynet    12080    localhost    3414    ESTABLISHED                                        
AvastSvc.exe    1584    TCP    skynet    3424    108.162.199.21    http    ESTABLISHED                                        
AvastSvc.exe    1584    TCP    skynet    3462    65.54.93.70    http    CLOSE_WAIT                                        
AvastSvc.exe    1584    TCP    skynet    12080    localhost    2279    CLOSE_WAIT                                        
AvastSvc.exe    1584    TCP    skynet    12080    localhost    3431    ESTABLISHED                                        
AvastSvc.exe    1584    TCP    skynet    3426    108.162.199.21    http    ESTABLISHED                                        
AvastSvc.exe    1584    TCP    skynet    12080    localhost    3433    ESTABLISHED                                        
AvastSvc.exe    1584    TCP    skynet    12080    localhost    3417    ESTABLISHED                                        
AvastSvc.exe    1584    TCP    skynet    3454    23.74.2.67    http    ESTABLISHED                                        
AvastSvc.exe    1584    TCP    skynet    12080    localhost    3418    ESTABLISHED                                        
AvastUI.exe    1448    TCP    skynet    1240    23.40.190.13    https    CLOSE_WAIT                                        
AvastUI.exe    1448    TCP    skynet    1235    173.194.37.105    http    CLOSE_WAIT                                        
AvastUI.exe    1448    TCP    skynet    1238    173.194.37.158    https    CLOSE_WAIT                                        
AvastUI.exe    1448    TCP    skynet    1236    208.43.71.146    https    CLOSE_WAIT                                        
AvastUI.exe    1448    TCP    skynet    1239    173.194.37.158    https    CLOSE_WAIT                                        
firefox.exe    5576    TCP    skynet    2075    localhost    12080    ESTABLISHED                                        
firefox.exe    5576    TCP    skynet    3444    mia05s17-in-f15.1e100.net    https    ESTABLISHED    1    37    1    37                        
firefox.exe    5576    TCP    skynet    3404    mia05s17-in-f5.1e100.net    https    ESTABLISHED    1    37    1    37                        
firefox.exe    5576    TCP    skynet    3452    localhost    12080    ESTABLISHED                                        
firefox.exe    5576    TCP    skynet    3420    localhost    12080    ESTABLISHED                                        
firefox.exe    5576    TCP    skynet    3447    edge-star-shv-09-mia1.facebook.com    https    ESTABLISHED    1    37    1    37                        
firefox.exe    5576    TCP    skynet    3437    localhost    12080    ESTABLISHED                                        
firefox.exe    5576    TCP    skynet    3438    localhost    12080    ESTABLISHED                                        
firefox.exe    5576    TCP    skynet    3422    localhost    12080    ESTABLISHED                                        
firefox.exe    5576    TCP    skynet    3220    190.93.251.92    http    ESTABLISHED                                        
firefox.exe    5576    TCP    skynet    3423    localhost    12080    ESTABLISHED                                        
firefox.exe    5576    TCP    skynet    3448    mia05s17-in-f11.1e100.net    https    ESTABLISHED    1    37    1    37                        
firefox.exe    5576    TCP    skynet    3330    54.243.77.179    http    ESTABLISHED    1    519    1    183                        
firefox.exe    5576    TCP    skynet    3592    localhost    3593    ESTABLISHED    37    37            1        1            
firefox.exe    5576    TCP    skynet    3593    localhost    3592    ESTABLISHED            37    37        1        1        
firefox.exe    5576    TCP    skynet    3425    localhost    12080    ESTABLISHED                                        
firefox.exe    5576    TCP    skynet    3402    mia05s17-in-f11.1e100.net    https    ESTABLISHED    1    37    1    37                        
firefox.exe    5576    TCP    skynet    3403    mia05s17-in-f15.1e100.net    https    ESTABLISHED    1    37    1    37                        
firefox.exe    5576    TCP    skynet    3461    localhost    12080    ESTABLISHED                                        
firefox.exe    5576    TCP    skynet    3406    173.194.37.99    https    ESTABLISHED    1    37    1    37                        
firefox.exe    5576    TCP    skynet    3414    localhost    12080    ESTABLISHED                                        
firefox.exe    5576    TCP    skynet    3443    74.125.196.84    https    ESTABLISHED    1    37    1    37                        
firefox.exe    5576    TCP    skynet    3431    localhost    12080    ESTABLISHED                                        
firefox.exe    5576    TCP    skynet    3401    mia05s18-in-f17.1e100.net    https    ESTABLISHED    1    37    1    37                        
firefox.exe    5576    TCP    skynet    3417    localhost    12080    ESTABLISHED                                        
firefox.exe    5576    TCP    skynet    3433    localhost    12080    ESTABLISHED                                        
firefox.exe    5576    TCP    skynet    3418    localhost    12080    ESTABLISHED                                        
iTunesHelper.exe    1524    TCP    skynet    1033    localhost    27015    ESTABLISHED                                        
mDNSResponder.exe    2032    TCP    skynet    5354    localhost    1031    ESTABLISHED                                        
mDNSResponder.exe    2032    TCP    skynet    5354    localhost    1032    ESTABLISHED                                        
PMB.exe    1688    TCP    skynet    1126    localhost    1125    ESTABLISHED            2,976    2,976        45        45        
PMB.exe    1688    TCP    skynet    1125    localhost    1126    ESTABLISHED    2,974    2,974            44        44            
PMB.exe    1688    TCP    skynet    57315    67-40-245-150.roch.qwest.net    53615    ESTABLISHED            23    273                        
PMB.exe    1688    TCP    skynet    57315    200.117.90.235    21955    ESTABLISHED            19    243        18        1        
PMB.exe    1688    TCP    skynet    57315    avelizy-551-1-105-158.w92-151.abo.wanadoo.fr    62947    SYN_RCVD                                        
PMB.exe    1688    TCP    skynet    57315    cm222-166-83-117.hkcable.com.hk    52905    FIN_WAIT1                                        
PMB.exe    1688    TCP    skynet    57315    cpe-68a3c48f9fa5.cpe.cableonda.net    53030    ESTABLISHED                                        
PMB.exe    1688    TCP    skynet    57315    186-107-52-118.baf.movistar.cl    52668    FIN_WAIT1                                        
PMB.exe    1688    TCP    skynet    57315    static-211-73.grapevine.transact.net.au    61990    FIN_WAIT1                                        
PMB.exe    1688    TCP    skynet    57315    dhcp-67-158-43-76.bhfc.net    3696    ESTABLISHED                                        
PMB.exe    1688    TCP    skynet    3379    cpe-121-217-82-78.lnse1.cht.bigpond.net.au    56113    CLOSING                                        
PMB.exe    1688    TCP    skynet    3316    sm1-84-90-42-12.netvisao.pt    58951    LAST_ACK                                        
PMB.exe    1688    TCP    skynet    3342    cust-82-99-109-121.alvsbyn.com    57206    CLOSING                                        
PMB.exe    1688    TCP    skynet    3027    adnk198.neoplus.adsl.tpnet.pl    57922    CLOSING                                        
PMB.exe    1688    TCP    skynet    57315    ip72-209-17-53.ri.ri.cox.net    56902    ESTABLISHED    253    348,128    28    296    8,280        6            
PMB.exe    1688    TCP    skynet    3127    host-41-196-87-108.static.link.com.eg    57072    LAST_ACK                                        
PMB.exe    1688    TCP    skynet    3145    v1p21-1-78-239-70-105.fbx.proxad.net    58772    LAST_ACK                                        
PMB.exe    1688    TCP    skynet    57315    r180-216-96-237.cpe.vividwireless.net.au    58502    ESTABLISHED                                        
PMB.exe    1688    TCP    skynet    57315    202.132.broadband9.iol.cz    11251    ESTABLISHED    160    220,580    20    285    15,180        11            
PMB.exe    1688    TCP    skynet    57315    host-174-45-239-122.bln-mt.client.bresnan.net    58230    CLOSING                                        
PMB.exe    1688    TCP    skynet    3317    dsl-lprbrasgw1-54fa9a-85.dhcp.inet.fi    57233    CLOSING                                        
PMB.exe    1688    TCP    skynet    3166    7-112-231-201.fibertel.com.ar    57894    LAST_ACK                                        
PMB.exe    1688    TCP    skynet    3200    200.8.244.161    58296    LAST_ACK                                        
PMB.exe    1688    TCP    skynet    3285    220-244-42-169.static.tpgi.com.au    56974    LAST_ACK                                        
PMB.exe    1688    TCP    skynet    57315    218.115.168.125.sta.wbroadband.net.au    57283    FIN_WAIT1                                        
PMB.exe    1688    TCP    skynet    2782    athedsl-167219.home.otenet.gr    58310    FIN_WAIT1                                        
PMB.exe    1688    TCP    skynet    57315    s0106602ad06f92dd.ed.shawcable.net    58416    ESTABLISHED            4    31                        
PMB.exe    1688    TCP    skynet    57315    92.98.29.194    55825    ESTABLISHED            8    72                        
PMB.exe    1688    TCP    skynet    3147    cpe-72-191-29-196.satx.res.rr.com    57688    ESTABLISHED                                        
PMB.exe    1688    TCP    skynet    3399    190-175-110-232.speedy.com.ar    58714    LAST_ACK                                        
PMB.exe    1688    TCP    skynet    3362    190-173-200-35.speedy.com.ar    56454    ESTABLISHED                                        
PMB.exe    1688    TCP    skynet    3460    79.103.201.154.dsl.dyn.forthnet.gr    58677    CLOSING                                        
PMB.exe    1688    TCP    skynet    3474    95.180.90.144    58615    ESTABLISHED                                        
PMB.exe    1688    TCP    skynet    3035    106-68-169-25.dyn.iinet.net.au    57385    CLOSING                                        
PMB.exe    1688    TCP    skynet    3287    host-209-227-111-24.midco.net    58535    CLOSING                                        
PMB.exe    1688    TCP    skynet    3005    cpe-72-191-29-196.satx.res.rr.com    57688    LAST_ACK                                        
PMB.exe    1688    TCP    skynet    57315    dynamic-ip-18684175237.cable.net.co    23105    ESTABLISHED            3    27                        
PMB.exe    1688    TCP    skynet    57315    75.47.69.153    63021    ESTABLISHED            12    103                        
PMB.exe    1688    TCP    skynet    57315    181.23.2.47    21286    ESTABLISHED            9    81        9        1        
PMB.exe    1688    TCP    skynet    57315    174.45.108.128    57572    SYN_RCVD                                        
PMB.exe    1688    TCP    skynet    1129    localhost    1128    ESTABLISHED                                        
PMB.exe    1688    TCP    skynet    1128    localhost    1129    ESTABLISHED                                        
PMB.exe    1688    TCP    skynet    3133    190.185.180.205    57150    LAST_ACK                                        
PMB.exe    1688    TCP    skynet    3314    7-112-231-201.fibertel.com.ar    57894    LAST_ACK                                        
PMB.exe    1688    TCP    skynet    2674    186.14.57.108    58933    LAST_ACK                                        
PMB.exe    1688    TCP    skynet    57315    201.184.72.161    52923    ESTABLISHED                                        
PMB.exe    1688    TCP    skynet    3310    190.36.126.122    57764    LAST_ACK                                        
PMB.exe    1688    TCP    skynet    3162    201.184.161.121    57940    LAST_ACK                                        
PMB.exe    1688    TCP    skynet    57315    186.153.184.125    55704    ESTABLISHED            9    76                        
PMB.exe    1688    TCP    skynet    3198    67.224.165.170    58941    CLOSING                                        
PMB.exe    1688    TCP    skynet    57315    216.232.232.181    61033    CLOSING                                        
PMB.exe    1688    TCP    skynet    57315    175.158.132.165    64879    FIN_WAIT1                                        
PMB.exe    1688    TCP    skynet    57315    143.167.240.11    59076    FIN_WAIT1                                        
PMB.exe    1688    TCP    skynet    57315    173.26.170.179    54319    ESTABLISHED                                        
PMB.exe    1688    TCP    skynet    3186    200.127.86.158    57452    LAST_ACK                                        
PMB.exe    1688    TCP    skynet    57315    81.67.25.165    63368    FIN_WAIT1                                        
PMB.exe    1688    TCP    skynet    1273    localhost    1274    ESTABLISHED                                        
PMB.exe    1688    TCP    skynet    1274    localhost    1273    ESTABLISHED                                        
PMB.exe    1688    TCP    skynet    1121    localhost    1122    ESTABLISHED                                        
PMB.exe    1688    TCP    skynet    1122    localhost    1121    ESTABLISHED                                        
PMB.exe    1688    TCP    skynet    2701    190.77.119.15    57569    FIN_WAIT1                                        
PMB.exe    1688    TCP    skynet    57315    75.233.61.241    58044    ESTABLISHED            8    94        22        1        
PMB.exe    1688    TCP    skynet    3375    106-68-169-25.dyn.iinet.net.au    57385    CLOSING                                        
PMB.exe    1688    TCP    skynet    3378    195.132.192.88    57993    ESTABLISHED                                        
PMB.exe    1688    TCP    skynet    57315    188.4.216.47    52011    CLOSING                                        
PMB.exe    1688    TCP    skynet    3168    186.32.202.29    58639    LAST_ACK                                        
PMB.exe    1688    TCP    skynet    57315    186.128.37.107    51318    CLOSING                                        
PMB.exe    1688    TCP    skynet    3373    95.88.255.133    58162    LAST_ACK                                        
PMB.exe    1688    TCP    skynet    57315    201.243.166.252    54522    ESTABLISHED            2    18                        
PMB.exe    1688    TCP    skynet    57315    186.13.5.130    29025    ESTABLISHED    4    5,520    2    26                        
PMB.exe    1688    TCP    skynet    57315    186.133.31.79    10797    ESTABLISHED            4    36                        
PMB.exe    1688    TCP    skynet    3472    87.205.241.82    57074    CLOSING                                        
PMB.exe    1688    TCP    skynet    3407    host-41-196-87-108.static.link.com.eg    57072    LAST_ACK                                        
PMB.exe    1688    TCP    skynet    57315    201.243.100.218    48372    ESTABLISHED                                        
PMB.exe    1688    TCP    skynet    57315    189.222.105.194    57006    ESTABLISHED                                        
PMB.exe    1688    TCP    skynet    1258    localhost    1259    ESTABLISHED                                        
PMB.exe    1688    TCP    skynet    1259    localhost    1258    ESTABLISHED                                        
PMB.exe    1688    TCP    skynet    3294    190-175-110-232.speedy.com.ar    58714    LAST_ACK                                        
PMB.exe    1688    TCP    skynet    2990    190-175-110-232.speedy.com.ar    58714    CLOSING                                        
PMB.exe    1688    TCP    skynet    3231    190.107.125.178    57945    LAST_ACK                                        
PMB.exe    1688    TCP    skynet    3309    186.190.138.37    58089    ESTABLISHED                                        
PMB.exe    1688    TCP    skynet    57315    1.206.45.156    62329    ESTABLISHED            1    9                        
PMB.exe    1688    TCP    skynet    3282    186.32.202.29    58639    LAST_ACK                                        
PMB.exe    1688    TCP    skynet    3274    101.99.202.224    58694    LAST_ACK                                        
PMB.exe    1688    TCP    skynet    3066    105.236.144.161    57521    LAST_ACK                                        
PMB.exe    1688    TCP    skynet    57315    116.48.34.196    54965    ESTABLISHED    142    195,608    20    249    8,236    35    6    1        
PMB.exe    1688    TCP    skynet    3479    7-112-231-201.fibertel.com.ar    57894    ESTABLISHED                                        
PMB.exe    1688    TCP    skynet    3049    186.14.198.81    58141    LAST_ACK                                        
PMB.exe    1688    TCP    skynet    57315    189.175.66.62    17839    FIN_WAIT1                                        
PMB.exe    1688    TCP    skynet    3267    v1p21-1-78-239-70-105.fbx.proxad.net    58772    ESTABLISHED                                        
PMB.exe    1688    TCP    skynet    57315    187.214.63.141    26117    ESTABLISHED    1    5    3    91    5    34    1    1        
PMB.exe    1688    TCP    skynet    57315    186.52.131.218    27780    ESTABLISHED    10    13,644    3    35                        
PMB.exe    1688    TCP    skynet    57315    108.213.144.142    63346    ESTABLISHED            4    36                        
PMB.exe    1688    TCP    skynet    1124    localhost    1123    ESTABLISHED            482    482        16        16        
PMB.exe    1688    TCP    skynet    1123    localhost    1124    ESTABLISHED    480    480            16        16            
PMB.exe    1688    TCP    skynet    3232    190-175-110-232.speedy.com.ar    58714    LAST_ACK                                        
PMB.exe    1688    TCP    skynet    57315    121.54.32.100    55482    ESTABLISHED    36    49,680    3    35                        
PMB.exe    1688    TCP    skynet    3393    190.77.119.15    57569    LAST_ACK                                        
PMB.exe    1688    TCP    skynet    3279    220-244-42-169.static.tpgi.com.au    56974    LAST_ACK                                        
PMB.exe    1688    TCP    skynet    57315    81.164.129.174    55845    SYN_RCVD                                        
PMB.exe    1688    TCP    skynet    57315    105.229.136.200    50523    ESTABLISHED    5    6,900    1    9    2,760        2            
PMB.exe    1688    TCP    skynet    3262    186.249.21.51    57070    LAST_ACK                                        
PMB.exe    1688    TCP    skynet    3028    190.38.228.49    57411    CLOSING                                        
PMB.exe    1688    TCP    skynet    3123    39.112.111.37    56403    LAST_ACK                                        
PMB.exe    1688    TCP    skynet    3177    186.14.57.108    58933    LAST_ACK                                        
PMB.exe    1688    TCP    skynet    57315    27.33.61.251    50026    ESTABLISHED                                        
PMB.exe    1688    TCP    skynet    3315    78.147.32.24    57571    CLOSING                                        
PMB.exe    1688    TCP    skynet    57315    181.25.231.253    26239    ESTABLISHED            4    31                        
PMB.exe    1688    TCP    skynet    3082    186.14.57.108    58933    LAST_ACK                                        
PMB.exe    1688    TCP    skynet    3299    190.107.125.178    57945    LAST_ACK                                        
PMB.exe    1688    TCP    skynet    57315    203.87.236.19    27035    ESTABLISHED    17    23,460    5    71                        
PMB.exe    1688    TCP    skynet    2657    186.190.138.37    58089    FIN_WAIT2                                        
PMB.exe    1688    TCP    skynet    3298    201.209.208.197    56305    LAST_ACK                                        
PMB.exe    1688    TCP    skynet    57315    188.162.228.68    61441    ESTABLISHED                                        
PMB.exe    1688    TCP    skynet    57315    72.39.180.204    54265    CLOSING                                        
PMB.exe    1688    TCP    skynet    57315    24.193.220.62    56189    FIN_WAIT1                                        
PMB.exe    1688    TCP    skynet    57315    112.203.181.47    53429    ESTABLISHED            1    9                        
PMB.exe    1688    TCP    skynet    3273    195.132.192.88    57993    LAST_ACK                                        
PMB.exe    1688    TCP    skynet    57315    50.203.88.210    57579    ESTABLISHED                                        
PMB.exe    1688    TCP    skynet    3411    201.209.208.197    56305    LAST_ACK                                        
PMB.exe    1688    TCP    skynet    2982    173.2.31.119    58167    ESTABLISHED                                        
PMB.exe    1688    TCP    skynet    3359    105.236.144.161    57521    LAST_ACK                                        
Skype.exe    2516    TCP    skynet    63064    172-15-200-212.lightspeed.cicril.sbcglobal.net    56916    ESTABLISHED    82    14,561    66    3,061    180    70    1    1        
Skype.exe    2516    TCP    skynet    3660    bn1msgr1010608.gateway.edge.messenger.live.com    https    ESTABLISHED                                        
Skype.exe    2516    TCP    skynet    3398    ip68-12-65-241.ok.ok.cox.net    58030    ESTABLISHED            1    15                        
Skype.exe    2516    TCP    skynet    63064    user-24-214-197-62.knology.net    60066    ESTABLISHED                                        
Skype.exe    2516    TCP    skynet    3476    129.64.210.55    59710    ESTABLISHED                                        
Skype.exe    2516    TCP    skynet    63064    96.238.101.162    62006    ESTABLISHED    1    2    1    2                        
Skype.exe    2516    TCP    skynet    3656    157.55.133.144    12350    ESTABLISHED                                        
Skype.exe    2516    TCP    skynet    3336    68.8.187.30    3125    ESTABLISHED    1    4    1    18                        
Skype.exe    2516    TCP    skynet    63064    216.232.193.196    59146    CLOSING                                        
Skype.exe    2516    TCP    skynet    4858    84.202.164.171    60572    ESTABLISHED    1    4    1    15                        
Skype.exe    2516    TCP    skynet    63064    72.130.111.219    59007    ESTABLISHED                                        
Skype.exe    2516    TCP    skynet    3654    157.55.130.154    40012    ESTABLISHED                                        
Skype.exe    2516    TCP    skynet    3475    74.59.72.183    15093    ESTABLISHED                                        
Skype.exe    2516    TCP    skynet    3812    111.254.187.11    43900    ESTABLISHED    1    4    1    15                        
Skype.exe    2516    TCP    skynet    63064    71.9.106.110    50743    ESTABLISHED                                        
Skype.exe    2516    TCP    skynet    63064    68.172.240.120    53384    LAST_ACK                                        
Skype.exe    2516    TCP    skynet    63064    108.2.165.191    62289    ESTABLISHED    18    666    18    3,954                        
 



#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:28 PM

Posted 25 January 2014 - 09:43 PM


Please look in the following location for a file called PROTECTION-log-xx-xx-xxxx.txt' (x= dates) and attach the contents back for me to review. This info may give me an idea on how to address this issue on your system.

Open Malwarebytes Anti-Malware.

Once open, there will be a series of tabs, labeled in order:
Scanner | Protection | Update | Quarantine | Logs | Ignore list | Settings | More Tools | About

Click the 'Logs' tab.

From the list look for the last log and either double-click it or click the 'Open' button to view it.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 badcomputer

badcomputer
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 25 January 2014 - 09:52 PM

Here you go

 

2014/01/25 00:00:33 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: incoming)
2014/01/25 00:00:36 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: incoming)
2014/01/25 00:00:39 -0500    SKYNET    Danny    IP-BLOCK    219.146.165.62 (Type: incoming)
2014/01/25 00:00:42 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: incoming)
2014/01/25 00:01:14 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: incoming)
2014/01/25 00:01:17 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: incoming)
2014/01/25 00:01:23 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: incoming)
2014/01/25 00:02:08 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: incoming)
2014/01/25 00:02:11 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: incoming)
2014/01/25 00:02:17 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: incoming)
2014/01/25 00:03:31 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: incoming)
2014/01/25 00:03:34 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: incoming)
2014/01/25 00:03:40 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: incoming)
2014/01/25 00:06:15 -0500    SKYNET    Danny    IP-BLOCK    219.146.165.62 (Type: incoming)
2014/01/25 00:06:18 -0500    SKYNET    Danny    IP-BLOCK    219.146.165.62 (Type: incoming)
2014/01/25 00:06:24 -0500    SKYNET    Danny    IP-BLOCK    219.146.165.62 (Type: incoming)
2014/01/25 00:25:33 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: incoming)
2014/01/25 00:25:33 -0500    SKYNET    Danny    MESSAGE    Executing scheduled update:  Daily
2014/01/25 00:25:36 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: incoming)
2014/01/25 00:25:42 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: incoming)
2014/01/25 00:26:00 -0500    SKYNET    Danny    MESSAGE    Starting database refresh
2014/01/25 00:26:00 -0500    SKYNET    Danny    MESSAGE    Stopping IP protection
2014/01/25 00:26:00 -0500    SKYNET    Danny    MESSAGE    Scheduled update executed successfully:  database updated from version v2014.01.24.02 to version v2014.01.25.04
2014/01/25 00:26:00 -0500    SKYNET    Danny    MESSAGE    IP Protection stopped successfully
2014/01/25 00:26:33 -0500    SKYNET    Danny    MESSAGE    Database refreshed successfully
2014/01/25 00:26:33 -0500    SKYNET    Danny    MESSAGE    Starting IP protection
2014/01/25 00:26:37 -0500    SKYNET    Danny    MESSAGE    IP Protection started successfully
2014/01/25 00:57:14 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: incoming)
2014/01/25 00:57:17 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: incoming)
2014/01/25 00:57:23 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: incoming)
2014/01/25 00:58:08 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: incoming)
2014/01/25 00:58:11 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: incoming)
2014/01/25 00:58:17 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: incoming)
2014/01/25 00:59:38 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: incoming)
2014/01/25 00:59:41 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: incoming)
2014/01/25 00:59:47 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: incoming)
2014/01/25 01:08:10 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: incoming)
2014/01/25 01:08:13 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: incoming)
2014/01/25 01:08:19 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: incoming)
2014/01/25 01:14:36 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: incoming)
2014/01/25 01:14:39 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: incoming)
2014/01/25 01:14:45 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: incoming)
2014/01/25 01:16:27 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: incoming)
2014/01/25 01:16:30 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: incoming)
2014/01/25 01:16:36 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: incoming)
2014/01/25 01:25:06 -0500    SKYNET    Danny    IP-BLOCK    98.142.246.65 (Type: incoming)
2014/01/25 01:25:09 -0500    SKYNET    Danny    IP-BLOCK    98.142.246.65 (Type: incoming)
2014/01/25 01:25:15 -0500    SKYNET    Danny    IP-BLOCK    98.142.246.65 (Type: incoming)
2014/01/25 01:27:11 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: incoming)
2014/01/25 01:27:14 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: incoming)
2014/01/25 01:27:20 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: incoming)
2014/01/25 01:34:18 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: incoming)
2014/01/25 01:34:21 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: incoming)
2014/01/25 01:34:27 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: incoming)
2014/01/25 01:35:57 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: outgoing)
2014/01/25 01:36:00 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: outgoing)
2014/01/25 01:36:06 -0500    SKYNET    Danny    IP-BLOCK    89.28.114.90 (Type: outgoing)
2014/01/25 01:43:22 -0500    SKYNET    Danny    IP-BLOCK    98.142.246.65 (Type: incoming)
2014/01/25 01:43:25 -0500    SKYNET    Danny    IP-BLOCK    98.142.246.65 (Type: incoming)
2014/01/25 01:43:31 -0500    SKYNET    Danny    IP-BLOCK    98.142.246.65 (Type: incoming)
2014/01/25 14:50:44 -0500    SKYNET        MESSAGE    Starting protection
2014/01/25 14:50:45 -0500    SKYNET        MESSAGE    Protection started successfully
2014/01/25 14:50:45 -0500    SKYNET        MESSAGE    Starting IP protection
2014/01/25 14:51:57 -0500    SKYNET    Danny    MESSAGE    IP Protection started successfully
2014/01/25 14:52:20 -0500    SKYNET    Danny    IP-BLOCK    212.113.43.166 (Type: outgoing)
2014/01/25 14:52:27 -0500    SKYNET    Danny    IP-BLOCK    212.113.43.166 (Type: outgoing)
2014/01/25 14:52:32 -0500    SKYNET    Danny    IP-BLOCK    212.113.43.166 (Type: outgoing)
2014/01/25 14:52:37 -0500    SKYNET    Danny    IP-BLOCK    212.113.43.166 (Type: outgoing)
2014/01/25 14:52:42 -0500    SKYNET    Danny    IP-BLOCK    212.113.43.166 (Type: outgoing)
2014/01/25 15:21:44 -0500    SKYNET    Danny    IP-BLOCK    77.78.223.78 (Type: outgoing)
2014/01/25 15:21:47 -0500    SKYNET    Danny    IP-BLOCK    77.78.223.78 (Type: outgoing)
2014/01/25 15:21:53 -0500    SKYNET    Danny    IP-BLOCK    77.78.223.78 (Type: outgoing)
2014/01/25 15:44:21 -0500    SKYNET    Danny    IP-BLOCK    77.78.223.78 (Type: outgoing)
2014/01/25 15:44:24 -0500    SKYNET    Danny    IP-BLOCK    77.78.223.78 (Type: outgoing)
2014/01/25 15:44:30 -0500    SKYNET    Danny    IP-BLOCK    77.78.223.78 (Type: outgoing)
2014/01/25 15:52:31 -0500    SKYNET    Danny    IP-BLOCK    89.28.69.33 (Type: incoming)
2014/01/25 15:52:34 -0500    SKYNET    Danny    IP-BLOCK    89.28.69.33 (Type: incoming)
2014/01/25 15:52:40 -0500    SKYNET    Danny    IP-BLOCK    89.28.69.33 (Type: incoming)
2014/01/25 16:13:03 -0500    SKYNET    Danny    IP-BLOCK    89.28.19.79 (Type: outgoing)
2014/01/25 16:13:06 -0500    SKYNET    Danny    IP-BLOCK    89.28.19.79 (Type: outgoing)
2014/01/25 16:13:12 -0500    SKYNET    Danny    IP-BLOCK    89.28.19.79 (Type: outgoing)
2014/01/25 16:26:10 -0500    SKYNET    Danny    IP-BLOCK    77.78.208.113 (Type: incoming)
2014/01/25 16:26:13 -0500    SKYNET    Danny    IP-BLOCK    77.78.208.113 (Type: incoming)
2014/01/25 16:26:19 -0500    SKYNET    Danny    IP-BLOCK    77.78.208.113 (Type: incoming)
2014/01/25 16:26:38 -0500    SKYNET    Danny    IP-BLOCK    77.78.223.78 (Type: incoming)
2014/01/25 16:26:41 -0500    SKYNET    Danny    IP-BLOCK    77.78.223.78 (Type: incoming)
2014/01/25 16:26:47 -0500    SKYNET    Danny    IP-BLOCK    77.78.223.78 (Type: incoming)
2014/01/25 16:27:48 -0500    SKYNET    Danny    IP-BLOCK    77.78.208.113 (Type: incoming)
2014/01/25 16:27:51 -0500    SKYNET    Danny    IP-BLOCK    77.78.208.113 (Type: incoming)
2014/01/25 16:27:57 -0500    SKYNET    Danny    IP-BLOCK    77.78.208.113 (Type: incoming)
2014/01/25 16:45:50 -0500    SKYNET    Danny    IP-BLOCK    77.78.241.119 (Type: incoming)
2014/01/25 16:45:53 -0500    SKYNET    Danny    IP-BLOCK    77.78.241.119 (Type: incoming)
2014/01/25 16:45:59 -0500    SKYNET    Danny    IP-BLOCK    77.78.241.119 (Type: incoming)
2014/01/25 16:50:44 -0500    SKYNET    Danny    IP-BLOCK    213.226.205.186 (Type: incoming)
2014/01/25 16:50:47 -0500    SKYNET    Danny    IP-BLOCK    213.226.205.186 (Type: incoming)
2014/01/25 16:50:53 -0500    SKYNET    Danny    IP-BLOCK    213.226.205.186 (Type: incoming)
2014/01/25 16:52:39 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 16:52:42 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 16:52:48 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 16:52:51 -0500    SKYNET    Danny    IP-BLOCK    213.226.205.186 (Type: incoming)
2014/01/25 16:52:54 -0500    SKYNET    Danny    IP-BLOCK    213.226.205.186 (Type: incoming)
2014/01/25 16:52:56 -0500    SKYNET    Danny    IP-BLOCK    77.78.235.223 (Type: incoming)
2014/01/25 16:52:59 -0500    SKYNET    Danny    IP-BLOCK    77.78.235.223 (Type: incoming)
2014/01/25 16:53:00 -0500    SKYNET    Danny    IP-BLOCK    213.226.205.186 (Type: incoming)
2014/01/25 16:53:05 -0500    SKYNET    Danny    IP-BLOCK    77.78.235.223 (Type: incoming)
2014/01/25 16:54:01 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 16:54:04 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 16:54:10 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 16:54:34 -0500    SKYNET    Danny    IP-BLOCK    213.226.205.186 (Type: incoming)
2014/01/25 16:54:37 -0500    SKYNET    Danny    IP-BLOCK    213.226.205.186 (Type: incoming)
2014/01/25 16:54:43 -0500    SKYNET    Danny    IP-BLOCK    213.226.205.186 (Type: incoming)
2014/01/25 17:00:16 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 17:00:19 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 17:00:25 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 17:01:33 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 17:01:36 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 17:01:42 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 17:03:14 -0500    SKYNET    Danny    IP-BLOCK    213.226.205.186 (Type: incoming)
2014/01/25 17:03:17 -0500    SKYNET    Danny    IP-BLOCK    213.226.205.186 (Type: incoming)
2014/01/25 17:03:23 -0500    SKYNET    Danny    IP-BLOCK    213.226.205.186 (Type: incoming)
2014/01/25 17:32:03 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:32:06 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:32:12 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:35:07 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:35:10 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:35:16 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:35:26 -0500    SKYNET    Danny    IP-BLOCK    77.78.229.233 (Type: incoming)
2014/01/25 17:35:29 -0500    SKYNET    Danny    IP-BLOCK    77.78.229.233 (Type: incoming)
2014/01/25 17:35:35 -0500    SKYNET    Danny    IP-BLOCK    77.78.229.233 (Type: incoming)
2014/01/25 17:37:23 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:37:26 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:37:32 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:38:24 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:38:27 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:38:33 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:39:24 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:39:27 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:39:33 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:40:20 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:40:23 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:40:29 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:45:43 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:45:46 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:45:52 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:46:19 -0500    SKYNET    Danny    IP-BLOCK    77.78.229.233 (Type: incoming)
2014/01/25 17:46:22 -0500    SKYNET    Danny    IP-BLOCK    77.78.229.233 (Type: incoming)
2014/01/25 17:46:28 -0500    SKYNET    Danny    IP-BLOCK    77.78.229.233 (Type: incoming)
2014/01/25 17:49:36 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:49:39 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:49:45 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:50:27 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:50:30 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:50:36 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:51:13 -0500    SKYNET    Danny    IP-BLOCK    78.140.163.135 (Type: outgoing)
2014/01/25 17:51:16 -0500    SKYNET    Danny    IP-BLOCK    78.140.163.135 (Type: outgoing)
2014/01/25 17:51:22 -0500    SKYNET    Danny    IP-BLOCK    78.140.163.135 (Type: outgoing)
2014/01/25 17:51:27 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:51:30 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:51:34 -0500    SKYNET    Danny    IP-BLOCK    78.140.163.135 (Type: outgoing)
2014/01/25 17:51:36 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:51:37 -0500    SKYNET    Danny    IP-BLOCK    78.140.163.135 (Type: outgoing)
2014/01/25 17:51:43 -0500    SKYNET    Danny    IP-BLOCK    78.140.163.135 (Type: outgoing)
2014/01/25 17:52:29 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:52:32 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:52:38 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:53:04 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:53:07 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:53:13 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:54:08 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:54:11 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:54:16 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:56:59 -0500    SKYNET    Danny    IP-BLOCK    77.78.223.78 (Type: incoming)
2014/01/25 17:57:03 -0500    SKYNET    Danny    IP-BLOCK    77.78.223.78 (Type: incoming)
2014/01/25 17:57:09 -0500    SKYNET    Danny    IP-BLOCK    77.78.223.78 (Type: incoming)
2014/01/25 17:58:53 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:58:56 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 17:59:02 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:14:25 -0500    SKYNET    Danny    IP-BLOCK    77.78.223.78 (Type: incoming)
2014/01/25 18:14:28 -0500    SKYNET    Danny    IP-BLOCK    77.78.223.78 (Type: incoming)
2014/01/25 18:14:34 -0500    SKYNET    Danny    IP-BLOCK    77.78.223.78 (Type: incoming)
2014/01/25 18:16:57 -0500    SKYNET    Danny    IP-BLOCK    77.78.241.119 (Type: incoming)
2014/01/25 18:17:00 -0500    SKYNET    Danny    IP-BLOCK    77.78.241.119 (Type: incoming)
2014/01/25 18:17:06 -0500    SKYNET    Danny    IP-BLOCK    77.78.241.119 (Type: incoming)
2014/01/25 18:18:25 -0500    SKYNET    Danny    IP-BLOCK    77.78.241.119 (Type: incoming)
2014/01/25 18:18:28 -0500    SKYNET    Danny    IP-BLOCK    77.78.241.119 (Type: incoming)
2014/01/25 18:18:34 -0500    SKYNET    Danny    IP-BLOCK    77.78.241.119 (Type: incoming)
2014/01/25 18:19:13 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:19:16 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:19:22 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:19:56 -0500    SKYNET    Danny    IP-BLOCK    77.78.241.119 (Type: incoming)
2014/01/25 18:19:59 -0500    SKYNET    Danny    IP-BLOCK    77.78.241.119 (Type: incoming)
2014/01/25 18:20:05 -0500    SKYNET    Danny    IP-BLOCK    77.78.241.119 (Type: incoming)
2014/01/25 18:29:35 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:29:38 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:29:44 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:30:00 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:30:03 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:30:09 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:30:31 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:30:34 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:30:40 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:31:01 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:31:04 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:31:10 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:34:19 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:34:22 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:34:28 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:34:29 -0500    SKYNET    Danny    IP-BLOCK    77.78.239.102 (Type: incoming)
2014/01/25 18:34:32 -0500    SKYNET    Danny    IP-BLOCK    77.78.239.102 (Type: incoming)
2014/01/25 18:34:38 -0500    SKYNET    Danny    IP-BLOCK    77.78.239.102 (Type: incoming)
2014/01/25 18:35:03 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:35:06 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:35:12 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:35:35 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:35:38 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:35:44 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:35:53 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:35:56 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:36:02 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:36:20 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:36:23 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:36:29 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:36:33 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:36:36 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:36:42 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:37:15 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:37:18 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:37:18 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:37:21 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:37:24 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:37:27 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:37:55 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:37:56 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:37:58 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:37:59 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:38:04 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:38:05 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:39:07 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:39:10 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:39:16 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:39:18 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:39:21 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:39:27 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:39:52 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:39:55 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:40:01 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:40:48 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:40:51 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:40:57 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:42:26 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:42:29 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:42:35 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:42:54 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:42:57 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:43:03 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:43:18 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:43:21 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:43:27 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:43:46 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:43:49 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:43:55 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:44:38 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:44:41 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:44:47 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:45:38 -0500    SKYNET    Danny    IP-BLOCK    91.195.10.80 (Type: incoming)
2014/01/25 18:45:41 -0500    SKYNET    Danny    IP-BLOCK    91.195.10.80 (Type: incoming)
2014/01/25 18:45:47 -0500    SKYNET    Danny    IP-BLOCK    91.195.10.80 (Type: incoming)
2014/01/25 18:46:09 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:46:09 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:46:12 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:46:12 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:46:18 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:46:18 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:46:53 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:46:56 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:47:02 -0500    SKYNET    Danny    IP-BLOCK    195.216.177.59 (Type: incoming)
2014/01/25 18:49:46 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:49:49 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:49:55 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:52:53 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:52:56 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:53:02 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:54:35 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:54:38 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:54:44 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:59:29 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:59:32 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 18:59:38 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 19:00:23 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 19:00:26 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
2014/01/25 19:00:32 -0500    SKYNET    Danny    IP-BLOCK    77.78.215.165 (Type: incoming)
 



#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:28 PM

Posted 25 January 2014 - 10:12 PM

Hello


Lets turn of Skype and see if you still get the blocks


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 badcomputer

badcomputer
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 26 January 2014 - 02:41 PM

As I booted, Emsisoft warned me of a blocked connection to www.adlice.com. I have quit Skype and awaiting warnings from Malwarebytes. Still, this does not explain the continuous crashes I get from trying to clean with AdwCleaner, there are still infections detected by that program that I am unable to remove, including registry keys.

 

Update: Still receiving warnings after closing skype.


Edited by badcomputer, 26 January 2014 - 03:21 PM.


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:28 PM

Posted 26 January 2014 - 03:55 PM



HitmanPro

  • Please download HitmanPro.
  • Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).
  • Click on the next button. You must agree with the terms of EULA.
  • Check the box beside "No, I only want to perform a one-time scan to check this computer".
  • Click on the next button.
  • The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.
  • When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
  • Click on the next button.
  • Click on the "Export scan results to XML file".
  • Save that file to your desktop and zip and attach it in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 badcomputer

badcomputer
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 26 January 2014 - 04:59 PM

The instructions don't match the version of HitmanPro as the layout is slightly different. I believe this is what you're looking for.

 

HitmanPro 3.7.8.208
www.hitmanpro.com

   Computer name . . . . : SKYNET
   Windows . . . . . . . : 5.1.3.2600.X86/2
   User name . . . . . . : SKYNET\Danny
   License . . . . . . . : Free

   Scan date . . . . . . : 2014-01-26 16:51:10
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 5m 24s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 183

   Objects scanned . . . : 534,921
   Files scanned . . . . : 18,550
   Remnants scanned  . . : 190,523 files / 325,848 keys

Cookies _____________________________________________________________________

   C:\Documents and Settings\Administrator.SKYNET\Application Data\Mozilla\Firefox\Profiles\4tnzek2q.default\cookies.sqlite:doubleclick.net
   C:\Documents and Settings\Administrator.SKYNET\Application Data\Mozilla\Firefox\Profiles\4tnzek2q.default\cookies.sqlite:questionmarket.com
   C:\Documents and Settings\Administrator.SKYNET\Application Data\Mozilla\Firefox\Profiles\4tnzek2q.default\cookies.sqlite:www.googleadservices.com
   C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w69afs34.default\cookies.sqlite:ads.pointroll.com
   C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w69afs34.default\cookies.sqlite:ads.yahoo.com
   C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w69afs34.default\cookies.sqlite:adtechus.com
   C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w69afs34.default\cookies.sqlite:advertising.com
   C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w69afs34.default\cookies.sqlite:atdmt.com
   C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w69afs34.default\cookies.sqlite:casalemedia.com
   C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w69afs34.default\cookies.sqlite:doubleclick.net
   C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w69afs34.default\cookies.sqlite:media6degrees.com
   C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w69afs34.default\cookies.sqlite:mediaplex.com
   C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w69afs34.default\cookies.sqlite:ru4.com
   C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w69afs34.default\cookies.sqlite:smartadserver.com
   C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w69afs34.default\cookies.sqlite:stats.adotube.com
   C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w69afs34.default\cookies.sqlite:track.adform.net
   C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w69afs34.default\cookies.sqlite:tribalfusion.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:247realmedia.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:2o7.net
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:a1.interclick.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:ad.360yield.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:ad.auditude.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:ad.doubleclick.net
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:ad.mlnadvertising.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:ad.yieldmanager.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:ads.ad4game.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:ads.bridgetrack.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:ads.click-now.co
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:ads.crakmedia.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:ads.healthline.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:ads.p161.net
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:ads.pointroll.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:ads.pornerbros.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:ads.pubmatic.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:ads.stickyadstv.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:ads.trafficjunky.net
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:ads.undertone.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:ads.videohub.tv
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:ads.yahoo.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:adtech.de
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:adtechus.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:adultfriendfinder.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:advertising.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:apmebf.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:ar.atwola.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:at.atwola.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:atdmt.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:atwola.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:br.rk.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:bs.serving-sys.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:burstnet.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:casalemedia.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:chitika.net
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:collective-media.net
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:doubleclick.net
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:emjcd.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:engine.phn.doublepimp.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:ero-advertising.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:ers.122.2o7.net
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:exoclick.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:fastclick.net
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:img.pornoid.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:interclick.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:invitemedia.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:kontera.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:livejasmin.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:media6degrees.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:mediaplex.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:microsoftsto.112.2o7.net
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:network.realmedia.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:overture.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:pointroll.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:pool-eu-ie.creative-serving.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:pornerbros.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:pornhub.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:pornoid.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:questionmarket.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:realmedia.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:revsci.net
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:ru4.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:serveporn.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:server.cpmstar.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:serving-sys.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:sexad.net
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:smartadserver.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:specificclick.net
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:statcounter.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:stats.adotube.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:stats.complex.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:survey.g.doubleclick.net
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:tacoda.at.atwola.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:track.adform.net
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:tribalfusion.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:trinitymirror.112.2o7.net
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:usatoday1.112.2o7.net
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:warnerbros.112.2o7.net
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:www.burstnet.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:www.googleadservices.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:www.pornerbros.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:xp2.zedo.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:xxxblackbook.com
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:yadro.ru
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:yieldmanager.net
   C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\gcvkjrpr.default\cookies.sqlite:zedo.com
   C:\Documents and Settings\Danny\Cookies\danny@1036824886[1].txt
   C:\Documents and Settings\Danny\Cookies\danny@ad.yieldmanager[1].txt
   C:\Documents and Settings\Danny\Cookies\danny@ads.yahoo[2].txt
   C:\Documents and Settings\Danny\Cookies\danny@apmebf[1].txt
   C:\Documents and Settings\Danny\Cookies\danny@c.atdmt[2].txt
   C:\Documents and Settings\Danny\Cookies\danny@doubleclick[1].txt
   C:\Documents and Settings\Danny\Cookies\danny@mediaplex[2].txt
   C:\Documents and Settings\Danny\Cookies\danny@msnportal.112.2o7[2].txt
   C:\Documents and Settings\Danny\Cookies\danny@revsci[1].txt
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:247realmedia.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:a1.interclick.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ad.adtegrity.net
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ad.auditude.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:adlegend.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.ad4game.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.adk2.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.bridgetrack.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.movielush.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.p161.net
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.undertone.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:adserver.adreactor.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:adserver.avalonsunsplash.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:apmebf.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ar.atwola.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:atwola.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:c.atdmt.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:canwestglobal.112.2o7.net
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:cn.clickable.net
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:dmtracker.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:emjcd.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:h.atdmt.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:interclick.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:invitemedia.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:kontera.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:mm.chitika.net
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:msnbc.112.2o7.net
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:network.realmedia.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:nhl.112.2o7.net
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:overture.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:pointroll.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:pool-eu-ie.creative-serving.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:questionmarket.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:realmedia.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:specificclick.net
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:stats.adotube.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:tacoda.net
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:uk.sitestat.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:www.burstnet.com
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:yadro.ru
   C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:zedo.com
 

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:28 PM

Posted 27 January 2014 - 08:56 PM


Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)
  • Programs to remove

    • µTorrent
      Java 7 Update 45


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java
  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close
Clean Out Temp Files
  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.
: Malwarebytes' Anti-Malware :


I see You have MBAM installed on the computer - that is great!! it is a very good program! I would like you to run a quick scan for me now
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Download HijackThis
  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users