Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blocked Website Details- Malicious Website


  • This topic is locked This topic is locked
14 replies to this topic

#1 bgbach

bgbach

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 10 April 2017 - 04:31 PM

I am perplexed.  Since Friday my Malwarebytes reports the following on my laptop:

 

Malwarebytes
www.malwarebytes.com

 

-Log Details-
Protection Event Date: 4/10/17
Protection Event Time: 2:19 PM
Logfile: malwarebytes.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.75
Update Package Version: 1.0.1700
License: Premium

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: System

-Blocked Website Details- Malicious Website:
1, , Blocked, [-1], [-1],0.0.0

-Website Data-
Domain:
IP Address: 85.93.5.25
Port: [52829]
Type: Outbound
File: C:\Windows\System32\svchost.exe

 

Every few seconds.  I can’t fix this.  I have thoroughly scanned with Malwarebytes, Sophos and Norton and none of the malware/virus scanners find anything? 

 

Any fixes?

 

Thanks.

 

Bradford

 

 



BC AdBot (Login to Remove)

 


#2 bgbach

bgbach
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 10 April 2017 - 04:55 PM

Here is how it looks in Malwarebytes- http://docdro.id/ur2fLBq



#3 buddy215

buddy215

  • Moderator
  • 13,198 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:50 PM

Posted 10 April 2017 - 06:41 PM

Welcome to BC...

 

Give the programs below a shot finding the culprit.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 bgbach

bgbach
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 10 April 2017 - 07:53 PM

Used CCleaner and Adwcleaner so far:

 

# AdwCleaner v6.045 - Logfile created 10/04/2017 at 17:38:46
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-10.2 [Server]
# Operating System : Windows 8.1  (X64)
# Username : Brad_2 - BRAD-HPSPLITX2
# Running from : C:\Users\bbach_000\AppData\Local\Microsoft\Windows\INetCache\IE\LCVJA3MA\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

Folder Found:  C:\Users\Brad_2\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
Folder Found:  C:\Program Files\ByteFence

***** [ Files ] *****

File Found:  C:\Users\Brad_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Youtube Downloader.lnk
File Found:  C:\Users\Public\Desktop\Free Youtube Downloader.lnk

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious keys found.

***** [ Shortcuts ] *****

No infected shortcut found.

***** [ Scheduled Tasks ] *****

No malicious task found.

***** [ Registry ] *****

Key Found:  HKU\S-1-5-21-2317627747-2586339727-2393954784-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Value Found:  HKU\S-1-5-21-2317627747-2586339727-2393954784-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Stack Player]

***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\Brad_2\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\Brad_2\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com

*************************

\AdwCleaner\AdwCleaner[S0].txt - [1717 Bytes] - [10/04/2017 17:38:46]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [1788 Bytes] ##########



#5 bgbach

bgbach
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 10 April 2017 - 08:04 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 8.1 x64
Ran by Brad_2 (Administrator) on Mon 04/10/2017 at 17:55:05.19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 1

Successfully deleted: C:\Users\Brad_2\AppData\Roaming\Mozilla\Firefox\Profiles\yacqp54e.default-1469122372557\Invalidprefs.js (File)

 

Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} (Registry Key)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 04/10/2017 at 18:02:54.52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#6 buddy215

buddy215

  • Moderator
  • 13,198 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:50 PM

Posted 11 April 2017 - 05:56 AM

Rerun AdwCleaner and be sure to click Clean after scan finishes.

 

  • Please download Security Check by glax24 and save the file to the Desktop
  • Run the tool by accepting all the Security prompts
  • when complete the tool will produce a log file C:\SecurityCheck\SecurityCheck.txt and also copy the contents to the Clipboard
  • Simply Paste the log to your reply

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 bgbach

bgbach
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 12 April 2017 - 02:00 PM

nalysis Complete - (1.937 secs)
------------------------------------------------------------------------------------------
5.00 MB to be removed. (Approximate size)
------------------------------------------------------------------------------------------

Details of files to be deleted (Note: No files have been deleted yet)
------------------------------------------------------------------------------------------
Internet Explorer - Temporary Internet Files 5,121 KB 1 files 
------------------------------------------------------------------------------------------
C:\Users\Brad_2\AppData\Local\Microsoft\Windows\INetCache\Low\SuggestedSites.dat 5,121 KB



#8 bgbach

bgbach
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 12 April 2017 - 02:09 PM

When attempt to download security check, I get the following from Symantec:

Date & Time,Risk,Activity,Status,Recommended Action,Activity - Details
4/11/2017 11:23:29 AM,High,securitycheck.exe (Trojan.Gen.8!cloud) detected by Auto-Protect,Blocked,Resolved - No Action Required,Threat Actions performed: 0
4/10/2017 11:32:17 AM,High,launcher.exe (Trojan.Gen) detected by Auto-Protect,Quarantined,Resolved - No Action Required,Threat Actions performed: 1



#9 buddy215

buddy215

  • Moderator
  • 13,198 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:50 PM

Posted 12 April 2017 - 03:34 PM

That is a false positive from Symantec/ Norton.

 

But if you prefer not to ignore Symantec's blocking the download or running the program then do this:

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 bgbach

bgbach
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 12 April 2017 - 04:06 PM

Startup:

Yes HKCU:Run CCleaner Monitoring Piriform Ltd Brad "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run Dropbox Update Dropbox, Inc. Brad "C:\Users\bbach_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
Yes HKCU:Run GoToAssist Remote Support Expert Citrix Systems, Inc. Brad "C:\Users\bbach_000\AppData\Local\Citrix\GoToAssist Remote Support Expert\1251\g2ax_start.exe" "/Trigger RunAtLogon"
No HKCU:Run NukeMetro Lee-Soft.com Brad "C:\Users\bbach_000\AppData\Roaming\ViStart\ViStart.exe" /nuke_metro
No HKCU:Run ViOrb Lee-Soft.com Brad C:\Users\bbach_000\AppData\Roaming\ViOrb\ViOrb.exe
No HKLM:Run Acrobat Assistant 8.0 Adobe Systems Inc. All users "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
Yes HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated All users "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
No HKLM:Run APSDaemon Apple Inc. All users "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
No HKLM:Run BCSSync Microsoft Corporation All users "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
Yes HKLM:Run BoxSync Box, Inc. All users "C:\Program Files\Box\Box Sync\BoxSync.exe" -m
Yes HKLM:Run HotKeysCmds Intel Corporation All users "C:\WINDOWS\system32\hkcmd.exe"
Yes HKLM:Run HP CoolSense Hewlett-Packard Development Company, L.P. All users C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
Yes HKLM:Run HPMessageService Hewlett-Packard Development Company, L.P. All users C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
Yes HKLM:Run IgfxTray Intel Corporation All users "C:\WINDOWS\system32\igfxtray.exe"
No HKLM:Run iTunesHelper Apple Inc. All users "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run Malwarebytes TrayApp Malwarebytes All users C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
Yes HKLM:Run Persistence Intel Corporation All users "C:\WINDOWS\system32\igfxpers.exe"
Yes HKLM:Run SynTPEnh Synaptics Incorporated All users %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Yes HKLM:Run SysTrayApp IDT, Inc. All users C:\Program Files\IDT\WDM\sttray64.exe
Yes Startup User Dropbox.lnk Dropbox, Inc. Brad C:\Users\bbach_000\AppData\Roaming\Dropbox\bin\Dropbox.exe

 

Scheduled tasks:

 

Yes Task DropboxUpdateTaskUserS-1-5-21-2317627747-2586339727-2393954784-1001Core Dropbox, Inc. Brad C:\Users\bbach_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
Yes Task DropboxUpdateTaskUserS-1-5-21-2317627747-2586339727-2393954784-1001UA Dropbox, Inc. Brad C:\Users\bbach_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
Yes Task Opera scheduled Autoupdate 1484178287 Opera Software All users C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate $(Arg0)
Yes Task Optimize Start Menu Cache Files-S-1-5-21-2317627747-2586339727-2393954784-1001  Brad 
Yes Task Synaptics TouchPad Enhancements Synaptics Incorporated Users "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

Programs:

 

Adobe Acrobat XI Pro Adobe Systems 12/12/2016 3.73 GB 11.0.18 All users
Adobe Flash Player 25 NPAPI Adobe Systems Incorporated 4/11/2017 5.94 MB 25.0.0.148 All users
Adobe Shockwave Player 11.6 Adobe Systems, Inc. 11/29/2013  11.6.6.636 All users
Amazon Kindle Amazon 6/20/2016  1.16.0.44025 Brad
Apple Application Support (32-bit) Apple Inc. 8/5/2015 96.0 MB 3.2 All users
Apple Application Support (64-bit) Apple Inc. 8/5/2015 111 MB 3.2 All users
Apple Mobile Device Support Apple Inc. 8/5/2015 27.9 MB 8.2.1.3 All users
Apple Software Update Apple Inc. 3/27/2017 2.39 MB 2.1.4.131 All users
Bonjour Apple Inc. 10/22/2013 2.00 MB 3.0.0.10 All users
Box for Windows 8 Box, Inc. 11/13/2015  2.1.4.4 All users
Box Sync Box, Inc. 9/21/2016 23.6 MB 4.0.7724.0 All users
CCleaner Piriform 4/10/2017  5.28 All users
Citrix Online Launcher Citrix 8/10/2015 302 KB 1.0.335 Brad
CryptoPrevent Foolish IT LLC 12/5/2016 28.8 MB 8.0.1.4 All users
Crystal Reports 2008 Runtime SP2 Business Objects 3/14/2017 204 MB 12.2.0.290 All users
Dropbox Dropbox, Inc. 4/7/2017  23.4.18 Brad
eBay eBay, Inc 11/4/2014  1.6.0.34 All users
Facebook Facebook, Inc. 8/9/2014  1.4.0.9 All users
Fingertapps Instruments for HP Fingertapps Limited 4/15/2014  2.0.7.2622 All users
Free YouTube Downloader 4.1.540 HOW Inc. 9/7/2016 17.8 MB  All users
Games Microsoft Corporation 12/1/2013  2.0.139.0 All users
Garmin Communicator Plugin Garmin Ltd or its subsidiaries 12/5/2013 14.6 MB 4.1.0 All users
Garmin Communicator Plugin x64 Garmin Ltd or its subsidiaries 12/5/2013 22.6 MB 4.1.0 All users
Garmin Express Garmin Ltd or its subsidiaries 4/3/2017 170 MB 5.3.1.0 All users
Getting Started with Windows 8 Hewlett-Packard Company 3/2/2015  1.6.0.0 All users
Google Chrome Google Inc. 3/22/2017  57.0.2987.133 All users
GoToAssist Expert 3.1.0.1251 Citrix Online 4/12/2017  3.1.0.1251 Brad
HP AiO Printer Remote Hewlett-Packard Company 6/10/2015  55.1.43.0 All users
HP Classic Board Games Joystick Interactive Corp 11/30/2013  0.1.0.22 All users
HP Connected Music (Meridian - installer) Meridian Audio Ltd 11/29/2013 605 KB 1.0 All users
HP Connected Music (Meridian - player) Meridian Audio Ltd 11/29/2013 24.1 MB 1.1 (build 77) hp Brad
HP CoolSense Hewlett-Packard Company 8/10/2013 9.31 MB 2.10.51 All users
HP Documentation Hewlett-Packard 10/22/2013 226 MB 1.2.0.0 All users
HP Registration Hewlett-Packard Company 11/29/2014  1.2.1.166 All users
HP Registration Service Hewlett-Packard 10/22/2013 29.5 MB 1.2.6317.4309 All users
HP Support Assistant Hewlett-Packard Company 8/10/2013 95.8 MB 7.0.39.15 All users
HP Support Solutions Framework Hewlett-Packard Company 7/3/2015 8.10 MB 11.51.0049 All users
HP System Event Utility Hewlett-Packard Company 8/10/2013 7.00 MB 1.0.7 All users
HP Utility Center Hewlett-Packard Company 10/22/2013 4.44 MB 2.1.6 All users
HP Wireless Button Driver Hewlett-Packard Company 10/22/2013 733 KB 1.0.6.1 All users
IDT Audio IDT 7/3/2015  1.0.6498.0 All users
ieSpell Red Egg Software 9/28/2015  2.6.4 (build 573) All users
Intel® Management Engine Components Intel Corporation 4/7/2017  9.5.3.1520 All users
Intel® Processor Graphics Intel Corporation 4/7/2017  10.18.10.3316 All users
Intel® Rapid Storage Technology Intel Corporation 10/22/2013  12.6.1.1000 All users
Intel® SDK for OpenCL - CPU Only Runtime Package Intel Corporation 4/7/2017  3.0.0.66956 All users
iTunes Apple Inc. 8/5/2015 238 MB 12.2.1.16 All users
Java 8 Update 45 Oracle Corporation 4/28/2015 9.33 MB 8.0.450 All users
Juniper Networks Network Connect 7.1.14 Juniper Networks 2/20/2014  7.1.14.23943 All users
Juniper Networks Network Connect 7.1.17 Juniper Networks 2/20/2014  7.1.17.28099 All users
Juniper Networks, Inc. Setup Client Juniper Networks, Inc. 2/20/2014 800 KB 7.1.17.41283 Brad
Juniper Networks, Inc. Setup Client Activex Control Juniper Networks, Inc. 2/20/2014  2.1.1.1 All users
Kindle AMZN Mobile LLC 6/22/2015  2.1.0.2 All users
KnowBe4 RanSim KnowBe4 Inc 1/27/2017 114 MB 1.0.2.1 Brad
Kruptos 2 Professional Kruptos 2 Software 9/2/2015  5.0.4 Brad
LabTech Client LabTech Software 3/14/2017 21.8 MB 10.0.0332 All users
Mail, Calendar, and People  7/3/2015   All users
Malwarebytes version 3.0.6.1469 Malwarebytes 1/25/2017 150 MB 3.0.6.1469 All users
Maps Microsoft Corporation 9/11/2014  2.1.3230.2048 All users
Microsoft Office Microsoft Corporation 8/10/2013 297 MB 15.0.4454.1510 All users
Microsoft Office Professional Plus 2010 Microsoft Corporation 3/1/2014  14.0.7015.1000 All users
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 8/10/2013 1.92 MB 3.1.0000 All users
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 3/14/2017 1.00 MB 8.0.56336 All users
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Corporation 10/22/2013 8.14 MB 9.0.21022 All users
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 10/22/2013 13.1 MB 9.0.30729.4148 All users
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 2/25/2014 13.2 MB 9.0.30729.6161 All users
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 10/22/2013 8.12 MB 9.0.21022 All users
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 10/22/2013 8.69 MB 9.0.30729.4148 All users
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 2/25/2014 8.79 MB 9.0.30729.6161 All users
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 10/15/2014 13.8 MB 10.0.40219 All users
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 10/15/2014 11.1 MB 10.0.40219 All users
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 8/2/2015 20.5 MB 11.0.61030.0 All users
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 8/2/2015 17.3 MB 11.0.61030.0 All users
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 Microsoft Corporation 8/13/2014 17.1 MB 12.0.21005.1 All users
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 10/15/2014  10.0.50903 All users
MSN Food & Drink Microsoft Corporation 7/13/2015  3.0.4.336 All users
MSN Health & Fitness Microsoft Corporation 7/13/2015  3.0.4.336 All users
MSN Money Microsoft Corporation 4/27/2016  3.0.4.344 All users
MSN News Microsoft Corporation 4/27/2016  3.0.4.344 All users
MSN Sports Microsoft Corporation 4/29/2016  3.0.4.345 All users
MSN Travel Microsoft Corporation 7/13/2015  3.0.4.336 All users
MSN Weather Microsoft Corporation 11/28/2016  3.0.4.350 All users
Music Microsoft Corporation 3/16/2015  2.6.672.0 All users
mydlink services plugin D-Link Corporation 1/4/2016 4.86 MB 1.0.2.7 Brad
MySQL Connector/ODBC 3.51 MySQL AB 3/14/2017 8.69 MB 3.51.26 All users
Netflix Netflix, Inc. 3/13/2017  2.20.0.35 All users
NFL Sunday Ticket DIRECTV LLC 9/21/2016  2016.824.308.4636 All users
Norton 360 Premier Symantec Corporation 4/7/2017  22.9.1.12 All users
Norton Studio Symantec Corporation 10/17/2014  1.5.0.41 All users
Opera Stable 44.0.2510.857 Opera Software 3/24/2017  44.0.2510.857 All users
Ralink RT3290 802.11bgn Wi-Fi Adapter Mediatek 10/22/2013  5.0.25.0 All users
Reader Microsoft Corporation 3/16/2017  6.4.9926.18589 All users
Realtek Card Reader Realtek Semiconductor Corp. 10/22/2013  3375.109 All users
Secure MS Outlook Toolbar Secure Messaging 8/21/2015  4.12.15169.1 Brad
Skype Skype 6/22/2015  3.1.0.1016 All users
Skype™ 7.7 Skype Technologies S.A. 8/5/2015 71.1 MB 7.7.103 All users
Snapfish HP Inc. 5/4/2016  5.5.0.8 All users
Sonos Controller Sonos, Inc. 12/25/2014 32.3 MB 28.1.83040 All users
Sookasa Sookasa, Inc. 9/7/2016 20.8 MB 3.21.3.0 All users
Sophos Virus Removal Tool Sophos Limited 4/7/2017 163 MB 2.5.6 All users
Synaptics ClickPad Driver Synaptics Incorporated 11/29/2013 46.4 MB 16.6.5.1 All users
UC BrowserHD å¹¿å·žå¸‚动景计算机科技 1/11/2017  1.4.0.1 All users
VeraCrypt IDRIX 12/23/2016  1.19 All users
Video Microsoft Corporation 11/6/2015  2.6.446.0 All users
ViStart Lee-Soft.com 12/5/2016  8.1.0.5208 Brad
Visual Studio Tools for the Office system 3.0 Runtime Microsoft Corporation 8/9/2014   All users
WebSlingPlayer ActiveX Sling Media 11/29/2013 13.7 MB 1.5.15770 Brad
Windows Alarms Microsoft Corporation 12/10/2013  6.3.9654.20335 All users
Windows Calculator Microsoft Corporation 12/1/2013  6.3.9600.20278 All users
Windows Driver Package - Broadcom Corporation (bcbtums) Bluetooth  (08/30/2013 12.0.0.7820) Broadcom Corporation 7/3/2015  08/30/2013 12.0.0.7820 All users
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) Dynastream Innovations, Inc. 8/13/2014  04/11/2012 1.2.40.201 All users
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) Silicon Labs Software 8/13/2014  02/06/2007 3.1 All users
Windows Help+Tips Microsoft Corporation 8/8/2014  6.3.9654.20559 All users
Windows Live Essentials Microsoft Corporation 8/10/2013  16.4.3505.0912 All users
Windows Reading List Microsoft Corporation 6/20/2016  6.3.9654.21234 All users
Windows Scan Microsoft Corporation 11/5/2014  6.3.9654.17133 All users
Windows Sound Recorder Microsoft Corporation 12/1/2013  6.3.9600.20280 All users
WinZip 14.0 WinZip Computing, S.L.  3/24/2014 17.1 MB 14.0.8688 All users
YouCam for HP CYBERLINKCOM CORP 3/27/2014  1.0.2.29632 All users
 

 



#11 buddy215

buddy215

  • Moderator
  • 13,198 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:50 PM

Posted 12 April 2017 - 05:15 PM

Suggest Disabling these Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes HKCU:Run CCleaner Monitoring Piriform Ltd Brad "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run Dropbox Update Dropbox, Inc. Brad "C:\Users\bbach_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
Yes HKCU:Run GoToAssist Remote Support Expert Citrix Systems, Inc. Brad "C:\Users\bbach_000\AppData\Local\Citrix\GoToAssist Remote Support Expert\1251\g2ax_start.exe" "/Trigger RunAtLogon"

Yes HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated All users "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

Yes HKLM:Run HPMessageService Hewlett-Packard Development Company, L.P. All users C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
Yes HKLM:Run IgfxTray Intel Corporation All users "C:\WINDOWS\system32\igfxtray.exe"

Yes Startup User Dropbox.lnk Dropbox, Inc. Brad C:\Users\bbach_000\AppData\Roaming\Dropbox\bin\Dropbox.exe

 

Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes Task DropboxUpdateTaskUserS-1-5-21-2317627747-2586339727-2393954784-1001Core Dropbox, Inc. Brad C:\Users\bbach_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
Yes Task DropboxUpdateTaskUserS-1-5-21-2317627747-2586339727-2393954784-1001UA Dropbox, Inc. Brad C:\Users\bbach_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
Yes Task Opera scheduled Autoupdate 1484178287 Opera Software All users C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate $(Arg0)
Yes Task Optimize Start Menu Cache Files-S-1-5-21-2317627747-2586339727-2393954784-1001  Brad

 

Uninstall these programs:

Java 8 Update 45 Oracle Corporation 4/28/2015 9.33 MB 8.0.450 All users

 

After doing the above and rebooting...please let me know if MBAM is still reporting attempt to access IP Address: 85.93.5.25


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 bgbach

bgbach
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 12 April 2017 - 05:51 PM

Yup.  Did everything above and MB is still blocking.

 

Programs

 

Adobe Acrobat XI Pro Adobe Systems 12/12/2016 3.73 GB 11.0.18 All users
Adobe Flash Player 25 NPAPI Adobe Systems Incorporated 4/11/2017 5.94 MB 25.0.0.148 All users
Adobe Shockwave Player 11.6 Adobe Systems, Inc. 11/29/2013  11.6.6.636 All users
Apple Application Support (32-bit) Apple Inc. 8/5/2015 96.0 MB 3.2 All users
Apple Application Support (64-bit) Apple Inc. 8/5/2015 111 MB 3.2 All users
Apple Mobile Device Support Apple Inc. 8/5/2015 27.9 MB 8.2.1.3 All users
Apple Software Update Apple Inc. 3/27/2017 2.39 MB 2.1.4.131 All users
Bonjour Apple Inc. 10/22/2013 2.00 MB 3.0.0.10 All users
Box Sync Box, Inc. 9/21/2016 23.6 MB 4.0.7724.0 All users
CCleaner Piriform 4/10/2017  5.28 All users
CryptoPrevent Foolish IT LLC 12/5/2016 28.8 MB 8.0.1.4 All users
Crystal Reports 2008 Runtime SP2 Business Objects 3/14/2017 204 MB 12.2.0.290 All users
Free YouTube Downloader 4.1.540 HOW Inc. 9/7/2016 17.8 MB  All users
Garmin Communicator Plugin Garmin Ltd or its subsidiaries 12/5/2013 14.6 MB 4.1.0 All users
Garmin Communicator Plugin x64 Garmin Ltd or its subsidiaries 12/5/2013 22.6 MB 4.1.0 All users
Garmin Express Garmin Ltd or its subsidiaries 4/3/2017 170 MB 5.3.1.0 All users
Google Chrome Google Inc. 3/22/2017  57.0.2987.133 All users
HP Connected Music (Meridian - installer) Meridian Audio Ltd 11/29/2013 605 KB 1.0 All users
HP CoolSense Hewlett-Packard Company 8/10/2013 9.31 MB 2.10.51 All users
HP Documentation Hewlett-Packard 10/22/2013 226 MB 1.2.0.0 All users
HP Registration Service Hewlett-Packard 10/22/2013 29.5 MB 1.2.6317.4309 All users
HP Support Assistant Hewlett-Packard Company 8/10/2013 95.8 MB 7.0.39.15 All users
HP Support Solutions Framework Hewlett-Packard Company 7/3/2015 8.10 MB 11.51.0049 All users
HP System Event Utility Hewlett-Packard Company 8/10/2013 7.00 MB 1.0.7 All users
HP Utility Center Hewlett-Packard Company 10/22/2013 4.44 MB 2.1.6 All users
HP Wireless Button Driver Hewlett-Packard Company 10/22/2013 733 KB 1.0.6.1 All users
IDT Audio IDT 7/3/2015  1.0.6498.0 All users
ieSpell Red Egg Software 9/28/2015  2.6.4 (build 573) All users
Intel® Management Engine Components Intel Corporation 4/7/2017  9.5.3.1520 All users
Intel® Processor Graphics Intel Corporation 4/7/2017  10.18.10.3316 All users
Intel® Rapid Storage Technology Intel Corporation 10/22/2013  12.6.1.1000 All users
Intel® SDK for OpenCL - CPU Only Runtime Package Intel Corporation 4/7/2017  3.0.0.66956 All users
iTunes Apple Inc. 8/5/2015 238 MB 12.2.1.16 All users
Juniper Networks Network Connect 7.1.14 Juniper Networks 2/20/2014  7.1.14.23943 All users
Juniper Networks Network Connect 7.1.17 Juniper Networks 2/20/2014  7.1.17.28099 All users
Juniper Networks, Inc. Setup Client Activex Control Juniper Networks, Inc. 2/20/2014  2.1.1.1 All users
LabTech Client LabTech Software 3/14/2017 21.8 MB 10.0.0332 All users
Malwarebytes version 3.0.6.1469 Malwarebytes 1/25/2017 150 MB 3.0.6.1469 All users
Microsoft Office Microsoft Corporation 8/10/2013 297 MB 15.0.4454.1510 All users
Microsoft Office Professional Plus 2010 Microsoft Corporation 3/1/2014  14.0.7015.1000 All users
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 8/10/2013 1.92 MB 3.1.0000 All users
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 3/14/2017 1.00 MB 8.0.56336 All users
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Corporation 10/22/2013 8.14 MB 9.0.21022 All users
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 10/22/2013 13.1 MB 9.0.30729.4148 All users
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 2/25/2014 13.2 MB 9.0.30729.6161 All users
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 10/22/2013 8.12 MB 9.0.21022 All users
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 10/22/2013 8.69 MB 9.0.30729.4148 All users
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 2/25/2014 8.79 MB 9.0.30729.6161 All users
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 10/15/2014 13.8 MB 10.0.40219 All users
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 10/15/2014 11.1 MB 10.0.40219 All users
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 8/2/2015 20.5 MB 11.0.61030.0 All users
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 8/2/2015 17.3 MB 11.0.61030.0 All users
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 Microsoft Corporation 8/13/2014 17.1 MB 12.0.21005.1 All users
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 10/15/2014  10.0.50903 All users
MySQL Connector/ODBC 3.51 MySQL AB 3/14/2017 8.69 MB 3.51.26 All users
Norton 360 Premier Symantec Corporation 4/7/2017  22.9.1.12 All users
Opera Stable 44.0.2510.857 Opera Software 3/24/2017  44.0.2510.857 All users
Ralink RT3290 802.11bgn Wi-Fi Adapter Mediatek 10/22/2013  5.0.25.0 All users
Realtek Card Reader Realtek Semiconductor Corp. 10/22/2013  3375.109 All users
Skype™ 7.7 Skype Technologies S.A. 8/5/2015 71.1 MB 7.7.103 All users
Sonos Controller Sonos, Inc. 12/25/2014 32.3 MB 28.1.83040 All users
Sookasa Sookasa, Inc. 9/7/2016 20.8 MB 3.21.3.0 All users
Sophos Virus Removal Tool Sophos Limited 4/7/2017 163 MB 2.5.6 All users
Synaptics ClickPad Driver Synaptics Incorporated 11/29/2013 46.4 MB 16.6.5.1 All users
VeraCrypt IDRIX 12/23/2016  1.19 All users
Visual Studio Tools for the Office system 3.0 Runtime Microsoft Corporation 8/9/2014   All users
Windows Driver Package - Broadcom Corporation (bcbtums) Bluetooth  (08/30/2013 12.0.0.7820) Broadcom Corporation 7/3/2015  08/30/2013 12.0.0.7820 All users
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) Dynastream Innovations, Inc. 8/13/2014  04/11/2012 1.2.40.201 All users
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) Silicon Labs Software 8/13/2014  02/06/2007 3.1 All users
Windows Live Essentials Microsoft Corporation 8/10/2013  16.4.3505.0912 All users
WinZip 14.0 WinZip Computing, S.L.  3/24/2014 17.1 MB 14.0.8688 All users

 

Startup

 

No Task Adobe Flash Player Updater Adobe Systems Incorporated All users C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task CCleanerSkipUAC Piriform Ltd Brad_2 "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GarminUpdaterTask Garmin International, Inc. All users C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe
No Task GoogleUpdateTaskMachineCore Google Inc. All users C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
No Task GoogleUpdateTaskMachineUA Google Inc. All users C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
No Task Opera scheduled Autoupdate 1484178287 Opera Software All users C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate $(Arg0)
No Task Optimize Start Menu Cache Files-S-1-5-21-2317627747-2586339727-2393954784-1004  Brad_2 
Yes Task Synaptics TouchPad Enhancements Synaptics Incorporated Users "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

 

Scheduled Tasks

 

No Task DropboxUpdateTaskUserS-1-5-21-2317627747-2586339727-2393954784-1001Core Dropbox, Inc. Brad C:\Users\bbach_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
No Task DropboxUpdateTaskUserS-1-5-21-2317627747-2586339727-2393954784-1001UA Dropbox, Inc. Brad C:\Users\bbach_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
No Task Opera scheduled Autoupdate 1484178287 Opera Software All users C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate $(Arg0)
Yes Task Optimize Start Menu Cache Files-S-1-5-21-2317627747-2586339727-2393954784-1001  Brad 
Yes Task Synaptics TouchPad Enhancements Synaptics Incorporated Users "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"


 



#13 buddy215

buddy215

  • Moderator
  • 13,198 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:50 PM

Posted 12 April 2017 - 06:48 PM

I see some different Tasks.

 

I suggest you disable these:

Yes Task GarminUpdaterTask Garmin International, Inc. All users C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe

Yes Task Optimize Start Menu Cache Files-S-1-5-21-2317627747-2586339727-2393954784-1001  Brad

 

If MBAM is still reporting blocking that IP then it is best to let the pros have a look by following the directions below.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#14 bgbach

bgbach
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 12 April 2017 - 06:56 PM

Ok.  Thanks.



#15 bgbach

bgbach
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 12 April 2017 - 07:40 PM

https://www.bleepingcomputer.com/forums/t/644290/blocked-website-details-malicious-website/?p=4219405






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users