Jump to content


Photo
- - - - -

Slow Computer and ip blocking


  • This topic is locked This topic is locked
6 replies to this topic

#1 Vet1

Vet1

    New Member

  • Members
  • Pip
  • 3 posts

Posted 15 July 2011 - 01:49 PM

Hi all I am haveing a problem with my computer running slow and Malwarebytes blocking ip. Also my computer C: drive seems to run and run for a long time after I reboot. Like for an hour or more like there is something or a program running it slows my pc down to a crawl. Can you please help thanks.

07:17:41 (null) MESSAGE Protection started successfully
07:22:18 Stephen Whittaker MESSAGE IP Protection started successfully
07:25:21 Stephen Whittaker IP-BLOCK 220.248.190.187 (Type: outgoing)
07:29:44 Stephen Whittaker IP-BLOCK 220.248.190.187 (Type: outgoing)
07:32:06 Stephen Whittaker IP-BLOCK 212.117.167.73 (Type: outgoing)
07:36:09 Stephen Whittaker IP-BLOCK 212.117.161.35 (Type: outgoing)
07:38:13 Stephen Whittaker IP-BLOCK 220.248.190.187 (Type: outgoing)
07:39:15 Stephen Whittaker IP-BLOCK 62.45.155.7 (Type: outgoing)
07:43:22 Stephen Whittaker IP-BLOCK 89.28.117.174 (Type: outgoing)
07:45:40 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:45:43 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:45:49 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:46:02 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:46:05 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:46:11 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:47:05 Stephen Whittaker IP-BLOCK 212.117.167.73 (Type: outgoing)
07:47:15 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:47:18 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:47:24 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:47:36 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:47:39 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:47:45 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:48:51 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:48:54 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:49:00 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:49:12 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:49:15 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:49:21 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:50:27 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:50:30 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:50:36 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:50:48 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:50:51 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:50:57 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:52:02 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:52:05 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:52:11 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:52:23 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:52:26 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:52:33 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:53:38 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:53:41 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:53:47 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:53:57 Stephen Whittaker IP-BLOCK 212.117.167.192 (Type: outgoing)
07:53:59 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:54:02 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:54:08 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:54:37 Stephen Whittaker IP-BLOCK 222.65.233.128 (Type: outgoing)
07:55:13 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:55:16 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:55:22 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:55:34 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:55:37 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:55:43 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:56:49 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:56:52 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:56:58 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:57:10 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:57:13 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:57:19 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:58:24 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:58:27 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:58:33 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:58:45 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:58:48 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
07:58:54 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:00:00 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:00:03 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:00:09 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:00:21 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:00:24 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:00:30 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:01:36 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:01:39 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:01:45 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:01:57 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:02:00 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:02:05 Stephen Whittaker IP-BLOCK 212.117.167.73 (Type: outgoing)
08:02:06 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:03:11 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:03:14 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:03:20 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:03:32 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:03:35 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:03:41 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:04:31 Stephen Whittaker IP-BLOCK 213.226.201.93 (Type: incoming)
08:04:47 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:04:50 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:04:56 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:05:08 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:05:11 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:05:17 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:06:22 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:06:25 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:06:29 Stephen Whittaker IP-BLOCK 89.28.42.214 (Type: outgoing)
08:06:31 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:06:43 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:06:46 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:06:52 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:07:06 Stephen Whittaker IP-BLOCK 77.78.245.47 (Type: incoming)
08:07:30 Stephen Whittaker IP-BLOCK 91.188.48.61 (Type: outgoing)
08:07:59 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:08:02 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:08:08 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:08:20 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:08:23 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:08:29 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:09:18 Stephen Whittaker IP-BLOCK 222.65.233.128 (Type: outgoing)
08:09:35 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:09:38 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:09:44 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:09:56 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:09:59 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:10:05 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:11:10 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:11:13 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:11:19 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:11:31 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:11:34 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:11:40 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:12:52 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:12:55 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:13:01 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:13:13 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:13:16 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:13:22 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:14:27 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:14:30 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:14:36 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:14:48 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:14:51 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:14:57 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:16:02 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:16:05 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:16:11 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:16:13 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:16:15 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:16:16 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:16:24 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:16:26 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:16:33 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:17:05 Stephen Whittaker IP-BLOCK 212.117.167.73 (Type: outgoing)
08:17:38 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:17:41 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:17:47 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:17:59 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:18:02 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:18:08 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:19:14 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:19:17 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:19:23 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:19:35 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:19:35 Stephen Whittaker IP-BLOCK 220.248.190.187 (Type: outgoing)
08:19:38 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:19:38 Stephen Whittaker IP-BLOCK 220.248.190.187 (Type: outgoing)
08:19:44 Stephen Whittaker IP-BLOCK 220.248.190.187 (Type: outgoing)
08:19:44 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:19:45 Stephen Whittaker IP-BLOCK 220.248.190.187 (Type: outgoing)
08:19:47 Stephen Whittaker IP-BLOCK 220.248.190.187 (Type: outgoing)
08:20:49 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:20:52 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:20:58 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:21:10 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:21:13 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:21:19 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:22:25 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:22:28 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:22:34 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:22:46 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:22:49 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:22:55 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:23:06 Stephen Whittaker IP-BLOCK 62.45.195.50 (Type: outgoing)
08:24:00 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:24:03 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:24:09 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:24:21 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:24:24 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:24:29 Stephen Whittaker IP-BLOCK 222.186.70.197 (Type: outgoing)
08:24:30 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:25:17 Stephen Whittaker IP-BLOCK 85.234.163.203 (Type: outgoing)
08:25:36 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:25:39 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:25:45 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:25:57 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:26:00 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:26:06 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:27:12 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:27:15 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:27:21 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:27:33 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:27:36 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:27:42 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:28:49 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:28:52 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:28:58 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:29:10 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:29:13 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:29:17 Stephen Whittaker IP-BLOCK 218.7.208.105 (Type: outgoing)
08:29:19 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:30:25 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:30:28 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:30:34 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:30:46 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:30:49 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:30:55 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:32:01 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:32:04 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:32:05 Stephen Whittaker IP-BLOCK 212.117.167.73 (Type: outgoing)
08:32:10 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:32:22 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:32:25 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:32:31 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:33:36 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:33:39 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:33:45 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:33:57 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:34:00 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:34:06 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:35:12 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:35:15 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:35:21 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:35:33 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:35:36 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:35:42 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:37:47 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:37:50 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:37:53 Stephen Whittaker IP-BLOCK 95.169.190.159 (Type: outgoing)
08:37:56 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:37:57 Stephen Whittaker IP-BLOCK 62.45.225.190 (Type: outgoing)
08:38:06 Stephen Whittaker IP-BLOCK 62.45.195.50 (Type: outgoing)
08:38:08 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:38:11 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:38:17 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:39:23 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:39:26 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:39:32 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:39:44 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:39:47 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:39:53 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:40:59 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:41:02 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:41:08 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:41:20 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:41:23 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:41:29 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:42:50 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:43:16 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:43:25 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:44:38 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:44:41 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:44:47 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:45:00 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:45:03 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:45:09 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:46:15 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:46:18 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:46:23 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:46:36 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:46:38 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:46:44 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:47:05 Stephen Whittaker IP-BLOCK 212.117.167.73 (Type: outgoing)
08:47:50 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:47:53 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:47:59 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:48:11 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:48:14 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:48:20 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:49:26 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:49:29 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:49:35 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:49:47 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:49:50 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:49:56 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:51:02 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:51:05 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:51:11 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:51:23 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:51:26 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:51:32 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:51:49 Stephen Whittaker IP-BLOCK 89.28.43.235 (Type: outgoing)
08:52:38 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:52:41 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:52:47 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:52:59 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:53:02 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:53:08 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:54:13 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:54:16 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:54:22 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:54:34 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:54:37 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:54:43 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:55:47 Stephen Whittaker IP-BLOCK 83.128.115.80 (Type: outgoing)
08:55:51 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:55:54 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:56:00 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:56:13 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:56:16 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:56:22 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:56:27 Stephen Whittaker IP-BLOCK 77.78.240.121 (Type: outgoing)
08:57:28 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:57:31 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:57:37 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:57:49 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:57:52 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:57:58 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:59:04 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:59:07 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:59:13 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:59:25 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:59:28 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
08:59:34 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:00:39 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:00:42 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:00:48 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:01:00 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:01:03 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:01:09 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:02:05 Stephen Whittaker IP-BLOCK 212.117.167.73 (Type: outgoing)
09:02:17 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:02:20 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:02:26 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:02:38 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:02:41 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:02:47 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:03:54 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:03:57 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:04:03 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:04:15 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:04:18 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:04:24 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:06:11 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:06:38 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:06:41 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:06:47 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:08:03 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:08:11 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:08:24 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:08:27 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:08:33 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:09:27 Stephen Whittaker IP-BLOCK 89.28.103.203 (Type: outgoing)
09:09:40 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:09:43 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:09:49 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:10:01 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:10:04 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:10:10 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:11:22 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:11:31 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:11:45 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:11:48 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:11:53 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:13:03 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:13:06 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:13:12 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:13:24 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:13:27 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:13:33 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:14:56 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:15:04 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:15:18 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:15:21 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:15:27 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:16:36 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:16:39 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:16:44 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:16:57 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:17:00 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:17:05 Stephen Whittaker IP-BLOCK 212.117.167.73 (Type: outgoing)
09:17:06 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:18:11 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:18:14 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:18:20 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:18:32 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:18:35 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:18:41 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:19:47 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:19:50 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:19:56 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:20:08 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:20:11 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:20:17 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
09:21:55 Stephen Whittaker IP-BLOCK 62.45.23.44 (Type: outgoing)
09:22:39 Stephen Whittaker IP-BLOCK 62.45.23.44 (Type: outgoing)
09:22:49 Stephen Whittaker IP-BLOCK 62.45.23.44 (Type: outgoing)
09:23:07 Stephen Whittaker IP-BLOCK 62.45.195.50 (Type: outgoing)
09:25:32 Stephen Whittaker IP-BLOCK 222.71.229.196 (Type: outgoing)
09:32:05 Stephen Whittaker IP-BLOCK 212.117.167.73 (Type: outgoing)
09:35:07 Stephen Whittaker IP-BLOCK 89.28.96.200 (Type: outgoing)
09:35:48 Stephen Whittaker IP-BLOCK 89.28.43.235 (Type: outgoing)
09:38:28 Stephen Whittaker IP-BLOCK 89.28.41.108 (Type: outgoing)
09:39:01 Stephen Whittaker IP-BLOCK 77.78.216.228 (Type: outgoing)
09:39:21 Stephen Whittaker IP-BLOCK 62.45.195.50 (Type: outgoing)
09:40:48 Stephen Whittaker IP-BLOCK 188.95.51.205 (Type: outgoing)
09:45:34 Stephen Whittaker IP-BLOCK 121.125.110.8 (Type: outgoing)
09:47:05 Stephen Whittaker IP-BLOCK 212.117.167.73 (Type: outgoing)
09:53:14 Stephen Whittaker IP-BLOCK 95.169.190.159 (Type: outgoing)
09:53:26 Stephen Whittaker IP-BLOCK 89.28.113.100 (Type: outgoing)
09:53:53 Stephen Whittaker IP-BLOCK 77.78.216.228 (Type: outgoing)
09:54:05 Stephen Whittaker IP-BLOCK 62.45.195.50 (Type: outgoing)
09:54:49 Stephen Whittaker IP-BLOCK 58.241.194.198 (Type: outgoing)
10:02:05 Stephen Whittaker IP-BLOCK 212.117.167.73 (Type: outgoing)
10:02:11 Stephen Whittaker IP-BLOCK 98.142.249.19 (Type: outgoing)
10:07:11 Stephen Whittaker IP-BLOCK 79.135.148.4 (Type: outgoing)
10:10:40 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
10:10:43 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
10:10:49 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
10:11:01 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
10:11:04 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
10:11:10 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
10:12:14 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
10:12:17 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
10:12:23 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
10:12:35 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
10:12:38 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
10:12:44 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
10:17:05 Stephen Whittaker IP-BLOCK 212.117.167.73 (Type: outgoing)
10:22:14 Stephen Whittaker IP-BLOCK 195.216.160.201 (Type: outgoing)
10:23:58 Stephen Whittaker IP-BLOCK 95.169.190.159 (Type: outgoing)
10:28:52 Stephen Whittaker IP-BLOCK 83.128.111.37 (Type: incoming)
10:32:06 Stephen Whittaker IP-BLOCK 212.117.167.73 (Type: outgoing)
10:35:13 Stephen Whittaker IP-BLOCK 89.28.69.139 (Type: outgoing)
10:36:55 Stephen Whittaker IP-BLOCK 58.241.85.12 (Type: outgoing)
10:37:12 Stephen Whittaker IP-BLOCK 95.169.186.102 (Type: outgoing)
10:38:28 Stephen Whittaker IP-BLOCK 89.28.41.108 (Type: outgoing)
10:47:05 Stephen Whittaker IP-BLOCK 212.117.167.73 (Type: outgoing)
10:55:42 Stephen Whittaker IP-BLOCK 222.76.13.227 (Type: outgoing)
10:57:20 Stephen Whittaker IP-BLOCK 62.45.206.171 (Type: outgoing)
11:02:05 Stephen Whittaker IP-BLOCK 212.117.167.73 (Type: outgoing)
11:02:41 Stephen Whittaker IP-BLOCK 89.28.56.106 (Type: incoming)
11:06:08 Stephen Whittaker IP-BLOCK 212.117.166.129 (Type: outgoing)
11:09:14 Stephen Whittaker IP-BLOCK 95.79.91.163 (Type: outgoing)
11:09:31 Stephen Whittaker IP-BLOCK 59.34.171.222 (Type: outgoing)
11:17:05 Stephen Whittaker IP-BLOCK 212.117.167.73 (Type: outgoing)
11:20:42 Stephen Whittaker IP-BLOCK 117.205.48.17 (Type: outgoing)
11:20:44 Stephen Whittaker IP-BLOCK 117.205.48.17 (Type: outgoing)
11:20:45 Stephen Whittaker IP-BLOCK 117.205.48.17 (Type: outgoing)
11:20:46 Stephen Whittaker IP-BLOCK 117.205.48.17 (Type: outgoing)
11:20:47 Stephen Whittaker IP-BLOCK 117.205.48.17 (Type: outgoing)
11:24:29 Stephen Whittaker IP-BLOCK 95.169.190.159 (Type: outgoing)
11:29:48 Stephen Whittaker IP-BLOCK 83.128.12.157 (Type: outgoing)
11:32:05 Stephen Whittaker IP-BLOCK 212.117.167.73 (Type: outgoing)
11:37:56 Stephen Whittaker IP-BLOCK 77.78.205.217 (Type: incoming)
11:38:08 Stephen Whittaker IP-BLOCK 89.28.112.244 (Type: outgoing)
11:39:36 Stephen Whittaker IP-BLOCK 95.169.190.159 (Type: outgoing)
11:40:50 Stephen Whittaker IP-BLOCK 85.234.163.203 (Type: outgoing)
11:47:05 Stephen Whittaker IP-BLOCK 212.117.167.73 (Type: outgoing)
11:51:31 Stephen Whittaker IP-BLOCK 212.117.166.94 (Type: outgoing)
11:53:07 Stephen Whittaker IP-BLOCK 62.45.109.20 (Type: outgoing)
11:55:24 Stephen Whittaker IP-BLOCK 83.128.98.254 (Type: outgoing)
12:02:05 Stephen Whittaker IP-BLOCK 212.117.167.73 (Type: outgoing)
12:08:52 Stephen Whittaker IP-BLOCK 222.65.75.127 (Type: outgoing)
12:14:57 Stephen Whittaker IP-BLOCK 77.78.209.11 (Type: outgoing)
12:17:05 Stephen Whittaker IP-BLOCK 212.117.167.73 (Type: outgoing)
12:18:05 Stephen Whittaker IP-BLOCK 95.79.91.140 (Type: outgoing)
12:24:20 Stephen Whittaker IP-BLOCK 95.169.190.159 (Type: outgoing)
12:25:23 Stephen Whittaker IP-BLOCK 62.45.89.197 (Type: outgoing)
12:25:59 Stephen Whittaker IP-BLOCK 62.45.155.7 (Type: outgoing)
12:32:05 Stephen Whittaker IP-BLOCK 212.117.167.73 (Type: outgoing)
12:37:20 Stephen Whittaker IP-BLOCK 89.28.112.244 (Type: outgoing)
12:40:59 Stephen Whittaker IP-BLOCK 62.45.202.88 (Type: outgoing)
12:44:29 Stephen Whittaker IP-BLOCK 83.128.12.157 (Type: outgoing)
12:47:05 Stephen Whittaker IP-BLOCK 212.117.167.73 (Type: outgoing)
12:55:37 Stephen Whittaker IP-BLOCK 62.45.195.50 (Type: outgoing)
12:58:10 Stephen Whittaker IP-BLOCK 62.45.5.1 (Type: outgoing)
12:58:20 Stephen Whittaker IP-BLOCK 62.45.5.1 (Type: outgoing)
12:58:32 Stephen Whittaker IP-BLOCK 62.45.5.1 (Type: outgoing)
13:02:05 Stephen Whittaker IP-BLOCK 212.117.167.73 (Type: outgoing)
13:06:23 Stephen Whittaker IP-BLOCK 87.248.166.18 (Type: outgoing)
13:07:57 Stephen Whittaker IP-BLOCK 62.45.164.3 (Type: outgoing)
13:11:26 Stephen Whittaker IP-BLOCK 89.28.61.97 (Type: outgoing)
13:12:33 Stephen Whittaker IP-BLOCK 117.205.48.17 (Type: outgoing)
13:15:03 Stephen Whittaker IP-BLOCK 83.128.12.157 (Type: outgoing)
13:15:13 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:15:25 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:15:28 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:15:34 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:17:07 Stephen Whittaker IP-BLOCK 212.117.167.73 (Type: outgoing)
13:17:25 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:17:39 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:17:42 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:17:48 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:18:57 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:19:00 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:19:06 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:19:18 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:19:21 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:19:27 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:20:34 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:20:37 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:20:43 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:20:55 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:20:58 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:21:04 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:22:10 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:22:13 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:22:17 Stephen Whittaker IP-BLOCK 58.240.90.227 (Type: outgoing)
13:22:19 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:22:31 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:22:34 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:22:41 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:23:49 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:23:52 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:23:58 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:24:10 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:24:13 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:24:19 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:24:51 Stephen Whittaker IP-BLOCK 95.169.190.159 (Type: outgoing)
13:25:25 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:25:27 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:25:34 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:25:46 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:25:49 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:25:50 Stephen Whittaker IP-BLOCK 62.45.155.7 (Type: outgoing)
13:25:55 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:27:03 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:27:06 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:27:12 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:27:24 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:27:27 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:27:33 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:27:34 Stephen Whittaker IP-BLOCK 121.125.219.36 (Type: outgoing)
13:28:39 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:28:42 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:28:48 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:29:00 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:29:03 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:29:09 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:29:19 Stephen Whittaker IP-BLOCK 83.128.12.157 (Type: outgoing)
13:30:14 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:30:17 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:30:23 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:30:35 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:30:38 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:30:44 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:31:50 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:31:53 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:31:59 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:32:06 Stephen Whittaker IP-BLOCK 212.117.167.73 (Type: outgoing)
13:32:11 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:32:14 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:32:20 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:33:25 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:33:28 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:33:34 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:33:46 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:33:49 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:33:55 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:35:01 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:35:04 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:35:10 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:35:22 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:35:25 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:35:31 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:36:37 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:36:40 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:36:46 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:36:58 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:37:01 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:37:07 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:38:12 Stephen Whittaker IP-BLOCK 89.28.100.203 (Type: outgoing)
13:38:12 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:38:15 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:38:21 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:38:33 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:38:36 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:38:42 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:39:48 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:39:51 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:39:57 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:40:02 Stephen Whittaker IP-BLOCK 87.118.92.225 (Type: outgoing)
13:40:09 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:40:12 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:40:18 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:41:24 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:41:26 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:41:33 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:41:45 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:41:48 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:41:53 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:42:18 Stephen Whittaker IP-BLOCK 83.128.115.80 (Type: outgoing)
13:43:20 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:43:41 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:43:44 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:43:50 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:44:56 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:44:59 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:45:05 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:45:17 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:45:20 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)
13:45:26 Stephen Whittaker IP-BLOCK 64.135.77.30 (Type: outgoing)

#2 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 18 July 2011 - 12:51 AM

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 Vet1

Vet1

    New Member

  • Members
  • Pip
  • 3 posts

Posted 18 July 2011 - 07:46 AM

Hi and thanks for responding. here's what you asked for.
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7189

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18702

7/18/2011 7:27:38 AM
mbam-log-2011-07-18 (07-27-37).txt

Scan type: Quick scan
Objects scanned: 179570
Time elapsed: 5 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
DDS (Ver_2011-07-14.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by Stephen Whittaker at 7:32:02 on 2011-07-18
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.34 [GMT -5:00]
.
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: &Crawler Toolbar Helper: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - c:\program files\crawler\toolbar\ctbr.dll
TB: &Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - c:\program files\crawler\toolbar\ctbr.dll
TB: &Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - c:\program files\crawler\toolbar\ctbr.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
uRun: [SpywareTerminatorUpdate] "c:\program files\spyware terminator\SpywareTerminatorUpdate.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"
mRun: [PCRx] "c:\program files\pcrx\PCRxTray.exe" /startup
mRun: [COMODO] c:\program files\comodo\comodo geekbuddy\CLPSLA.exe
mRun: [CPA] c:\program files\comodo\comodo geekbuddy\VALA.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-System: EnableProfileQuota = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Crawler Search - tbr:iemenu
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174361486406
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{175C8EF0-449C-4582-80C6-D49C93C5EDAB} : DHCPNameServer = 192.168.1.254
Handler: ipp - <Clsid value has no data>
Handler: msdaipp - <Clsid value has no data>
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\program files\crawler\toolbar\ctbr.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\outlook express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\program files\outlook express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
IFEO: Your Image File Name Here without a path - ntsd -d
.
============= SERVICES / DRIVERS ===============
.
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2011-6-30 17416]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-6-30 29400]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo geekbuddy\CLPSLS.exe [2011-5-25 154424]
S1 browserctldrv;browserctldrv;\??\c:\program files\browserctl\browserctl.sys --> c:\program files\browserctl\BrowserCtl.sys [?]
S1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [2010-12-9 66584]
S1 CFRPD;CFRPD;c:\windows\system32\drivers\CFRPD.sys [2010-12-9 33232]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-6-30 242600]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-7-9 142592]
S2 Cleaner_Validator;COMODO System - Cleaner Service;c:\program files\comodo\comodo system-cleaner\Cleaner_Validator.exe [2010-12-9 305600]
S2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-6-30 1793712]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-12 366640]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-12 22712]
S4 browserctl;browserctl;c:\windows\system32\SvchoSt.ExE -k browserctl [2004-8-4 14336]
.
=============== Created Last 30 ================
.
2011-07-14 09:45:47 -------- d-----w- c:\documents and settings\stephen whittaker\local settings\application data\COMODO
2011-07-14 04:52:00 -------- d-----w- c:\documents and settings\stephen whittaker\local settings\application data\WMTools Downloaded Files
2011-07-13 10:10:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-13 03:00:24 -------- d-----w- c:\documents and settings\stephen whittaker\application data\Malwarebytes
2011-07-13 02:59:43 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-13 02:59:34 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-07-13 02:59:13 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-13 02:59:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-12 09:03:57 -------- d-----w- c:\windows\ie8updates
2011-07-12 07:05:42 -------- d-----w- c:\documents and settings\stephen whittaker\local settings\application data\ApplicationHistory
2011-07-12 07:00:19 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-07-12 07:00:19 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-07-12 07:00:17 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-07-12 07:00:11 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-07-12 07:00:10 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-07-12 07:00:08 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-07-12 07:00:04 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-07-12 06:14:02 -------- d-sh--w- c:\documents and settings\stephen whittaker\PrivacIE
2011-07-12 06:08:15 -------- d-sh--w- c:\documents and settings\stephen whittaker\IETldCache
2011-07-12 06:07:26 56826 ----a-w- c:\windows\cscmondump.bin
2011-07-12 05:13:39 -------- dc-h--w- c:\windows\ie8
2011-07-12 04:52:38 -------- d-----w- c:\windows\ServicePackFiles
2011-07-11 01:01:39 -------- d--h--w- C:\VritualRoot
2011-07-11 00:48:58 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2011-07-10 22:28:37 -------- d-----w- c:\documents and settings\all users\application data\Comodo
2011-07-10 22:24:32 -------- d-----w- c:\program files\COMODO
2011-07-10 22:19:26 -------- d-----w- c:\documents and settings\all users\application data\Comodo Downloader
2011-07-10 19:52:35 -------- d-----w- c:\windows\system32\appmgmt
2011-07-10 19:52:29 -------- d-----w- c:\windows\SxsCaPendDel
2011-07-10 19:09:22 -------- d-----w- c:\documents and settings\stephen whittaker\application data\PCRx
2011-07-10 19:09:19 -------- d-----w- c:\documents and settings\all users\application data\PCRx
2011-07-10 19:09:10 -------- d-----w- c:\program files\PCRx
2011-07-10 02:34:40 -------- d-----w- c:\program files\WinClamAVShield
2011-07-10 01:57:29 -------- d-----w- c:\program files\Crawler
2011-07-10 01:57:18 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-07-10 01:57:15 -------- d-----w- c:\documents and settings\stephen whittaker\application data\Spyware Terminator
2011-07-10 01:56:54 -------- d-----w- c:\documents and settings\all users\application data\Spyware Terminator
2011-07-10 01:56:52 -------- d-----w- c:\program files\Spyware Terminator
2011-07-09 08:50:27 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-07-09 08:45:22 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-07-09 08:45:22 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-09 07:33:49 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-07-09 07:33:49 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-06-30 14:38:14 29400 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-06-30 14:38:14 242600 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-06-30 14:38:12 17416 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-06-30 14:37:26 285256 ----a-w- c:\windows\system32\guard32.dll
.
==================== Find3M ====================
.
2011-07-09 03:21:25 98304 ----a-w- c:\windows\strt_1250795595.exe.exe
2011-04-20 09:41:58 1409 ----a-w- c:\windows\QTFont.for
.
============= FINISH: 7:32:44.50 ===============

PS in safemode my computor does not run slow or do I get the IP blocking. It also does nnot run continusly for an hour or more and web surfing is much faster in safemode.

#4 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 21 July 2011 - 03:47 PM

Hi,


Please visit this webpage for instructions for running ComboFix:
http://www.bleepingc...to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.


-screen317
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#5 Vet1

Vet1

    New Member

  • Members
  • Pip
  • 3 posts

Posted 25 July 2011 - 03:16 PM

Here's the log files you asked for.

ComboFix 11-07-25.02 - Stephen Whittaker 07/25/2011 14:22:14.1.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.177 [GMT -5:00]
Running from: c:\documents and settings\Stephen Whittaker\Desktop\ComboFix.exe
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\95146396.ini
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\documents and settings\Stephen Whittaker\WINDOWS
c:\program files\driver
c:\windows\strt_1250795595.exe.exe
.
c:\windows\system32\proquota.exe . . . is missing!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BROWSERCTL
-------\Legacy_BROWSERCTLDRV
-------\Service_browserctl
-------\Service_browserctldrv
.
.
((((((((((((((((((((((((( Files Created from 2011-06-25 to 2011-07-25 )))))))))))))))))))))))))))))))
.
.
2011-07-18 13:35 . 2011-07-18 13:35 -------- d-----w- c:\documents and settings\Stephen Whittaker\Application Data\FCTB000100377
2011-07-18 13:35 . 2010-03-31 23:43 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2011-07-18 13:35 . 2011-07-18 13:35 -------- d-----w- c:\program files\InstaCodecs
2011-07-18 13:35 . 2011-07-18 13:35 -------- d-----w- c:\program files\Itibiti Soft Phone
2011-07-18 13:35 . 2011-07-18 13:35 -------- d-----w- c:\program files\Free Offers from Freeze.com
2011-07-18 13:35 . 2011-07-18 13:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2011-07-18 13:35 . 2011-07-18 13:35 -------- d-----w- c:\program files\Relief Network LP4
2011-07-18 13:34 . 2011-07-18 14:11 -------- d-----w- c:\program files\Yontoo Layers
2011-07-18 13:34 . 2011-07-18 14:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2011-07-18 13:34 . 2011-07-18 13:34 -------- d-----w- c:\documents and settings\Stephen Whittaker\Application Data\Yahoo!
2011-07-14 09:45 . 2011-07-14 09:45 -------- d-----w- c:\documents and settings\Stephen Whittaker\Local Settings\Application Data\COMODO
2011-07-14 04:52 . 2011-07-14 04:52 -------- d-----w- c:\documents and settings\Stephen Whittaker\Local Settings\Application Data\WMTools Downloaded Files
2011-07-13 10:10 . 2011-07-13 10:10 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-13 03:00 . 2011-07-13 03:00 -------- d-----w- c:\documents and settings\Stephen Whittaker\Application Data\Malwarebytes
2011-07-13 02:59 . 2011-07-07 00:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-13 02:59 . 2011-07-13 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-13 02:59 . 2011-07-07 00:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-13 02:59 . 2011-07-16 02:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-12 07:05 . 2011-07-12 10:45 -------- d-----w- c:\documents and settings\Stephen Whittaker\Local Settings\Application Data\ApplicationHistory
2011-07-12 07:00 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-07-12 07:00 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-07-12 07:00 . 2010-05-06 10:41 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-07-12 07:00 . 2010-05-06 10:41 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-07-12 06:14 . 2011-07-12 06:14 -------- d-sh--w- c:\documents and settings\Stephen Whittaker\PrivacIE
2011-07-12 06:13 . 2011-07-12 06:13 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-07-12 06:08 . 2011-07-12 06:08 -------- d-sh--w- c:\documents and settings\Stephen Whittaker\IETldCache
2011-07-12 06:07 . 2011-07-18 12:20 56826 ----a-w- c:\windows\cscmondump.bin
2011-07-12 05:13 . 2011-07-12 05:15 -------- dc-h--w- c:\windows\ie8
2011-07-12 04:52 . 2011-07-12 04:52 -------- d-----w- c:\windows\ServicePackFiles
2011-07-11 01:01 . 2011-07-11 01:01 -------- d-----w- C:\VritualRoot
2011-07-11 00:48 . 2011-07-14 11:54 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2011-07-10 22:28 . 2011-07-12 08:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2011-07-10 22:24 . 2011-07-10 22:45 -------- d-----w- c:\program files\COMODO
2011-07-10 22:19 . 2011-07-10 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2011-07-10 19:52 . 2011-07-11 00:49 -------- d-----w- c:\windows\SxsCaPendDel
2011-07-10 19:09 . 2011-07-17 13:41 -------- d-----w- c:\documents and settings\Stephen Whittaker\Application Data\PCRx
2011-07-10 19:09 . 2011-07-10 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\PCRx
2011-07-10 19:09 . 2011-07-10 19:09 -------- d-----w- c:\program files\PCRx
2011-07-10 02:34 . 2011-07-19 10:20 -------- d-----w- c:\program files\WinClamAVShield
2011-07-10 01:57 . 2011-07-10 01:58 -------- d-----w- c:\program files\Crawler
2011-07-10 01:57 . 2011-07-10 01:57 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-07-10 01:57 . 2011-07-25 19:09 -------- d-----w- c:\documents and settings\Stephen Whittaker\Application Data\Spyware Terminator
2011-07-10 01:56 . 2011-07-19 10:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2011-07-10 01:56 . 2011-07-25 19:09 -------- d-----w- c:\program files\Spyware Terminator
2011-07-09 08:50 . 2011-07-10 07:00 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-07-09 08:45 . 2011-07-09 08:45 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-09 07:33 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-07-09 07:33 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-07-03 02:25 . 2011-07-09 08:45 -------- d-s---w- c:\documents and settings\Administrator
2011-06-30 14:38 . 2011-06-30 14:38 97504 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-06-30 14:38 . 2011-06-30 14:38 29400 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-06-30 14:38 . 2011-06-30 14:38 242600 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-06-30 14:38 . 2011-06-30 14:38 17416 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-06-30 14:37 . 2011-06-30 14:37 285256 ----a-w- c:\windows\system32\guard32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-17 03:09 . 2011-05-11 01:09 397 ----a-w- c:\documents and settings\Stephen Whittaker\exe.js
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{3862f31b-b7b2-0854-cd54-ea4726c86127}"= "c:\program files\Relief Network LP4\Helper.dll" [2011-07-18 357376]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{3862f31b-b7b2-0854-cd54-ea4726c86127}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{59E2F26C-63D0-57B4-05FD-3E7901C9A2CC}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8AC531C5-DBDA-A484-B590-11ACB177FE33}]
2011-07-18 13:35 1534976 ----a-w- c:\program files\Relief Network LP4\Toolbar.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-08-01 2321600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2011-07-10 2216960]
"PCRx"="c:\program files\PCRx\PCRxTray.exe" [2011-07-07 413280]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-05-26 208184]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-05-26 182584]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 2554696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Lotto Pro 2000\\proupdt.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Relief Network LP4\\TroubleShooter.exe"=
"c:\\Program Files\\Itibiti Soft Phone\\Itibiti.exe"=
.
S1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys [2010-12-09 66584]
S1 CFRPD;CFRPD;c:\windows\system32\DRIVERS\CFRPD.sys [2010-12-09 33232]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2011-06-30 17416]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-06-30 242600]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-06-30 29400]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-07-10 142592]
S2 Cleaner_Validator;COMODO System - Cleaner Service;c:\program files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe [2010-12-09 305600]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-05-26 154424]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-07 22712]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 18:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Crawler Search - tbr:iemenu
TCP: DhcpNameServer = 192.168.1.254
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\Yontoo Layers\YontooIEClient.dll
Toolbar-SITEguard - (no file)
AddRemove-QuickTime 3.0 - c:\windows\system\quicktime.qts\DeIsL1.isu
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-25 14:36
Windows 5.1.2600 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1708537768-115176313-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(776)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(3240)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\SOUNDMAN.EXE
c:\program files\COMODO\COMODO GeekBuddy\CLPS.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-07-25 15:00:51 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-25 20:00
.
Pre-Run: 22,763,331,584 bytes free
Post-Run: 24,938,405,888 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - D3235AFC00F899A3794B224FA1765475
DDS (Ver_2011-07-14.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Stephen Whittaker at 15:10:06 on 2011-07-25
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.13 [GMT -5:00]
.
AV: COMODO Antivirus *Disabled/Outdated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Disabled*
.
============== Running Processes ================
.
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\PCRx\PCRxTray.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: FCToolbarURLSearchHook Class: {3862f31b-b7b2-0854-cd54-ea4726c86127} - c:\program files\relief network lp4\Helper.dll
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: &Crawler Toolbar Helper: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - c:\program files\crawler\toolbar\ctbr.dll
BHO: Relief Network LP4: {8AC531C5-DBDA-A484-B590-11ACB177FE33} - c:\program files\relief network lp4\Toolbar.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: &Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - c:\program files\crawler\toolbar\ctbr.dll
TB: &Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - c:\program files\crawler\toolbar\ctbr.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"
mRun: [PCRx] "c:\program files\pcrx\PCRxTray.exe" /startup
mRun: [COMODO] c:\program files\comodo\comodo geekbuddy\CLPSLA.exe
mRun: [CPA] c:\program files\comodo\comodo geekbuddy\VALA.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Crawler Search - tbr:iemenu
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174361486406
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{175C8EF0-449C-4582-80C6-D49C93C5EDAB} : DHCPNameServer = 192.168.1.254
Handler: ipp - <Clsid value has no data>
Handler: msdaipp - <Clsid value has no data>
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\program files\crawler\toolbar\ctbr.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\outlook express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\program files\outlook express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
IFEO: Your Image File Name Here without a path - ntsd -d
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2011-07-25 19:18:46 -------- d-sha-r- C:\cmdcons
2011-07-25 19:16:13 98816 ----a-w- c:\windows\sed.exe
2011-07-25 19:16:13 256000 ----a-w- c:\windows\PEV.exe
2011-07-25 19:16:13 208896 ----a-w- c:\windows\MBR.exe
2011-07-25 19:16:00 -------- d-----w- C:\ComboFix
2011-07-18 13:35:25 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2011-07-18 13:35:25 -------- d-----w- c:\documents and settings\stephen whittaker\application data\FCTB000100377
2011-07-18 13:35:23 -------- d-----w- c:\program files\InstaCodecs
2011-07-18 13:35:13 -------- d-----w- c:\program files\Itibiti Soft Phone
2011-07-18 13:35:13 -------- d-----w- c:\program files\Free Offers from Freeze.com
2011-07-18 13:35:02 -------- d-----w- c:\program files\Relief Network LP4
2011-07-18 13:34:59 -------- d-----w- c:\program files\Yontoo Layers
2011-07-14 09:45:47 -------- d-----w- c:\documents and settings\stephen whittaker\local settings\application data\COMODO
2011-07-14 04:52:00 -------- d-----w- c:\documents and settings\stephen whittaker\local settings\application data\WMTools Downloaded Files
2011-07-13 10:10:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-13 03:00:24 -------- d-----w- c:\documents and settings\stephen whittaker\application data\Malwarebytes
2011-07-13 02:59:43 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-13 02:59:34 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-07-13 02:59:13 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-13 02:59:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-12 09:03:57 -------- d-----w- c:\windows\ie8updates
2011-07-12 07:05:42 -------- d-----w- c:\documents and settings\stephen whittaker\local settings\application data\ApplicationHistory
2011-07-12 07:00:19 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-07-12 07:00:19 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-07-12 07:00:17 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-07-12 07:00:11 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-07-12 07:00:10 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-07-12 07:00:08 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-07-12 07:00:04 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-07-12 06:14:02 -------- d-sh--w- c:\documents and settings\stephen whittaker\PrivacIE
2011-07-12 06:08:15 -------- d-sh--w- c:\documents and settings\stephen whittaker\IETldCache
2011-07-12 06:07:26 56826 ----a-w- c:\windows\cscmondump.bin
2011-07-12 05:13:39 -------- dc-h--w- c:\windows\ie8
2011-07-12 04:52:38 -------- d-----w- c:\windows\ServicePackFiles
2011-07-11 01:01:39 -------- d-----w- C:\VritualRoot
2011-07-11 00:48:58 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2011-07-10 22:28:37 -------- d-----w- c:\documents and settings\all users\application data\Comodo
2011-07-10 22:24:32 -------- d-----w- c:\program files\COMODO
2011-07-10 22:19:26 -------- d-----w- c:\documents and settings\all users\application data\Comodo Downloader
2011-07-10 19:52:35 -------- d-----w- c:\windows\system32\appmgmt
2011-07-10 19:52:29 -------- d-----w- c:\windows\SxsCaPendDel
2011-07-10 19:09:22 -------- d-----w- c:\documents and settings\stephen whittaker\application data\PCRx
2011-07-10 19:09:19 -------- d-----w- c:\documents and settings\all users\application data\PCRx
2011-07-10 19:09:10 -------- d-----w- c:\program files\PCRx
2011-07-10 02:34:40 -------- d-----w- c:\program files\WinClamAVShield
2011-07-10 01:57:29 -------- d-----w- c:\program files\Crawler
2011-07-10 01:57:18 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-07-10 01:57:15 -------- d-----w- c:\documents and settings\stephen whittaker\application data\Spyware Terminator
2011-07-10 01:56:54 -------- d-----w- c:\documents and settings\all users\application data\Spyware Terminator
2011-07-10 01:56:52 -------- d-----w- c:\program files\Spyware Terminator
2011-07-09 08:50:27 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-07-09 08:45:22 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-07-09 08:45:22 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-09 07:33:49 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-07-09 07:33:49 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-06-30 14:38:14 29400 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-06-30 14:38:14 242600 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-06-30 14:38:12 17416 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-06-30 14:37:26 285256 ----a-w- c:\windows\system32\guard32.dll
.
==================== Find3M ====================
.
.
============= FINISH: 15:11:18.42 ===============
Ip blocking is still coming up.

#6 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 29 July 2011 - 12:54 AM

Hi,

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.


Next, please open Notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the box below into Notepad:

MIA::
c:\windows\system32\proquota.exe

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.


-screen317
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#7 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 09 August 2011 - 09:39 PM

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users