Results from dds.com scan 176.74.176.179 blocking

connellbsd · February 20, 2014

Bummer, I wish i knew what was going on. I reset her chrome browser and a few minutes later i saw the IP popup again. And the worst part is I check my MWB log files on my machine. I am seeing lots of those blockes again on my machine, they appear to have restarted the next morning, but there are NO popups occurring on mine anymore. WTH. I reran all those tools on my machine too, except the one that doesn't run on Windows 8.1 which i am running.

MrCharlie · February 20, 2014

Are you on a network/router?

MrC

connellbsd · February 20, 2014

Yes, I have a NAT router between me and the internet.

MrCharlie · February 20, 2014

I just checked with VirusTotal and it seems the site is clean:

https://www.virustotal.com/en/url/a8f63b98b0bd6e2e7b25931b28bda6247b5cc2228134ba5837920eea9b8b11f2/analysis/1392934543/

Also here:

http://www.ipillion.com/ip/176.74.176.179

I 'm not sure why it's being blocked.

Would it be too much trouble to reset the router just to rule out it being hijacked.

Seems both computer have the same problem.

MrC

connellbsd · February 20, 2014

I am ready to try anything. Heading to the garage to reboot it now.

MrCharlie · February 20, 2014

OK...MrC

connellbsd · February 21, 2014

No success. I am still seeing them. Take a look at the MWB log from today. It seems whenever I ran something, including the tools, MWB blocked that IP again, and reported whatever I was running as doing it. Could MWB be broken? Maybe my wifes simplistic mail password just happened to be hacked yesterday... not sure i believe in cooincidences. But i just found out she had a stupily simple password that is now going to be really hard to break and remember... I picked out a bunch of lines showing blocks for programs that would make no sense to hit that ip... -Bill

2014/02/20 07:33:15 -0800   KATHY-LAPTOP   (null)   MESSAGE   Starting protection
2014/02/20 07:33:15 -0800   KATHY-LAPTOP   (null)   MESSAGE   Protection started successfully
2014/02/20 07:33:15 -0800   KATHY-LAPTOP   (null)   MESSAGE   Starting IP protection
2014/02/20 07:33:18 -0800   KATHY-LAPTOP   Kathy   MESSAGE   IP Protection started successfully
2014/02/20 07:34:59 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49157, Process: svchost.exe)
2014/02/20 07:34:59 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49158, Process: svchost.exe)
2014/02/20 07:34:59 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 07:34:59 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 07:35:07 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 07:35:07 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 07:35:07 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 07:35:07 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 07:35:07 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 07:35:16 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 07:35:32 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49194, Process: svchost.exe)
2014/02/20 07:35:32 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49195, Process: svchost.exe)
2014/02/20 07:35:32 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49197, Process: svchost.exe)
2014/02/20 07:35:32 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49198, Process: svchost.exe)
2014/02/20 07:35:32 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49203, Process: svchost.exe)
2014/02/20 07:35:32 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49205, Process: svchost.exe)
2014/02/20 07:35:32 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49209, Process: svchost.exe)
2014/02/20 07:35:32 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49210, Process: svchost.exe)
2014/02/20 07:35:32 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49212, Process: svchost.exe)
2014/02/20 07:35:32 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49213, Process: svchost.exe)
2014/02/20 07:35:32 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49214, Process: svchost.exe)
2014/02/20 07:35:32 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49216, Process: svchost.exe)
2014/02/20 07:36:20 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49224, Process: svchost.exe)
2014/02/20 07:36:52 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49231, Process: svchost.exe)
2014/02/20 07:37:00 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49233, Process: svchost.exe)
2014/02/20 07:37:00 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49237, Process: svchost.exe)
2014/02/20 07:39:33 -0800   KATHY-LAPTOP   Kathy   MESSAGE   Starting database refresh
2014/02/20 07:39:33 -0800   KATHY-LAPTOP   Kathy   MESSAGE   Stopping IP protection
2014/02/20 07:39:34 -0800   KATHY-LAPTOP   Kathy   MESSAGE   IP Protection stopped successfully
2014/02/20 07:39:36 -0800   KATHY-LAPTOP   Kathy   MESSAGE   Database refreshed successfully
2014/02/20 07:39:36 -0800   KATHY-LAPTOP   Kathy   MESSAGE   Starting IP protection
2014/02/20 07:39:38 -0800   KATHY-LAPTOP   Kathy   MESSAGE   IP Protection started successfully
2014/02/20 07:49:38 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49345, Process: mbam.exe)
2014/02/20 07:50:11 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 07:50:11 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 07:50:19 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 07:50:19 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 07:50:19 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 07:50:27 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 07:50:27 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 07:50:27 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 07:51:47 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49354, Process: chrome.exe)
2014/02/20 07:51:47 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49355, Process: chrome.exe)
2014/02/20 07:51:48 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49358, Process: chrome.exe)
2014/02/20 07:51:56 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49366, Process: chrome.exe)
2014/02/20 07:51:56 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49367, Process: chrome.exe)
2014/02/20 07:51:56 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49368, Process: chrome.exe)
2014/02/20 07:51:56 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49370, Process: chrome.exe)
2014/02/20 07:51:56 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49371, Process: chrome.exe)
2014/02/20 07:51:56 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49372, Process: chrome.exe)
2014/02/20 07:52:44 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49377, Process: chrome.exe)
2014/02/20 07:53:56 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49381, Process: svchost.exe)
2014/02/20 08:05:26 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 08:05:26 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 08:05:26 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 08:05:34 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 08:05:34 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 08:05:34 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 08:05:34 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 08:05:42 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 08:07:58 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49442, Process: portableappsupdater.exe)
2014/02/20 08:20:39 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 08:20:39 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 08:20:39 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 08:20:47 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 08:20:47 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 08:20:47 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 08:20:55 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 08:20:55 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 08:30:07 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 08:30:07 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 08:30:07 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 08:30:07 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 08:30:15 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 08:30:15 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 08:30:15 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 08:30:23 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 08:33:03 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49826, Process: roguekillerx64.exe)
2014/02/20 08:33:11 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49828, Process: chrome.exe)
2014/02/20 08:33:11 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49829, Process: chrome.exe)
2014/02/20 08:33:11 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49830, Process: chrome.exe)
2014/02/20 08:33:19 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49858, Process: svchost.exe)
2014/02/20 08:33:35 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49862, Process: chrome.exe)
2014/02/20 08:33:35 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49863, Process: chrome.exe)
2014/02/20 08:33:35 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49864, Process: chrome.exe)
2014/02/20 08:34:15 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49880, Process: chrome.exe)
2014/02/20 08:34:15 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49881, Process: chrome.exe)
2014/02/20 08:34:15 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49882, Process: chrome.exe)
2014/02/20 08:36:23 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49922, Process: roguekillerx64.exe)
2014/02/20 08:36:39 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49925, Process: svchost.exe)
2014/02/20 08:36:39 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49926, Process: svchost.exe)
2014/02/20 08:36:39 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49929, Process: svchost.exe)
2014/02/20 08:36:39 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49930, Process: svchost.exe)
2014/02/20 08:36:39 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49931, Process: svchost.exe)
2014/02/20 08:36:39 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49932, Process: svchost.exe)
2014/02/20 08:36:39 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49933, Process: svchost.exe)
2014/02/20 08:36:39 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49934, Process: svchost.exe)
2014/02/20 08:36:39 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49936, Process: svchost.exe)
2014/02/20 08:36:39 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49937, Process: svchost.exe)
2014/02/20 08:36:39 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49938, Process: svchost.exe)
2014/02/20 08:36:39 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49939, Process: svchost.exe)
2014/02/20 08:36:47 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49941, Process: svchost.exe)
2014/02/20 08:36:47 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49942, Process: svchost.exe)
2014/02/20 08:36:47 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49943, Process: svchost.exe)
2014/02/20 08:36:47 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49944, Process: svchost.exe)
2014/02/20 08:36:47 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49945, Process: svchost.exe)
2014/02/20 08:36:47 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49946, Process: svchost.exe)
2014/02/20 08:36:47 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49948, Process: svchost.exe)
2014/02/20 08:36:47 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49949, Process: svchost.exe)
2014/02/20 08:36:47 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49950, Process: svchost.exe)
2014/02/20 08:36:47 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49951, Process: svchost.exe)
2014/02/20 08:36:47 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49952, Process: svchost.exe)
2014/02/20 08:36:47 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49953, Process: svchost.exe)
2014/02/20 08:36:47 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49954, Process: svchost.exe)
2014/02/20 08:36:47 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49955, Process: svchost.exe)
2014/02/20 08:36:47 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49956, Process: svchost.exe)
2014/02/20 08:36:47 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49957, Process: svchost.exe)
2014/02/20 08:36:47 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49958, Process: svchost.exe)
2014/02/20 08:36:47 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49959, Process: svchost.exe)
2014/02/20 08:36:47 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49960, Process: svchost.exe)
2014/02/20 08:36:47 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49961, Process: svchost.exe)
2014/02/20 08:36:55 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49962, Process: svchost.exe)
2014/02/20 08:36:55 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49963, Process: svchost.exe)
2014/02/20 08:37:03 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49964, Process: svchost.exe)
2014/02/20 08:37:03 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49965, Process: svchost.exe)
2014/02/20 08:37:03 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49966, Process: svchost.exe)
2014/02/20 08:37:03 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49967, Process: svchost.exe)
2014/02/20 08:37:11 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49968, Process: svchost.exe)
2014/02/20 08:37:11 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49969, Process: svchost.exe)
2014/02/20 08:37:11 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49971, Process: svchost.exe)
2014/02/20 08:37:11 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49972, Process: svchost.exe)
2014/02/20 08:37:11 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49974, Process: svchost.exe)
2014/02/20 08:37:11 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49975, Process: svchost.exe)
2014/02/20 08:37:11 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49976, Process: svchost.exe)
2014/02/20 08:37:11 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49977, Process: svchost.exe)
2014/02/20 08:45:20 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 08:45:20 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 08:45:20 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 08:45:28 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 08:45:28 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 08:45:28 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 08:45:28 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 08:45:36 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 08:45:44 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 50013, Process: frst64.exe)
2014/02/20 08:50:32 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 50038, Process: adwcleaner.exe)
2014/02/20 08:58:48 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 50084, Process: ccsetup410.exe)
2014/02/20 08:58:56 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 50085, Process: chrome.exe)
2014/02/20 08:58:56 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 50086, Process: chrome.exe)
2014/02/20 08:58:56 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 50087, Process: chrome.exe)
2014/02/20 09:00:32 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 09:00:32 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 09:00:32 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 09:00:40 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 09:00:40 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 09:00:40 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 09:00:40 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 09:00:48 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 09:02:01 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 50095, Process: chrome.exe)
2014/02/20 09:02:01 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 50096, Process: chrome.exe)
2014/02/20 09:02:01 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 50123, Process: chrome.exe)
2014/02/20 09:02:09 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 50134, Process: chrome.exe)
2014/02/20 09:02:09 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 50135, Process: chrome.exe)
2014/02/20 09:02:09 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 50136, Process: chrome.exe)
2014/02/20 09:02:09 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 50137, Process: chrome.exe)
2014/02/20 09:02:09 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 50138, Process: chrome.exe)
2014/02/20 09:06:07 -0800   KATHY-LAPTOP   (null)   MESSAGE   Starting protection
2014/02/20 09:06:07 -0800   KATHY-LAPTOP   (null)   MESSAGE   Protection started successfully
2014/02/20 09:06:07 -0800   KATHY-LAPTOP   (null)   MESSAGE   Starting IP protection
2014/02/20 09:06:09 -0800   KATHY-LAPTOP   (null)   MESSAGE   IP Protection started successfully
2014/02/20 09:15:03 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49241, Process: portableappsupdater.exe)
2014/02/20 09:21:27 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 09:21:35 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 09:21:35 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 09:21:35 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 09:21:35 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 09:21:43 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 09:21:43 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 09:21:43 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 09:24:20 -0800   KATHY-LAPTOP   Kathy   MESSAGE   Starting database refresh
2014/02/20 09:24:20 -0800   KATHY-LAPTOP   Kathy   MESSAGE   Stopping IP protection
2014/02/20 09:24:21 -0800   KATHY-LAPTOP   Kathy   MESSAGE   IP Protection stopped successfully
2014/02/20 09:24:23 -0800   KATHY-LAPTOP   Kathy   MESSAGE   Database refreshed successfully
2014/02/20 09:24:23 -0800   KATHY-LAPTOP   Kathy   MESSAGE   Starting IP protection
2014/02/20 09:24:24 -0800   KATHY-LAPTOP   Kathy   MESSAGE   IP Protection started successfully
2014/02/20 09:36:47 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 09:36:47 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 09:36:47 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 09:36:55 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 09:36:55 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 09:36:55 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 09:36:55 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 09:37:03 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 09:51:51 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 09:51:59 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 09:51:59 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 09:51:59 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 09:52:07 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 09:52:07 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 09:52:07 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 09:52:15 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 10:07:04 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 10:07:12 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 10:07:12 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 10:07:20 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 10:07:20 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 10:07:20 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 10:07:28 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 10:07:28 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 10:12:40 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49464, Process: outlook.exe)
2014/02/20 10:22:16 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 10:22:24 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 10:22:24 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 10:22:32 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 10:22:32 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 10:22:32 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 10:22:40 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 10:22:40 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 10:28:50 -0800   KATHY-LAPTOP   (null)   MESSAGE   Starting protection
2014/02/20 10:28:50 -0800   KATHY-LAPTOP   (null)   MESSAGE   Protection started successfully
2014/02/20 10:28:50 -0800   KATHY-LAPTOP   (null)   MESSAGE   Starting IP protection
2014/02/20 10:28:52 -0800   KATHY-LAPTOP   (null)   MESSAGE   IP Protection started successfully
2014/02/20 10:30:02 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49178, Process: svchost.exe)
2014/02/20 10:30:02 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49179, Process: svchost.exe)
2014/02/20 10:30:02 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49181, Process: svchost.exe)
2014/02/20 10:30:02 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49182, Process: svchost.exe)
2014/02/20 10:30:02 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49184, Process: svchost.exe)
2014/02/20 10:30:02 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49185, Process: svchost.exe)
2014/02/20 10:30:02 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49187, Process: svchost.exe)
2014/02/20 10:30:02 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49188, Process: svchost.exe)
2014/02/20 10:30:02 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49190, Process: svchost.exe)
2014/02/20 10:30:02 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49191, Process: svchost.exe)
2014/02/20 10:30:02 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49192, Process: svchost.exe)
2014/02/20 10:30:02 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49193, Process: svchost.exe)
2014/02/20 10:30:02 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49194, Process: svchost.exe)
2014/02/20 10:30:02 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49195, Process: svchost.exe)
2014/02/20 10:30:02 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49196, Process: svchost.exe)
2014/02/20 10:30:02 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49197, Process: svchost.exe)
2014/02/20 10:30:02 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49198, Process: svchost.exe)
2014/02/20 10:30:02 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49199, Process: svchost.exe)
2014/02/20 10:36:18 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49255, Process: portableappsupdater.exe)
2014/02/20 10:39:48 -0800   KATHY-LAPTOP   (null)   MESSAGE   Starting protection
2014/02/20 10:39:48 -0800   KATHY-LAPTOP   (null)   MESSAGE   Protection started successfully
2014/02/20 10:39:48 -0800   KATHY-LAPTOP   (null)   MESSAGE   Starting IP protection
2014/02/20 10:39:50 -0800   KATHY-LAPTOP   (null)   MESSAGE   IP Protection started successfully
2014/02/20 10:44:12 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49225, Process: portableappsupdater.exe)
2014/02/20 10:53:56 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49378, Process: tdsskiller.exe)
2014/02/20 10:53:56 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49380, Process: tdsskiller.exe)
2014/02/20 10:54:04 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49383, Process: tdsskiller.exe)
2014/02/20 10:54:12 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49385, Process: tdsskiller.exe)
2014/02/20 10:54:12 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49387, Process: tdsskiller.exe)
2014/02/20 10:55:08 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 10:55:16 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 10:55:16 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 10:55:16 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 10:55:16 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 10:55:24 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 10:55:24 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 10:55:24 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 10:59:42 -0800   KATHY-LAPTOP   Kathy   MESSAGE   Stopping protection
2014/02/20 10:59:42 -0800   KATHY-LAPTOP   Kathy   MESSAGE   Protection stopped successfully
2014/02/20 10:59:42 -0800   KATHY-LAPTOP   Kathy   MESSAGE   Stopping IP protection
2014/02/20 10:59:42 -0800   KATHY-LAPTOP   Kathy   MESSAGE   IP Protection stopped successfully
2014/02/20 10:59:43 -0800   KATHY-LAPTOP   Kathy   MESSAGE   Protection stopped
2014/02/20 11:04:45 -0800   KATHY-LAPTOP   (null)   MESSAGE   Starting protection
2014/02/20 11:04:45 -0800   KATHY-LAPTOP   (null)   MESSAGE   Protection started successfully
2014/02/20 11:04:45 -0800   KATHY-LAPTOP   (null)   MESSAGE   Starting IP protection
2014/02/20 11:04:48 -0800   KATHY-LAPTOP   Kathy   MESSAGE   IP Protection started successfully
2014/02/20 11:05:49 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 11:14:45 -0800   KATHY-LAPTOP   Kathy   MESSAGE   Starting database refresh
2014/02/20 11:14:45 -0800   KATHY-LAPTOP   Kathy   MESSAGE   Stopping IP protection
2014/02/20 11:16:03 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 11:20:05 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 11:20:06 -0800   KATHY-LAPTOP   Kathy   MESSAGE   IP Protection stopped successfully
2014/02/20 11:20:09 -0800   KATHY-LAPTOP   (null)   MESSAGE   Database refreshed successfully
2014/02/20 11:20:09 -0800   KATHY-LAPTOP   (null)   MESSAGE   Starting IP protection
2014/02/20 11:20:10 -0800   KATHY-LAPTOP   (null)   MESSAGE   IP Protection started successfully
2014/02/20 11:20:33 -0800   KATHY-LAPTOP   (null)   MESSAGE   Starting protection
2014/02/20 11:20:33 -0800   KATHY-LAPTOP   (null)   MESSAGE   Protection started successfully
2014/02/20 11:20:33 -0800   KATHY-LAPTOP   (null)   MESSAGE   Starting IP protection
2014/02/20 11:20:36 -0800   KATHY-LAPTOP   (null)   MESSAGE   IP Protection started successfully
2014/02/20 11:25:05 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49218, Process: portableappsupdater.exe)
2014/02/20 11:32:17 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49345, Process: chrome.exe)
2014/02/20 11:32:17 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49346, Process: chrome.exe)
2014/02/20 11:32:17 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49349, Process: chrome.exe)
2014/02/20 11:32:25 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49357, Process: chrome.exe)
2014/02/20 11:32:25 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49358, Process: chrome.exe)
2014/02/20 11:32:25 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49359, Process: chrome.exe)
2014/02/20 11:32:25 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49360, Process: chrome.exe)
2014/02/20 11:32:25 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49361, Process: chrome.exe)
2014/02/20 11:32:25 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49362, Process: chrome.exe)
2014/02/20 11:33:26 -0800   KATHY-LAPTOP   Kathy   MESSAGE   Starting protection
2014/02/20 11:33:26 -0800   KATHY-LAPTOP   Kathy   MESSAGE   Protection started successfully
2014/02/20 11:33:26 -0800   KATHY-LAPTOP   Kathy   MESSAGE   Starting IP protection
2014/02/20 11:33:28 -0800   KATHY-LAPTOP   Kathy   MESSAGE   IP Protection started successfully
2014/02/20 11:48:49 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 11:48:57 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 11:48:57 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 11:48:57 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 11:48:57 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 11:49:05 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 11:49:05 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 11:49:05 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 12:04:03 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 12:04:03 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 12:04:11 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 12:04:11 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 12:04:11 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 12:04:11 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 12:04:19 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 12:04:19 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 12:05:07 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49310, Process: portableappsupdater.exe)
2014/02/20 12:19:16 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 12:19:16 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 12:19:24 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 12:19:24 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 12:19:24 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 12:19:24 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 12:19:32 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 12:19:32 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 12:34:28 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 12:34:28 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 12:34:36 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 12:34:36 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 12:34:36 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 12:34:44 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 12:34:44 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 12:34:52 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 12:49:41 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 12:49:41 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 12:49:49 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 12:49:49 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 12:49:49 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 12:49:57 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 12:49:57 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 12:50:05 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 12:52:34 -0800   KATHY-LAPTOP   Kathy   MESSAGE   Starting database refresh
2014/02/20 12:52:34 -0800   KATHY-LAPTOP   Kathy   MESSAGE   Stopping IP protection
2014/02/20 12:52:34 -0800   KATHY-LAPTOP   Kathy   MESSAGE   IP Protection stopped successfully
2014/02/20 12:52:37 -0800   KATHY-LAPTOP   Kathy   MESSAGE   Database refreshed successfully
2014/02/20 12:52:37 -0800   KATHY-LAPTOP   Kathy   MESSAGE   Starting IP protection
2014/02/20 12:52:38 -0800   KATHY-LAPTOP   Kathy   MESSAGE   IP Protection started successfully
2014/02/20 13:04:53 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 13:04:53 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 13:05:01 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 13:05:01 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 13:05:01 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 13:05:09 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 13:05:09 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 13:05:17 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 13:20:05 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 13:20:05 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 13:20:13 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 13:20:13 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 13:20:21 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 13:20:21 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 13:20:29 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 13:20:29 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 13:35:18 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 13:35:18 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 13:35:26 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 13:35:26 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 13:35:34 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 13:35:34 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 13:35:42 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 13:35:42 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 13:37:10 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49617, Process: chrome.exe)
2014/02/20 13:37:10 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49618, Process: chrome.exe)
2014/02/20 13:37:10 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49621, Process: chrome.exe)
2014/02/20 13:37:18 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49628, Process: chrome.exe)
2014/02/20 13:37:18 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49629, Process: chrome.exe)
2014/02/20 13:37:18 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49630, Process: chrome.exe)
2014/02/20 13:37:18 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49631, Process: chrome.exe)
2014/02/20 13:37:18 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49632, Process: chrome.exe)
2014/02/20 13:37:18 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49633, Process: chrome.exe)
2014/02/20 13:38:30 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49637, Process: chrome.exe)
2014/02/20 13:38:30 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49638, Process: chrome.exe)
2014/02/20 13:38:30 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49639, Process: chrome.exe)
2014/02/20 13:38:38 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49641, Process: chrome.exe)
2014/02/20 13:38:38 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49642, Process: chrome.exe)
2014/02/20 13:38:38 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49643, Process: chrome.exe)
2014/02/20 13:39:02 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49644, Process: svchost.exe)
2014/02/20 13:39:02 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49646, Process: svchost.exe)
2014/02/20 13:39:02 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49648, Process: svchost.exe)
2014/02/20 13:40:06 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49651, Process: svchost.exe)
2014/02/20 13:41:18 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49654, Process: chrome.exe)
2014/02/20 13:41:18 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49655, Process: chrome.exe)
2014/02/20 13:41:18 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49658, Process: chrome.exe)
2014/02/20 13:41:26 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49665, Process: chrome.exe)
2014/02/20 13:41:26 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49666, Process: chrome.exe)
2014/02/20 13:41:26 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49667, Process: chrome.exe)
2014/02/20 13:41:26 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49668, Process: chrome.exe)
2014/02/20 13:41:26 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49669, Process: chrome.exe)
2014/02/20 13:41:26 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49670, Process: chrome.exe)
2014/02/20 13:41:58 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49674, Process: chrome.exe)
2014/02/20 13:41:58 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49687, Process: chrome.exe)
2014/02/20 13:42:33 -0800   KATHY-LAPTOP   (null)   MESSAGE   Starting protection
2014/02/20 13:42:33 -0800   KATHY-LAPTOP   (null)   MESSAGE   Protection started successfully
2014/02/20 13:42:33 -0800   KATHY-LAPTOP   (null)   MESSAGE   Starting IP protection
2014/02/20 13:42:35 -0800   KATHY-LAPTOP   (null)   MESSAGE   IP Protection started successfully
2014/02/20 13:44:41 -0800   KATHY-LAPTOP   (null)   MESSAGE   Starting protection
2014/02/20 13:44:41 -0800   KATHY-LAPTOP   (null)   MESSAGE   Protection started successfully
2014/02/20 13:44:41 -0800   KATHY-LAPTOP   (null)   MESSAGE   Starting IP protection
2014/02/20 13:44:43 -0800   KATHY-LAPTOP   Kathy   MESSAGE   IP Protection started successfully
2014/02/20 13:51:53 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49245, Process: svchost.exe)
2014/02/20 13:51:53 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49247, Process: svchost.exe)
2014/02/20 13:53:06 -0800   KATHY-LAPTOP   Kathy   MESSAGE   Starting database refresh
2014/02/20 13:53:06 -0800   KATHY-LAPTOP   Kathy   MESSAGE   Stopping IP protection
2014/02/20 13:53:06 -0800   KATHY-LAPTOP   Kathy   MESSAGE   IP Protection stopped successfully
2014/02/20 13:53:08 -0800   KATHY-LAPTOP   Kathy   MESSAGE   Database refreshed successfully
2014/02/20 13:53:08 -0800   KATHY-LAPTOP   Kathy   MESSAGE   Starting IP protection
2014/02/20 13:53:10 -0800   KATHY-LAPTOP   Kathy   MESSAGE   IP Protection started successfully
2014/02/20 14:00:05 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 14:00:05 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 14:00:05 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 14:00:13 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 14:00:13 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 14:00:13 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 14:00:13 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 14:00:21 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 14:15:17 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 14:15:17 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 14:15:17 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 14:15:25 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 14:15:25 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 14:15:25 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 14:15:33 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 14:15:33 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 14:30:30 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 14:30:30 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 14:30:38 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 14:30:38 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 14:30:38 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 14:30:38 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 14:30:46 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 14:30:46 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 14:42:52 -0800   KATHY-LAPTOP   Kathy   MESSAGE   Starting database refresh
2014/02/20 14:42:52 -0800   KATHY-LAPTOP   Kathy   MESSAGE   Stopping IP protection
2014/02/20 14:42:52 -0800   KATHY-LAPTOP   Kathy   MESSAGE   IP Protection stopped successfully
2014/02/20 14:42:55 -0800   KATHY-LAPTOP   Kathy   MESSAGE   Database refreshed successfully
2014/02/20 14:42:55 -0800   KATHY-LAPTOP   Kathy   MESSAGE   Starting IP protection
2014/02/20 14:42:56 -0800   KATHY-LAPTOP   Kathy   MESSAGE   IP Protection started successfully
2014/02/20 14:43:32 -0800   KATHY-LAPTOP   (null)   MESSAGE   Starting protection
2014/02/20 14:43:32 -0800   KATHY-LAPTOP   (null)   MESSAGE   Protection started successfully
2014/02/20 14:43:32 -0800   KATHY-LAPTOP   (null)   MESSAGE   Starting IP protection
2014/02/20 14:43:35 -0800   KATHY-LAPTOP   Kathy   MESSAGE   IP Protection started successfully
2014/02/20 14:58:53 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 14:59:01 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 14:59:01 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 14:59:01 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 14:59:01 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 14:59:09 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 14:59:09 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 14:59:09 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 15:14:05 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 15:14:13 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 15:14:13 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 15:14:13 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 15:14:21 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 15:14:21 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 15:14:21 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 15:14:29 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 15:29:18 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 15:29:26 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 15:29:26 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 15:29:26 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 15:29:34 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 15:29:34 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 15:29:34 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 15:29:42 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 15:44:30 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 15:44:38 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 15:44:38 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 15:44:38 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 15:44:46 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 15:44:46 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 15:44:54 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 15:44:54 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing)
2014/02/20 15:55:18 -0800   KATHY-LAPTOP   (null)   MESSAGE   Starting protection
2014/02/20 15:55:18 -0800   KATHY-LAPTOP   (null)   MESSAGE   Protection started successfully
2014/02/20 15:55:18 -0800   KATHY-LAPTOP   (null)   MESSAGE   Starting IP protection
2014/02/20 15:55:20 -0800   KATHY-LAPTOP   Kathy   MESSAGE   IP Protection started successfully
2014/02/20 15:56:54 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49230, Process: chrome.exe)
2014/02/20 15:57:02 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49232, Process: chrome.exe)
2014/02/20 15:57:34 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49260, Process: chrome.exe)
2014/02/20 15:57:42 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49261, Process: svchost.exe)
2014/02/20 15:57:42 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49262, Process: svchost.exe)
2014/02/20 15:57:42 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49264, Process: svchost.exe)
2014/02/20 15:57:42 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49265, Process: svchost.exe)
2014/02/20 15:57:42 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49267, Process: svchost.exe)
2014/02/20 15:57:42 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49268, Process: svchost.exe)
2014/02/20 15:57:50 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49270, Process: dropbox 2.6.7.exe)
2014/02/20 15:57:50 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49272, Process: svchost.exe)
2014/02/20 15:57:50 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49273, Process: svchost.exe)
2014/02/20 15:57:50 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49275, Process: svchost.exe)
2014/02/20 15:57:50 -0800   KATHY-LAPTOP   Kathy   IP-BLOCK   176.74.176.179 (Type: outgoing, Port: 49276, Process: svchost.exe)

MrCharlie · February 21, 2014

Hang on, I just inquired about the IP address to confirm it's definitely bad.

MrC

kalwinhobbess · February 21, 2014

Yes,. There is some serious problem with that IP. I am also getting the same for last few days.

MrCharlie · February 21, 2014

Yes, it's definitely bad.

Please do this:

Download aswMBR to your desktop.

http://public.avast.com/~gmerek/aswMBR.exe

Double click the aswMBR.exe to run it.

If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".

Click the "Scan" button to start scan.

On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

Please zip it up and attach it to your next post.

MrC

connellbsd · February 21, 2014

I cannot seem to get past it scanning the service wdnissvc, which is the win defender network servcie. And win defender isn't even running. Its keeps crashing in the exact same spot.

I attached screen prints.. kills me that i cannot paste screen prints into this interface..

MrCharlie · February 21, 2014

Try this one:

Scan for rootkits with GMER Rootkit Scanner

Download GMER Rootkit Scanner from HERE to your desktop.

Double click the .exe file (it will be named some random characters). If asked to allow gmer.sys driver to load, please consent .

If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

Click the image to enlarge it

In the right panel, you will see several boxes that have been checked. Uncheck the following ...

Sections

IAT/EAT

Drives/Partition other than Systemdrive (typically C:\)

Show All (don't miss this one)

Then click the Scan button & wait for it to finish.

Once done click on the [save..] button, and in the File name area, type in Gmer.txt or it will save as a .log file which cannot be uploaded to your post.

Save it where you can easily find it, such as your desktop, and post it in your reply.

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

NOTE:

If you cannot run GMER as indicated above, please save a scan from the initial startup scan.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double click the gmer.exe file.

The program will begin to run, and perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.

After the "initial scan" is complete, click on the Save button, and save the log file to your desktop, and post it in your reply

MrC

connellbsd · February 21, 2014

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-02-20 18:32:34
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000034 SAMSUNG_470_Series_SSD rev.AXM09B1Q 59.63GB
Running: 9hyey0dz.exe; Driver: C:\Users\Bill\AppData\Local\Temp\ageiqkoc.sys

---- Kernel code sections - GMER 2.1 ----

.text    C:\WINDOWS\System32\win32k.sys!W32pServiceTable                                                                                                                                                                                                  fffff9600006eb00 15 bytes [00, 7E, 0F, 02, C0, 70, 70, ...]
.text    C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16                                                                                                                                                                                             fffff9600006eb10 11 bytes [00, DB, FB, FF, 80, DC, DF, ...]

---- User code sections - GMER 2.1 ----

.text    C:\WINDOWS\system32\dwm.exe[1008] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                                                                                         00007ffd661b169a 4 bytes [1B, 66, FD, 7F]
.text    C:\WINDOWS\system32\dwm.exe[1008] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                                                                                         00007ffd661b16a2 4 bytes [1B, 66, FD, 7F]
.text    C:\WINDOWS\system32\dwm.exe[1008] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                                                                            00007ffd661b181a 4 bytes [1B, 66, FD, 7F]
.text    C:\WINDOWS\system32\dwm.exe[1008] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                                                                            00007ffd661b1832 4 bytes [1B, 66, FD, 7F]
.text    C:\Program Files\CrashPlan\CrashPlanService.exe[1540] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                                                                     00007ffd661b169a 4 bytes [1B, 66, FD, 7F]
.text    C:\Program Files\CrashPlan\CrashPlanService.exe[1540] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                                                                     00007ffd661b16a2 4 bytes [1B, 66, FD, 7F]
.text    C:\Program Files\CrashPlan\CrashPlanService.exe[1540] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                                                        00007ffd661b181a 4 bytes [1B, 66, FD, 7F]
.text    C:\Program Files\CrashPlan\CrashPlanService.exe[1540] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                                                        00007ffd661b1832 4 bytes [1B, 66, FD, 7F]
.text    C:\WINDOWS\system32\mfevtps.exe[1776] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506                                                                                                                                                     00007ffd661b169a 4 bytes [1B, 66, FD, 7F]
.text    C:\WINDOWS\system32\mfevtps.exe[1776] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514                                                                                                                                                     00007ffd661b16a2 4 bytes [1B, 66, FD, 7F]
.text    C:\WINDOWS\system32\mfevtps.exe[1776] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118                                                                                                                                                        00007ffd661b181a 4 bytes [1B, 66, FD, 7F]
.text    C:\WINDOWS\system32\mfevtps.exe[1776] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142                                                                                                                                                        00007ffd661b1832 4 bytes [1B, 66, FD, 7F]
.text    C:\WINDOWS\Explorer.EXE[4052] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                                                                                             00007ffd661b169a 4 bytes [1B, 66, FD, 7F]
.text    C:\WINDOWS\Explorer.EXE[4052] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                                                                                             00007ffd661b16a2 4 bytes [1B, 66, FD, 7F]
.text    C:\WINDOWS\Explorer.EXE[4052] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                                                                                00007ffd661b181a 4 bytes [1B, 66, FD, 7F]
.text    C:\WINDOWS\Explorer.EXE[4052] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                                                                                00007ffd661b1832 4 bytes [1B, 66, FD, 7F]

---- Threads - GMER 2.1 ----

Thread   C:\WINDOWS\system32\csrss.exe [664:696]                                                                                                                                                                                                          fffff960008924d0
Thread   C:\WINDOWS\system32\csrss.exe [664:700]                                                                                                                                                                                                          fffff960008924d0
Thread   C:\WINDOWS\system32\csrss.exe [664:716]                                                                                                                                                                                                          fffff960008924d0
Thread   C:\WINDOWS\system32\svchost.exe [424:5064]                                                                                                                                                                                                       00007ffd531a11b0
Thread   C:\WINDOWS\system32\svchost.exe [424:5724]                                                                                                                                                                                                       00007ffd41eb2b48
Thread   C:\WINDOWS\system32\svchost.exe [424:3116]                                                                                                                                                                                                       00007ffd622c38e0
---- Processes - GMER 2.1 ----

Library C:\Users\Bill\AppData\Local\Temp\nsa2FA6.tmp\registry.dll (*** suspicious ***) @ P:\PortableApps\FirefoxPortable\FirefoxPortable.exe [5960](2014-02-21 02:11:04)                                                                                 0000000010000000
Library C:\Users\Bill\AppData\Local\Temp\nsa2FA6.tmp\System.dll (*** suspicious ***) @ P:\PortableApps\FirefoxPortable\FirefoxPortable.exe [5960](2014-02-21 02:11:04)                                                                                   000000006f950000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Control@SystemStartOptions                                                                                                                                                                                          NOEXECUTE=OPTIN SAFEBOOT:MINIMAL BOOTLOG NOGUIBOOT BOOTLOGO
Reg      HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime                                                                                                                                                                                0x05 0x4B 0xEC 0x01 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime                                                                                                                                                                            0xB5 0x05 0x4D 0x85 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime                                                                                                                                                                                   0x5F 0xAD 0xEE 0x01 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime                                                                                                                                                                               0x35 0x68 0x4F 0x85 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@en-US                                                                                                                                                                            43
Reg      HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\HSD49B81234567890123_18_07DD_56_10DE_1040_00000001_00000000_100110+HSD49B81234567890123_18_07DD_56_10DE_1040_00000002_00000000_2^9C026B2321F8414BAF79E304CC2A7126@Timestamp 0xBE 0x7D 0x22 0x03 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid                                                                                                                                                                                                 536
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment@SAFEBOOT_OPTION                                                                                                                                                                MINIMAL
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber                                                                                                                                                               3900024
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                                                                                                                                                -1872791550
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId                                                                                                                                                47
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime                                                                                                                                              404922538
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime                                                                                                                                                                             21767
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID                                                                                                                                                                                 68125014-80c7-48bd-a7be-cd04084
Reg      HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter                                                                                                                                                                   2
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{49db4495-fdbd-4bd0-8eb5-5a9a0d781bdf}@LastProbeTime                                                                                                                            1392911638
Reg      HKLM\SYSTEM\CurrentControlSet\Services\mfehidk@LoadArg                                                                                                                                                                                           FFFFFFFFC000009A
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch                                                                                                                                                                                  1278
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch                                                                                                                                                                                 172
Reg      HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence                                                                                                                                                                           43
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E4C25A2D-235C-4C0A-85C5-0D03EB34BC80}@LeaseObtainedTime                                                                                                                      1392940435
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E4C25A2D-235C-4C0A-85C5-0D03EB34BC80}@T1                                                                                                                                     1393242835
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E4C25A2D-235C-4C0A-85C5-0D03EB34BC80}@T2                                                                                                                                     1393469635
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E4C25A2D-235C-4C0A-85C5-0D03EB34BC80}@LeaseTerminatesTime                                                                                                                    1393545235
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop                                                                                                                                                                 0
Reg      HKLM\SYSTEM\Setup@SystemPartition                                                                                                                                                                                                                \Device\HarddiskVolume2
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown                                                                                                                                                                   1
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\iexplore@Count                                                                                                                                   21
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\iexplore@Count                                                                                                                                   52
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell\Grid@Layout_MaximumAvailableHeightCells                                                                                                                                            8
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell\Grid@Layout_AvailableHeightCells                                                                                                                                                   8

---- EOF - GMER 2.1 ----

connellbsd · February 21, 2014

Here is the gmer text file attached incase its to difficult to read in this web interface. -Bill

Gmer.txt

MrCharlie · February 21, 2014

Library C:\Users\Bill\AppData\Local\Temp\nsa2FA6.tmp\registry.dll (*** suspicious ***) @ P:\PortableApps\FirefoxPortable\FirefoxPortable.exe [5960](2014-02-21 02:11:04) 0000000010000000
Library C:\Users\Bill\AppData\Local\Temp\nsa2FA6.tmp\System.dll (*** suspicious ***) @ P:\PortableApps\FirefoxPortable\FirefoxPortable.exe [5960](2014-02-21 02:11:04)

We've seen these before.

Run this scan:

Download Malwarebytes Anti-Rootkit from HERE

Run the file and follow the onscreen instructions to extract it to a location of your choosing (your desktop by default)
Malwarebytes Anti-Rootkit will then open, follow the instruction in the wizard to update and allow the program to scan your computer for threats
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

MrC

connellbsd · February 21, 2014

Yes, they are ok. They are created at runtime for the portable firefox app. They go away once i shut that down. BTW

I ran that scan on my win 8.1 machine instead of my wifes win 7 laptop. Here are the results from her machine that aswbmr worked correctly on.

aswMBR.txt

MBR.7z

MrCharlie · February 21, 2014

The scan looks OK, I can't open that zip file, can you zip it up with Windows.

or you can upload it to VirusTotal for a free scan.

https://www.virustotal.com/

MrC

connellbsd · February 21, 2014

Sorry, i use 7zip and it defaults to that extention. I have rezipped it. I also just ran that MWB beta rootkit. It said Congratulations, no cleanup is required! Am i on the bleeding edge of malware?

connellbsd · February 21, 2014

Wait, they MBW Beta log seems to say it removed something

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16476

Java version: 1.6.0_31

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, K:\ DRIVE_FIXED, P:\ DRIVE_FIXED
CPU speed: 2.594000 GHz
Memory total: 4275339264, free: 2172723200

Downloaded database version: v2014.02.21.01
Downloaded database version: v2014.02.20.01
=======================================
------------ Kernel report ------------
     02/20/2014 19:04:19
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\vpcnfltr.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\vpcvmm.sys
\SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
\SystemRoot\system32\DRIVERS\VBoxDrv.sys
\SystemRoot\System32\drivers\truecrypt.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\risdsnxc64.sys
\SystemRoot\system32\DRIVERS\rimssne64.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\SFEP.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\vpcusb.sys
\SystemRoot\system32\DRIVERS\usbrpm.sys
\SystemRoot\system32\DRIVERS\vpchbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtHDMIVX.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\bcbtums.sys
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\drivers\btwampfl.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\dc3d.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\point64.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\btwavdt.sys
\SystemRoot\system32\drivers\btwaudio.sys
\SystemRoot\system32\DRIVERS\btwl2cap.sys
\SystemRoot\system32\DRIVERS\btwrchid.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\aksdf.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\aksfridge.sys
\??\C:\Windows\system32\drivers\hardlock.sys
\SystemRoot\system32\DRIVERS\aksusb.sys
\SystemRoot\system32\DRIVERS\AKSCLASS.SYS
\SystemRoot\system32\DRIVERS\akshasp.sys
\SystemRoot\system32\DRIVERS\akshhl.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\rdpdr.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Users\Kathy\AppData\Local\Temp\aswMBR.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\Wldap32.dll
\Windows\System32\ole32.dll
\Windows\System32\imm32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\sechost.dll
\Windows\System32\imagehlp.dll
\Windows\System32\lpk.dll
\Windows\System32\wininet.dll
\Windows\System32\psapi.dll
\Windows\System32\shell32.dll
\Windows\System32\gdi32.dll
\Windows\System32\user32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\advapi32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\urlmon.dll
\Windows\System32\nsi.dll
\Windows\System32\difxapi.dll
\Windows\System32\kernel32.dll
\Windows\System32\setupapi.dll
\Windows\System32\msctf.dll
\Windows\System32\comdlg32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\iertutil.dll
\Windows\System32\usp10.dll
\Windows\System32\normaliz.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\devobj.dll
\Windows\System32\comctl32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8003839410
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000ac\
Lower Device Object: 0xfffffa80062eea60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800604f060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8004215050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800604f060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005ed48e0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800604f060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80041b9e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004215050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 5250AD9E

Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 8 Numsec = 35288064

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 35289088 Numsec = 762880
    Partition is not bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 36051968 Numsec = 464065536

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

Disk Size: 256060514304 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-7-500098192-500118192)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8003839410, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004081310, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8003839410, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80062eea60, DeviceName: \Device\000000ac\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 91F72D24

Partition information:

    Partition 0 type is Other (0xb)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 1974208
    Partition file system is FAT32
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

Disk Size: 1010826752 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-35289088-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-63-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished

MrCharlie · February 21, 2014

No, it just removed itself.

I would really like to get a scan of these at https://www.virustotal.com
c:\users\Kathy\AppData\Local\Temp\nsg3756.tmp\registry.dll
c:\users\Kathy\AppData\Local\Temp\nsg3756.tmp\System.dll

------------------------

Run another scan with ComboFix on the W7 computer, (download a fresh copy first)

Be back in the AM, MrC

connellbsd · February 21, 2014

https://www.virustotal.com/en/file/acb79c55b3b9c460d032a6f3aaf6c642bf8c1d450e23279d091cc0c6ca510973/analysis/
https://www.virustotal.com/en/file/7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af/analysis/

connellbsd · February 21, 2014

Holy Crap, I found this googling tonight. There are 1.5 million DNS (URL's) entries for that one IP address. I am halfway thru a scan of all 65000 ports on that IP and so far nothing is open yet.

1479890 websites hosted at 176.74.176.179

http://www.webstatsdomain.org/tools/reverse_ip.php?ip=176.74.176.179

connellbsd · February 21, 2014

It appears this address is managed by internettraffic.com, they park domain names there that are forsale. Maybe something on my machine is pointing at one of those 1.5 million urls. Since I can find no port open on that address. I found that a brand new laptop I just brought up over the weekend with windows 8.1 is currently getting these blocks in MWB, i have almost nothing installed on that machine, yet its hitting that IP address occationally.

connellbsd · February 21, 2014

Ever one of the million + names has this info with it. buy.internettraffic.com or sell.internettraffic.com as its hosting site.

connellbsd · February 21, 2014

OMG! Its not malware or a virus. Turns out I use a fake domain name internally for my network, guess what name is now parked on that address with the millions of names parked. Someone purchased my fake name and parked it there. Not sure why MWB just started this week to see that IP as a threat, or maybe it just got parked there recently. Well, at least I now know what is going on. Hopefully this helps others. -Bill

MrC.. Thanks for all your help. This was a real stumper, I am pretty AR with my surfing the net and trying to keep everything safe by using seperate VM's for most things and even have a few that wipe their snapshots every reboot so no matter what i might do, all it takes is a reboot of the VM and its pristine again.

Results from dds.com scan 176.74.176.179 blocking

Recommended Posts

Link to post

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information