Jump to content

gcolangelo

Members
 View Profile  See their activity

  • Posts

    6

  • Joined

  • Last visited

Reputation

0 Neutral

About gcolangelo

  • Birthday 07/22/1972

Profile Information

  • Location
    Orlando, Fl
  1. gcolangelo
    Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.20.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Master :: KYLE [administrator] Protection: Enabled 7/20/2012 6:08:53 PM mbam-log-2012-07-20 (18-08-53).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 238243 Time elapsed: 14 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) --------------------------------------------------------------------- . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Master at 18:47:18 on 2012-07-20 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3691.2321 [GMT -4:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe C:\Program Files (x86)\Internet Content Filter\UpdateService.exe C:\Windows\system32\mfevtps.exe C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Sender\rgsendersvc.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Program Files (x86)\Internet Content Filter\mfeicfcore.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Hewlett-Packard\HP LinkUp Sender\LinkUpZeroC.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\atieclxx.exe C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Sender\rgsender.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Hewlett-Packard\HP LinkUp Sender\LinkUpFTSender.exe C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Sender\rgsender_gui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Users\Master\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files (x86)\Internet Content Filter\mfp.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Users\Master\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Master\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Master\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Master\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Master\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Master\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Master\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Master\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Master\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . mStart Page = about:blank BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120715114156.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" uRun: [Google Update] "C:\Users\Master\AppData\Local\Google\Update\GoogleUpdate.exe" /c mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe mRun: [<NO NAME>] mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [iCF] "C:\Program Files (x86)\Internet Content Filter\mfp.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: SoftwareSASGeneration = 3 (0x3) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab TCP: DhcpNameServer = 65.32.5.111 65.32.5.112 TCP: Interfaces\{2CC0ADA1-D213-436C-8CFD-2956B820453C} : DhcpNameServer = 65.32.5.111 65.32.5.112 TCP: Interfaces\{2CC0ADA1-D213-436C-8CFD-2956B820453C}\743434232303737323 : DhcpNameServer = 65.32.5.111 65.32.5.112 TCP: Interfaces\{2CC0ADA1-D213-436C-8CFD-2956B820453C}\94E6E602144702458656022456163686 : DhcpNameServer = 75.75.75.75 8.8.8.8 TCP: Interfaces\{2CC0ADA1-D213-436C-8CFD-2956B820453C}\D6562716B696 : DhcpNameServer = 10.128.128.128 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120715114156.dll BHO-X64: scriptproxy - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" mRun-x64: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe mRun-x64: [(Default)] mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun-x64: [iCF] "C:\Program Files (x86)\Internet Content Filter\mfp.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?] R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?] R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2012-7-14 23208] R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?] R3 hprg;hprg;C:\Windows\system32\DRIVERS\hprg.sys --> C:\Windows\system32\DRIVERS\hprg.sys [?] S3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2012-7-14 66320] S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?] . =============== Created Last 30 ================ . 2012-07-19 21:41:54 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CBE39EAD-2D9F-4653-B2B9-FE7D8D6C1CD2}\mpengine.dll 2012-07-18 21:35:40 -------- d-----w- C:\FRST 2012-07-18 14:08:57 9133488 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-18 14:06:10 -------- d-----w- C:\Users\Master\AppData\Roaming\Malwarebytes 2012-07-18 14:05:47 -------- d-----w- C:\ProgramData\Malwarebytes 2012-07-18 14:05:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-07-18 14:05:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-18 14:04:49 -------- d-----w- C:\Users\Master\AppData\Local\Apple 2012-07-15 15:47:50 4117304 ----a-w- C:\Windows\SysWow64\seinst.dll 2012-07-15 15:47:48 -------- d-----w- C:\Program Files (x86)\Internet Content Filter 2012-07-15 15:47:40 2326840 ----a-w- C:\Windows\sediag.exe 2012-07-15 15:47:38 -------- d-----w- C:\ProgramData\Internet Content Filter 2012-07-15 15:42:26 -------- d-----w- C:\Program Files (x86)\McAfee.com 2012-07-15 15:41:55 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys 2012-07-15 15:41:53 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee 2012-07-15 15:41:41 75936 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys 2012-07-15 15:41:41 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys 2012-07-15 15:41:41 513456 ----a-w- C:\Windows\System32\drivers\mfefirek.sys 2012-07-15 15:41:41 335784 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys 2012-07-15 15:41:41 300392 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys 2012-07-15 15:41:41 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys 2012-07-15 15:41:34 -------- d-----w- C:\Program Files\Common Files\McAfee 2012-07-15 15:41:32 -------- d-----w- C:\Program Files\McAfee.com 2012-07-15 15:41:31 -------- d-----w- C:\Program Files\McAfee 2012-07-15 15:41:05 -------- d-----w- C:\Program Files (x86)\McAfee 2012-07-15 15:36:03 177144 ----a-w- C:\Windows\System32\mfevtps.exe 2012-07-15 06:23:02 -------- d-----w- C:\Users\Master\AppData\Local\Google 2012-07-15 06:22:27 -------- d-----w- C:\Users\Master\AppData\Local\Apps 2012-07-15 06:22:26 -------- d-----w- C:\Users\Master\AppData\Local\Deployment 2012-07-15 03:06:50 -------- d-----w- C:\Users\Master\AppData\Local\Hewlett-Packard_Developme 2012-07-15 02:57:47 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware 2012-07-11 14:23:07 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-10 19:08:50 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-07-07 17:38:50 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-03 15:56:02 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A68638E4-6C29-4F63-B1E5-506AE6BE486E}\gapaengine.dll 2012-06-23 22:16:07 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-23 22:15:46 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-23 22:15:18 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-23 22:15:18 186752 ----a-w- C:\Windows\System32\wuwebv.dll . ==================== Find3M ==================== . 2012-07-12 14:29:58 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-21 13:08:44 169320 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys 2012-06-21 13:08:42 752672 ----a-w- C:\Windows\System32\drivers\mfehidk.sys 2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll . ============= FINISH: 18:49:19.54 ===============
  2. gcolangelo
    My home network has: - 1 wired PC - 3 wireless laptops - 1 Kindle reader - 1 Kindle Fire I will update and run MBAM and DDS and will post the logs.
  3. gcolangelo
    Thank you for your reply. I followed every step and unfortunately I'm still receiving the warnings. 2012-07-19 17:48:38.00 [DOS] UDP Packet - Source:192.168.0.2,1900 Destination:239.255.255.250,1900 2012-07-19 17:48:38.00 [DOS] UDP Packet - Source:192.168.0.2,1900 Destination:239.255.255.250,1900 I have run MalwareBytes and McAfee antivirus on all of my machines, they detected and eliminated different threats but this really puzzles me. It is not showing in these recent logs, but I was constantly receiving this security alert from my router on my email as well: UDP Packet - Source:10.197.0.1,67 Destination:255.255.255.255,68
  4. gcolangelo
    Done, I moved it here: http://forums.malwarebytes.org/index.php?showtopic=112729&hl=&fromsearch=1 Thanks,
  5. gcolangelo
    So, a few days ago I started receiving email notifications from my router letting me know about security alerts. I'm including recent logs from my router. 2012-07-18 14:03:46.00 [DOS] UDP Packet - Source:192.168.0.12,137 Destination:192.168.0.255,137 2012-07-18 14:03:47.00 [DOS] UDP Packet - Source:192.168.0.12,1900 Destination:239.255.255.250,1900 2012-07-18 14:03:48.00 [DOS] UDP Packet - Source:192.168.0.12,138 Destination:192.168.0.255,138 2012-07-18 14:03:48.00 [DOS] UDP Packet - Source:192.168.0.12,50980 Destination:239.255.255.250,1900 2012-07-18 14:03:48.00 [DOS] UDP Packet - Source:192.168.0.12,1900 Destination:239.255.255.250,1900 2012-07-18 14:03:48.00 [DOS] UDP Packet - Source:192.168.0.12,56638 Destination:239.255.255.250,1900 2012-07-18 14:03:48.00 [DOS] UDP Packet - Source:192.168.0.12,57644 Destination:239.255.255.250,3702 2012-07-18 14:03:48.00 [DOS] UDP Packet - Source:192.168.0.12,138 Destination:192.168.0.255,138 2012-07-18 14:03:48.00 [DOS] UDP Packet - Source:192.168.0.12,56638 Destination:239.255.255.250,1900 2012-07-18 14:03:49.00 [DOS] UDP Packet - Source:192.168.0.12,49385 Destination:239.255.255.250,1900 2012-07-18 14:03:49.00 [DOS] UDP Packet - Source:192.168.0.12,57644 Destination:239.255.255.250,3702 2012-07-18 14:03:49.00 [DOS] UDP Packet - Source:192.168.0.12,1196 Destination:255.255.255.255,1196 2012-07-18 14:03:50.00 [DOS] UDP Packet - Source:192.168.0.12,1900 Destination:239.255.255.250,1900 2012-07-18 14:03:50.00 [DOS] UDP Packet - Source:192.168.0.12,56638 Destination:239.255.255.250,1900 2012-07-18 14:03:51.00 [DOS] UDP Packet - Source:192.168.0.12,1900 Destination:239.255.255.250,1900 2012-07-18 14:03:51.00 [DOS] UDP Packet - Source:192.168.0.12,138 Destination:192.168.0.255,138 2012-07-18 14:03:51.00 [DOS] UDP Packet - Source:192.168.0.12,56638 Destination:239.255.255.250,1900 2012-07-18 14:04:20.00 [DOS] TCP Packet - Source:192.168.0.12,49328 Destination:192.168.0.1,445 2012-07-18 14:04:20.00 [DOS] TCP Packet - Source:192.168.0.12,49330 Destination:192.168.0.1,445 2012-07-18 14:04:20.00 [DOS] TCP Packet - Source:192.168.0.12,49331 Destination:192.168.0.1,139 2012-07-18 14:04:20.00 [DOS] TCP Packet - Source:192.168.0.12,49329 Destination:192.168.0.1,445 2012-07-18 14:04:55.00 [DOS] TCP Packet - Source:192.168.0.12,49356 Destination:192.168.0.1,5000 2012-07-18 14:05:40.00 [DOS] TCP Packet - Source:192.168.0.12,49544 Destination:192.168.0.1,5000 2012-07-18 14:05:44.00 [DOS] TCP Packet - Source:192.168.0.12,49559 Destination:192.168.0.1,5000 2012-07-18 14:05:48.00 [DOS] TCP Packet - Source:192.168.0.12,49574 Destination:192.168.0.1,5000 2012-07-18 14:05:52.00 [DOS] TCP Packet - Source:192.168.0.12,49590 Destination:192.168.0.1,5000 2012-07-18 14:05:57.00 [DOS] TCP Packet - Source:192.168.0.12,49605 Destination:192.168.0.1,5000 2012-07-18 14:06:00.00 [DOS] TCP Packet - Source:192.168.0.12,49618 Destination:192.168.0.1,5000 2012-07-18 14:06:10.00 [DOS] TCP Packet - Source:192.168.0.12,49655 Destination:192.168.0.1,5000 2012-07-18 14:06:14.00 [DOS] TCP Packet - Source:192.168.0.12,49670 Destination:192.168.0.1,5000 My network range is precisely 192.168.0.x, being my router 192.168.0.1 Does anyone know what's going on with my network? Am I infected with some sort of bot? The address you see in the log belongs to the PC I'm using right now, I have all other devices turned off, including the wireless printers because they would also show being a source when they are on (the printers). I'm going nuts here, please help.
  6. gcolangelo
    So, a few days ago I started receiving email notifications from my router letting me know about security alerts. I'm including recent logs from my router. 2012-07-18 14:03:46.00 [DOS] UDP Packet - Source:192.168.0.12,137 Destination:192.168.0.255,137 2012-07-18 14:03:47.00 [DOS] UDP Packet - Source:192.168.0.12,1900 Destination:239.255.255.250,1900 2012-07-18 14:03:48.00 [DOS] UDP Packet - Source:192.168.0.12,138 Destination:192.168.0.255,138 2012-07-18 14:03:48.00 [DOS] UDP Packet - Source:192.168.0.12,50980 Destination:239.255.255.250,1900 2012-07-18 14:03:48.00 [DOS] UDP Packet - Source:192.168.0.12,1900 Destination:239.255.255.250,1900 2012-07-18 14:03:48.00 [DOS] UDP Packet - Source:192.168.0.12,56638 Destination:239.255.255.250,1900 2012-07-18 14:03:48.00 [DOS] UDP Packet - Source:192.168.0.12,57644 Destination:239.255.255.250,3702 2012-07-18 14:03:48.00 [DOS] UDP Packet - Source:192.168.0.12,138 Destination:192.168.0.255,138 2012-07-18 14:03:48.00 [DOS] UDP Packet - Source:192.168.0.12,56638 Destination:239.255.255.250,1900 2012-07-18 14:03:49.00 [DOS] UDP Packet - Source:192.168.0.12,49385 Destination:239.255.255.250,1900 2012-07-18 14:03:49.00 [DOS] UDP Packet - Source:192.168.0.12,57644 Destination:239.255.255.250,3702 2012-07-18 14:03:49.00 [DOS] UDP Packet - Source:192.168.0.12,1196 Destination:255.255.255.255,1196 2012-07-18 14:03:50.00 [DOS] UDP Packet - Source:192.168.0.12,1900 Destination:239.255.255.250,1900 2012-07-18 14:03:50.00 [DOS] UDP Packet - Source:192.168.0.12,56638 Destination:239.255.255.250,1900 2012-07-18 14:03:51.00 [DOS] UDP Packet - Source:192.168.0.12,1900 Destination:239.255.255.250,1900 2012-07-18 14:03:51.00 [DOS] UDP Packet - Source:192.168.0.12,138 Destination:192.168.0.255,138 2012-07-18 14:03:51.00 [DOS] UDP Packet - Source:192.168.0.12,56638 Destination:239.255.255.250,1900 2012-07-18 14:04:20.00 [DOS] TCP Packet - Source:192.168.0.12,49328 Destination:192.168.0.1,445 2012-07-18 14:04:20.00 [DOS] TCP Packet - Source:192.168.0.12,49330 Destination:192.168.0.1,445 2012-07-18 14:04:20.00 [DOS] TCP Packet - Source:192.168.0.12,49331 Destination:192.168.0.1,139 2012-07-18 14:04:20.00 [DOS] TCP Packet - Source:192.168.0.12,49329 Destination:192.168.0.1,445 2012-07-18 14:04:55.00 [DOS] TCP Packet - Source:192.168.0.12,49356 Destination:192.168.0.1,5000 2012-07-18 14:05:40.00 [DOS] TCP Packet - Source:192.168.0.12,49544 Destination:192.168.0.1,5000 2012-07-18 14:05:44.00 [DOS] TCP Packet - Source:192.168.0.12,49559 Destination:192.168.0.1,5000 2012-07-18 14:05:48.00 [DOS] TCP Packet - Source:192.168.0.12,49574 Destination:192.168.0.1,5000 2012-07-18 14:05:52.00 [DOS] TCP Packet - Source:192.168.0.12,49590 Destination:192.168.0.1,5000 2012-07-18 14:05:57.00 [DOS] TCP Packet - Source:192.168.0.12,49605 Destination:192.168.0.1,5000 2012-07-18 14:06:00.00 [DOS] TCP Packet - Source:192.168.0.12,49618 Destination:192.168.0.1,5000 2012-07-18 14:06:10.00 [DOS] TCP Packet - Source:192.168.0.12,49655 Destination:192.168.0.1,5000 2012-07-18 14:06:14.00 [DOS] TCP Packet - Source:192.168.0.12,49670 Destination:192.168.0.1,5000 My network range is precisely 192.168.0.x, being my router 192.168.0.1 Does anyone know what's going on with my network? Am I infected with some sort of bot? The address you see in the log belongs to the PC I'm using right now, I have all other devices turned off, including the wireless printers because they would also show being a source when they are on (the printers). I'm going nuts here, please help.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.