mirkd

January 1, 2013

Nope, it's not affecting play. When I had League open, I just had it updating. I was browsing and I thought that certain sites were triggering outbound IP's

January 1, 2013

Hmm, Pando media booster was installed with League of Legends. I just read something that this PMB can be uninstalled. I'll uninstall this and see if there's any changes to MWB. Thanks for now.

January 1, 2013

Quick Scan Log:

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org
Database version: v2013.01.01.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
M13 :: M13-PC [administrator]
Protection: Enabled
1/1/2013 3:28:28 PM
mbam-log-2013-01-01 (15-28-28).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224308
Time elapsed: 1 minute(s), 4 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.10.2
Run by M13 at 15:32:08 on 2013-01-01
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8155.6193 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASRock\XFast LAN\spd.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Users\M13\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Users\M13\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\XFastUSB\XFastUsb.exe
C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\notepad.exe
C:\Windows\system32\wbem\wmiprvse.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [ASRockXTU] <no file>
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"
mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun: [updReg] C:\Windows\UpdReg.EXE
mRun: [Conime] C:\Windows\System32\conime.exe
mRun: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{841B711D-A472-479A-9A6D-BFA5699E5BC7} : DHCPNameServer = 192.168.0.1
SSODL: WebCheck - <orphaned>
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe
x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2011-9-21 49760]
R0 AsrRamDisk;AsrRamDisk;C:\Windows\System32\drivers\AsrRamDisk.sys [2012-12-31 31016]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-12-31 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2012-12-31 17192]
R1 FNETURPX;FNETURPX;C:\Windows\System32\drivers\FNETURPX.SYS [2012-12-31 15936]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-12-31 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-12-31 121344]
R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2012-2-9 133632]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-12-31 161560]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-10-19 395200]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-10-15 779200]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-31 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-31 682344]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-12-31 363800]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2012-2-9 25536]
R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2012-2-9 25536]
R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2012-2-9 44992]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-12-31 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-12-31 787736]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2012-10-2 66360]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-31 24176]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2012-12-31 32344]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-12-31 565352]
R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\drivers\WPRO_41_2001.sys [2012-12-31 34752]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 FNETTBOH_305;FNETTBOH_305;C:\Windows\System32\drivers\FNETTBOH_305.SYS [2012-12-31 32320]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-14 19456]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2012-11-14 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-14 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-14 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-14 1255736]
.
=============== Created Last 30 ================
.
2013-01-01 18:59:28 94656 ----a-w- C:\Windows\System32\WPRO_41_2001woem.tmp
2013-01-01 18:18:11 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-01-01 18:18:11 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-01-01 18:18:11 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-01-01 18:18:11 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-01-01 17:55:41 -------- d-----w- C:\Windows\System32\kodak
2013-01-01 17:55:35 261632 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\EKIJ5000PPR.dll
2013-01-01 17:44:46 -------- d-----w- C:\ProgramData\Visan
2013-01-01 17:44:46 -------- d-----w- C:\ProgramData\PrintProjects
2013-01-01 17:44:46 -------- d-----w- C:\Program Files (x86)\PrintProjects
2013-01-01 17:44:28 -------- d-----w- C:\Users\M13\AppData\Local\Eastman_Kodak_Company
2013-01-01 17:40:23 -------- d-----w- C:\Windows\SysWow64\kodak
2013-01-01 17:37:55 -------- d-----w- C:\Windows\SysWow64\spool
2013-01-01 17:37:27 -------- d-----w- C:\Program Files (x86)\Kodak
2013-01-01 17:36:09 -------- d-----w- C:\ProgramData\Kodak
2013-01-01 17:11:57 -------- d-----w- C:\Users\M13\AppData\Roaming\LolClient
2013-01-01 17:01:44 -------- d-----w- C:\Users\M13\AppData\Local\Adobe
2013-01-01 16:49:05 4096000 ----a-w- C:\Program Files (x86)\GUT6A2A.tmp
2013-01-01 16:49:05 -------- d-----w- C:\Program Files (x86)\GUM6A29.tmp
2013-01-01 15:59:50 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll
2013-01-01 15:59:50 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll
2013-01-01 15:59:49 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2013-01-01 15:59:49 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2013-01-01 15:59:49 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2013-01-01 15:57:16 -------- d-----w- C:\Riot Games
2013-01-01 15:55:28 -------- d-----w- C:\Users\M13\AppData\Roaming\Temp
2013-01-01 15:55:28 -------- d-----w- C:\Users\M13\AppData\Local\Eastman Kodak Company
2013-01-01 15:50:38 -------- d-----w- C:\Windows\PCHEALTH
2013-01-01 15:46:26 -------- d-----w- C:\Users\M13\AppData\Local\Microsoft Help
2013-01-01 06:32:55 -------- d-----w- C:\Users\M13\AppData\Roaming\NVIDIA
2013-01-01 06:32:55 -------- d-----w- C:\Users\M13\AppData\Local\Logitech
2013-01-01 06:31:10 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2013-01-01 06:30:58 -------- d-----w- C:\Program Files\Logitech Gaming Software
2013-01-01 06:29:55 -------- d-----w- C:\Users\M13\AppData\Roaming\Logishrd
2013-01-01 06:28:02 -------- d-----w- C:\Users\M13\AppData\Local\PMB Files
2013-01-01 06:28:02 -------- d-----w- C:\ProgramData\PMB Files
2013-01-01 06:27:12 -------- d-----w- C:\Program Files (x86)\Pando Networks
2013-01-01 06:27:06 -------- d-----w- C:\Users\M13\.swt
2013-01-01 05:14:31 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-01 05:14:31 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-01 05:13:58 -------- d-----w- C:\ProgramData\Battle.net
2013-01-01 05:11:07 -------- d-----w- C:\Users\M13\AppData\Local\CrashDumps
2013-01-01 05:05:43 859072 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-01-01 05:05:43 779704 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-01-01 05:05:42 95184 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-01 05:03:30 -------- d-----w- C:\Users\M13\AppData\Local\Google
2013-01-01 05:01:03 890216 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-01-01 05:01:03 63336 ----a-w- C:\Windows\System32\nvshext.dll
2013-01-01 05:01:03 6223208 ----a-w- C:\Windows\System32\nvcpl.dll
2013-01-01 05:01:03 3663213 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-01-01 05:01:03 3311464 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-01-01 05:01:03 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-01-01 05:01:03 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2013-01-01 05:00:52 60776 ----a-w- C:\Windows\System32\OpenCL.dll
2013-01-01 05:00:52 52584 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-01-01 05:00:47 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2013-01-01 05:00:43 -------- d-----w- C:\Program Files\NVIDIA Corporation
2013-01-01 05:00:43 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2013-01-01 05:00:11 -------- d-----w- C:\Windows\System32\appmgmt
2013-01-01 04:57:43 959976 ----a-w- C:\Windows\System32\deployJava1.dll
2013-01-01 04:57:43 1081320 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-01-01 04:55:43 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2013-01-01 04:55:43 -------- d-----w- C:\Program Files (x86)\StarCraft II
2013-01-01 04:55:43 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2013-01-01 04:48:44 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D5EBECF3-13FA-46C7-9EC5-A7A1039CD508}\mpengine.dll
2013-01-01 04:46:56 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7C918A94-4317-450E-8A68-8A123DA575A6}\gapaengine.dll
2013-01-01 04:46:55 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-01 04:41:52 -------- d-----w- C:\Users\M13\AppData\Local\Akamai
2013-01-01 04:40:58 -------- d-----w- C:\Users\M13\AppData\Roaming\Malwarebytes
2013-01-01 04:40:49 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-01-01 04:40:49 -------- d-----w- C:\ProgramData\Malwarebytes
2013-01-01 04:40:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-01 04:40:41 -------- d-----w- C:\Users\M13\AppData\Local\Programs
2013-01-01 04:36:51 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-01-01 04:36:40 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-01-01 04:36:37 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-01-01 04:36:36 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-01-01 04:36:36 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-01-01 04:36:36 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-01-01 04:29:49 32320 ----a-w- C:\Windows\System32\drivers\FNETTBOH_305.SYS
2013-01-01 04:29:42 -------- d-----w- C:\Users\M13\AppData\Local\Western Digital
2013-01-01 04:26:46 -------- d-----w- C:\ProgramData\DeviceVM
2013-01-01 04:26:10 -------- d-----w- C:\ProgramData\Norton
2013-01-01 04:25:57 -------- d-----w- C:\ProgramData\NortonInstaller
2013-01-01 04:25:54 -------- d--h--w- C:\ProgramData\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3}
2013-01-01 04:25:53 -------- d-----w- C:\Users\M13\AppData\Roaming\DeviceVm
2013-01-01 04:25:40 -------- d-----w- C:\Users\M13\AppData\Local\Cyberlink
2013-01-01 04:25:20 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
2013-01-01 04:23:59 1632128 ----a-w- C:\Windows\System32\drivers\cfosspeed6.sys
2013-01-01 04:23:59 -------- d-----w- C:\Users\M13\AppData\Local\cFos
2013-01-01 04:23:59 -------- d-----w- C:\Program Files\ASRock
2013-01-01 04:23:58 -------- d-----w- C:\ProgramData\cFos
2013-01-01 04:23:57 15936 ----a-w- C:\Windows\System32\drivers\FNETURPX.SYS
2013-01-01 04:23:57 -------- d-----w- C:\ProgramData\FNET
2013-01-01 04:23:56 -------- d-----w- C:\Program Files (x86)\XFastUSB
2013-01-01 04:23:52 31016 ----a-w- C:\Windows\System32\drivers\AsrRamDisk.sys
2013-01-01 04:23:51 -------- d-----w- C:\Program Files (x86)\ASRock Utility
2013-01-01 04:23:50 17192 ----a-w- C:\Windows\System32\drivers\AsrAppCharger.sys
2013-01-01 04:23:49 -------- d-----w- C:\Program Files\ASRock Utility
2013-01-01 04:23:36 34752 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys
2013-01-01 04:22:40 -------- d-----w- C:\Program Files (x86)\ASM106xSATA
2013-01-01 04:22:32 16152 ----a-w- C:\Windows\System32\drivers\iusb3hcs.sys
2013-01-01 04:22:25 356120 ----a-w- C:\Windows\System32\drivers\iusb3hub.sys
2013-01-01 04:22:24 787736 ----a-w- C:\Windows\System32\drivers\iusb3xhc.sys
2013-01-01 04:21:36 15128 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
2013-01-01 04:21:21 -------- d-sh--w- C:\Windows\Installer
2013-01-01 04:21:14 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2013-01-01 04:21:12 60184 ----a-w- C:\Windows\System32\drivers\HECIx64.sys
2013-01-01 04:20:57 -------- d-----w- C:\Users\M13\AppData\Roaming\Intel Corporation
2013-01-01 04:20:24 568600 ----a-w- C:\Windows\System32\drivers\iaStor.sys
2013-01-01 04:18:19 53248 ----a-r- C:\Windows\SysWow64\CSVer.dll
2013-01-01 04:18:15 -------- d-----w- C:\Intel
2012-12-31 21:49:45 -------- d-----w- C:\Windows\Panther
2012-12-31 19:52:51 -------- d-sh--w- C:\Recovery
.
==================== Find3M ====================
.
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-14 18:04:43 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-11-14 18:04:43 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-11-14 18:04:43 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-11-14 18:04:43 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-11-14 18:03:05 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-11-14 18:03:05 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-11-14 18:03:05 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2012-11-14 18:03:05 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-11-14 18:03:05 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-11-14 18:03:05 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-11-14 18:03:05 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-11-14 18:03:05 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-11-14 18:03:05 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-11-14 18:03:05 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-11-14 18:03:05 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-11-14 18:03:05 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-11-14 18:02:41 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-11-14 18:02:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-11-14 18:02:22 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-11-14 18:02:22 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-11-14 18:02:02 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-11-14 18:02:02 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-11-14 18:01:43 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-11-14 18:01:04 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-11-14 18:01:04 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-11-14 18:00:44 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-11-14 18:00:44 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-11-14 18:00:06 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-11-14 17:58:21 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-11-14 17:58:21 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-11-14 17:57:59 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-11-14 17:57:59 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-11-14 17:57:59 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-11-14 17:57:35 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-11-14 17:57:35 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-11-14 17:57:35 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-11-14 17:57:35 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-11-14 17:57:35 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-11-14 17:57:35 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-11-14 17:57:13 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-11-14 17:57:13 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-11-14 17:56:33 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-11-14 17:56:14 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-11-14 17:56:14 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-11-14 17:55:55 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-11-14 17:55:36 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-11-14 17:55:36 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-11-14 17:55:36 136704 ----a-w- C:\Windows\System32\browser.dll
2012-11-14 17:55:15 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-11-14 17:55:15 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-11-14 17:54:52 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-11-14 17:54:52 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-11-14 17:53:38 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-11-14 17:52:35 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-11-14 17:51:02 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-11-14 17:51:02 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-11-14 17:51:02 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-11-14 17:50:40 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-11-14 17:50:40 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-11-14 17:50:40 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-11-14 17:50:40 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-11-14 17:50:40 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-11-14 17:50:40 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-11-14 17:49:47 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-11-14 17:49:47 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-11-14 17:49:06 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-11-14 17:49:06 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-11-14 17:47:17 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-11-14 17:47:17 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-11-14 17:46:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-11-14 17:46:57 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-11-14 17:46:57 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-11-14 17:46:57 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-11-14 17:46:57 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-11-14 17:46:37 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-11-14 17:46:37 67072 ----a-w- C:\Windows\splwow64.exe
2012-11-14 17:46:37 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-11-14 17:46:37 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-11-14 17:45:55 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-11-14 17:45:36 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-11-14 17:45:36 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-11-14 17:44:51 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-11-14 17:44:51 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-11-14 17:44:25 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-11-14 17:44:25 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-11-14 17:44:05 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-11-14 17:44:05 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-11-14 17:44:05 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-11-14 17:43:42 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2012-11-14 17:43:04 723456 ----a-w- C:\Windows\System32\EncDec.dll
2012-11-14 17:43:04 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-11-14 17:42:26 40448 ----a-w- C:\Windows\System32\drivers\modem.sys
2012-11-14 17:42:26 321536 ----a-w- C:\Windows\System32\unimdm.tsp
2012-11-14 17:42:26 281088 ----a-w- C:\Windows\SysWow64\unimdm.tsp
2012-11-14 17:38:51 395776 ----a-w- C:\Windows\System32\webio.dll
.
============= FINISH: 15:32:24.85 ===============

Protection Log:

2013/01/01 00:21:42 -0600 M13-PC M13 MESSAGE Starting protection
2013/01/01 00:21:42 -0600 M13-PC M13 MESSAGE Protection started successfully
2013/01/01 00:21:42 -0600 M13-PC M13 MESSAGE Starting IP protection
2013/01/01 00:21:44 -0600 M13-PC M13 MESSAGE IP Protection started successfully
2013/01/01 01:16:35 -0600 M13-PC M13 MESSAGE Executing scheduled update: Daily
2013/01/01 01:16:46 -0600 M13-PC M13 MESSAGE Scheduled update executed successfully: database updated from version v2013.01.01.01 to version v2013.01.01.02
2013/01/01 01:16:46 -0600 M13-PC M13 MESSAGE Starting database refresh
2013/01/01 01:16:47 -0600 M13-PC M13 MESSAGE Stopping IP protection
2013/01/01 01:16:47 -0600 M13-PC M13 MESSAGE IP Protection stopped successfully
2013/01/01 01:16:50 -0600 M13-PC M13 MESSAGE Database refreshed successfully
2013/01/01 01:16:50 -0600 M13-PC M13 MESSAGE Starting IP protection
2013/01/01 01:16:51 -0600 M13-PC M13 MESSAGE IP Protection started successfully
2013/01/01 06:26:04 -0600 M13-PC M13 IP-BLOCK 222.170.125.110 (Type: outgoing, Port: 49549, Process: pmb.exe)
2013/01/01 06:26:44 -0600 M13-PC M13 IP-BLOCK 222.170.125.110 (Type: outgoing, Port: 49679, Process: pmb.exe)
2013/01/01 06:31:24 -0600 M13-PC M13 IP-BLOCK 180.70.9.113 (Type: outgoing, Port: 50492, Process: pmb.exe)
2013/01/01 06:31:48 -0600 M13-PC M13 IP-BLOCK 180.70.9.113 (Type: outgoing, Port: 50590, Process: pmb.exe)
2013/01/01 06:39:24 -0600 M13-PC M13 IP-BLOCK 222.69.215.103 (Type: incoming, Port: 57639, Process: pmb.exe)
2013/01/01 06:39:24 -0600 M13-PC M13 IP-BLOCK 222.69.215.103 (Type: incoming, Port: 57639, Process: pmb.exe)
2013/01/01 06:39:32 -0600 M13-PC M13 IP-BLOCK 222.69.215.103 (Type: incoming, Port: 57639, Process: pmb.exe)
2013/01/01 06:53:08 -0600 M13-PC M13 IP-BLOCK 180.70.9.113 (Type: incoming, Port: 57639, Process: pmb.exe)
2013/01/01 06:53:16 -0600 M13-PC M13 IP-BLOCK 180.70.9.113 (Type: incoming, Port: 57639, Process: pmb.exe)
2013/01/01 06:53:16 -0600 M13-PC M13 IP-BLOCK 180.70.9.113 (Type: incoming, Port: 57639, Process: pmb.exe)
2013/01/01 07:00:20 -0600 M13-PC M13 IP-BLOCK 121.125.167.96 (Type: outgoing, Port: 56486, Process: pmb.exe)
2013/01/01 07:00:44 -0600 M13-PC M13 IP-BLOCK 222.69.215.103 (Type: outgoing, Port: 56591, Process: pmb.exe)
2013/01/01 07:01:48 -0600 M13-PC M13 IP-BLOCK 89.28.82.55 (Type: outgoing, Port: 56823, Process: pmb.exe)
2013/01/01 07:12:20 -0600 M13-PC M13 IP-BLOCK 89.28.82.55 (Type: outgoing, Port: 59121, Process: pmb.exe)
2013/01/01 07:33:00 -0600 M13-PC M13 IP-BLOCK 222.69.215.103 (Type: incoming, Port: 57639, Process: pmb.exe)
2013/01/01 07:33:08 -0600 M13-PC M13 IP-BLOCK 222.69.215.103 (Type: incoming, Port: 57639, Process: pmb.exe)
2013/01/01 07:33:16 -0600 M13-PC M13 IP-BLOCK 222.69.215.103 (Type: incoming, Port: 57639, Process: pmb.exe)
2013/01/01 07:34:20 -0600 M13-PC M13 IP-BLOCK 121.125.138.156 (Type: incoming, Port: 57639, Process: pmb.exe)
2013/01/01 07:34:28 -0600 M13-PC M13 IP-BLOCK 121.125.138.156 (Type: incoming, Port: 57639, Process: pmb.exe)
2013/01/01 07:34:28 -0600 M13-PC M13 IP-BLOCK 121.125.138.156 (Type: incoming, Port: 57639, Process: pmb.exe)
2013/01/01 07:39:24 -0600 M13-PC M13 IP-BLOCK 121.125.167.96 (Type: outgoing, Port: 64453, Process: pmb.exe)
2013/01/01 07:41:24 -0600 M13-PC M13 IP-BLOCK 121.125.138.156 (Type: outgoing, Port: 64909, Process: pmb.exe)
2013/01/01 07:43:24 -0600 M13-PC M13 IP-BLOCK 219.153.189.230 (Type: incoming, Port: 57639, Process: pmb.exe)
2013/01/01 07:43:32 -0600 M13-PC M13 IP-BLOCK 219.153.189.230 (Type: incoming, Port: 57639, Process: pmb.exe)
2013/01/01 07:43:32 -0600 M13-PC M13 IP-BLOCK 219.153.189.230 (Type: incoming, Port: 57639, Process: pmb.exe)
2013/01/01 07:46:04 -0600 M13-PC M13 IP-BLOCK 218.9.120.250 (Type: outgoing, Port: 49724, Process: pmb.exe)
2013/01/01 07:46:36 -0600 M13-PC M13 IP-BLOCK 121.125.138.156 (Type: outgoing, Port: 49832, Process: pmb.exe)
2013/01/01 07:52:28 -0600 M13-PC M13 IP-BLOCK 89.28.82.55 (Type: outgoing, Port: 51091, Process: pmb.exe)
2013/01/01 08:13:00 -0600 M13-PC M13 IP-BLOCK 219.153.189.230 (Type: incoming, Port: 57639, Process: pmb.exe)
2013/01/01 08:13:00 -0600 M13-PC M13 IP-BLOCK 219.153.189.230 (Type: incoming, Port: 57639, Process: pmb.exe)
2013/01/01 08:13:08 -0600 M13-PC M13 IP-BLOCK 219.153.189.230 (Type: incoming, Port: 57639, Process: pmb.exe)
2013/01/01 08:15:16 -0600 M13-PC M13 IP-BLOCK 109.95.112.34 (Type: outgoing, Port: 54083, Process: pmb.exe)
2013/01/01 08:15:32 -0600 M13-PC M13 IP-BLOCK 109.95.112.34 (Type: outgoing, Port: 54119, Process: pmb.exe)
2013/01/01 08:15:48 -0600 M13-PC M13 IP-BLOCK 109.95.112.34 (Type: outgoing, Port: 54139, Process: pmb.exe)
2013/01/01 08:16:04 -0600 M13-PC M13 IP-BLOCK 109.95.112.34 (Type: outgoing, Port: 54158, Process: pmb.exe)
2013/01/01 08:16:44 -0600 M13-PC M13 IP-BLOCK 109.95.112.34 (Type: outgoing, Port: 54191, Process: pmb.exe)
2013/01/01 08:17:56 -0600 M13-PC M13 IP-BLOCK 109.95.112.34 (Type: outgoing, Port: 54241, Process: pmb.exe)
2013/01/01 08:29:00 -0600 M13-PC M13 IP-BLOCK 89.28.82.55 (Type: outgoing, Port: 55476, Process: pmb.exe)
2013/01/01 08:29:56 -0600 M13-PC M13 IP-BLOCK 89.28.82.55 (Type: outgoing, Port: 55564, Process: pmb.exe)
2013/01/01 08:30:36 -0600 M13-PC M13 IP-BLOCK 89.28.82.55 (Type: outgoing, Port: 55612, Process: pmb.exe)
2013/01/01 08:31:00 -0600 M13-PC M13 IP-BLOCK 89.28.82.55 (Type: outgoing, Port: 55654, Process: pmb.exe)
2013/01/01 09:18:11 -0600 M13-PC M13 MESSAGE Starting protection
2013/01/01 09:18:11 -0600 M13-PC M13 MESSAGE Protection started successfully
2013/01/01 09:18:11 -0600 M13-PC M13 MESSAGE Starting IP protection
2013/01/01 09:18:12 -0600 M13-PC M13 MESSAGE IP Protection started successfully
2013/01/01 09:22:03 -0600 M13-PC M13 IP-BLOCK 219.151.133.182 (Type: outgoing, Port: 49918, Process: pmb.exe)
2013/01/01 09:49:55 -0600 M13-PC M13 IP-BLOCK 222.170.125.110 (Type: outgoing, Port: 56126, Process: pmb.exe)
2013/01/01 10:19:25 -0600 M13-PC M13 IP-BLOCK 222.170.125.110 (Type: incoming, Port: 57639, Process: pmb.exe)

January 1, 2013

I just completed a fresh install, This is the third time I have done a fresh install on my system within a period of 6 months. This third install, I noticed that Malwarebytes started to block out going IP's. I have not tried leaving my browser closed to see if Malwarebytes gets a hit. i am not sure if the blocked IP's are because of a malacious program.

attach.txt

dds.txt

Sign In

mirkd

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Posts posted by mirkd

Fresh Install, After installing Malwarebytes, Receiving blocked IP's

Fresh Install, After installing Malwarebytes, Receiving blocked IP's

Fresh Install, After installing Malwarebytes, Receiving blocked IP's

Fresh Install, After installing Malwarebytes, Receiving blocked IP's

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information