Whitespace
Members-
Posts
8 -
Joined
-
Last visited
Reputation
0 Neutral-
IP-blocks from svchost.exe
Whitespace replied to Whitespace's topic in Resolved Malware Removal Logs
I see. Thank you for your help and explanation. -
IP-blocks from svchost.exe
Whitespace replied to Whitespace's topic in Resolved Malware Removal Logs
These are the logs from the last three days. 23/9/2013 2013/09/23 00:08:44 +0800 HP-HP gfdghhshdhfg IP-BLOCK 210.205.6.66 (Type: incoming, Port: 5994, Process: svchost.exe)2013/09/23 00:12:45 +0800 HP-HP gfdghhshdhfg IP-BLOCK 89.248.168.224 (Type: incoming, Port: 123, Process: svchost.exe)2013/09/23 00:12:45 +0800 HP-HP gfdghhshdhfg IP-BLOCK 89.248.168.224 (Type: incoming, Port: 123, Process: svchost.exe)2013/09/23 00:12:45 +0800 HP-HP gfdghhshdhfg IP-BLOCK 89.248.168.224 (Type: incoming, Port: 123, Process: svchost.exe)2013/09/23 01:06:51 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.246 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/23 08:17:00 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/23 08:17:00 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/23 08:28:35 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/23 08:48:35 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.88 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/23 09:38:54 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/23 09:38:54 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/23 10:02:44 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/23 10:47:31 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.69 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/23 10:47:32 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.69 (Type: incoming, Port: 1174, Process: svchost.exe)2013/09/23 11:02:51 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.233 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/23 11:26:47 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/23 11:38:43 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/23 11:38:43 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/23 12:14:31 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/23 12:14:33 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/23 13:01:45 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/23 14:00:16 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/23 14:36:08 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.233 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/23 15:11:30 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/23 15:58:15 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/23 16:33:31 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/23 18:32:33 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/23 18:44:41 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/23 18:45:45 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.57 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/23 18:45:45 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.57 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/23 19:49:07 +0800 HP-HP gfdghhshdhfg IP-BLOCK 94.102.51.196 (Type: incoming, Port: 19, Process: svchost.exe)2013/09/23 20:01:12 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/23 20:01:12 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/23 20:14:30 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/23 20:22:15 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.11.211 (Type: incoming, Port: 1433, Process: svchost.exe)2013/09/23 20:22:16 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.11.211 (Type: incoming, Port: 1433, Process: svchost.exe)2013/09/23 20:30:19 +0800 HP-HP gfdghhshdhfg IP-BLOCK 42.2.151.79 (Type: incoming, Port: 7466, Process: svchost.exe)2013/09/23 20:30:19 +0800 HP-HP gfdghhshdhfg IP-BLOCK 42.2.151.79 (Type: incoming, Port: 7466, Process: svchost.exe)2013/09/23 20:30:27 +0800 HP-HP gfdghhshdhfg IP-BLOCK 42.2.151.79 (Type: incoming, Port: 7466, Process: svchost.exe)2013/09/23 22:40:57 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.88 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/23 22:48:03 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.233 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/23 23:03:51 +0800 HP-HP gfdghhshdhfg IP-BLOCK 46.166.168.105 (Type: incoming, Port: 3389, Process: svchost.exe)2013/09/23 23:47:29 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/23 23:59:14 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 1998, Process: svchost.exe) 22/9/2013 2013/09/22 08:55:25 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/22 09:07:06 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/22 09:18:36 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/22 09:30:15 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/22 10:16:57 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.233 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/22 10:52:24 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.233 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/22 11:18:21 +0800 HP-HP gfdghhshdhfg IP-BLOCK 218.8.55.109 (Type: outgoing, Port: 57345, Process: chrome.exe)2013/09/22 11:18:21 +0800 HP-HP gfdghhshdhfg IP-BLOCK 218.8.55.109 (Type: outgoing, Port: 57346, Process: chrome.exe)2013/09/22 11:18:21 +0800 HP-HP gfdghhshdhfg IP-BLOCK 218.8.55.109 (Type: outgoing, Port: 57347, Process: chrome.exe)2013/09/22 11:18:21 +0800 HP-HP gfdghhshdhfg IP-BLOCK 218.8.55.109 (Type: outgoing, Port: 57354, Process: chrome.exe)2013/09/22 14:01:29 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/22 15:25:23 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/22 17:00:57 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.233 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/22 17:12:47 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/22 17:13:11 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.88 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/22 17:24:45 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/22 17:36:46 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/22 17:48:41 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/22 18:00:45 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/22 19:10:23 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.69 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/22 19:12:49 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/22 19:36:50 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.246 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/22 21:22:27 +0800 HP-HP gfdghhshdhfg IP-BLOCK 61.160.250.96 (Type: incoming, Port: 1433, Process: svchost.exe)2013/09/22 22:04:04 +0800 HP-HP gfdghhshdhfg IP-BLOCK 37.221.170.17 (Type: outgoing, Port: 57644, Process: chrome.exe)2013/09/22 23:44:27 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/22 23:56:01 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/22 23:56:01 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe) 21/9/2013 2013/09/21 00:00:22 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/21 00:00:22 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/21 00:35:58 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 01:23:06 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.233 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 02:33:42 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 06:00:53 +0800 HP-HP (null) MESSAGE Starting protection2013/09/21 06:00:53 +0800 HP-HP (null) MESSAGE Protection started successfully2013/09/21 06:00:53 +0800 HP-HP (null) MESSAGE Starting IP protection2013/09/21 06:00:55 +0800 HP-HP (null) MESSAGE IP Protection started successfully2013/09/21 06:13:04 +0800 HP-HP gfdghhshdhfg MESSAGE Executing scheduled update: Daily2013/09/21 06:13:09 +0800 HP-HP gfdghhshdhfg MESSAGE Starting database refresh2013/09/21 06:13:09 +0800 HP-HP gfdghhshdhfg MESSAGE Stopping IP protection2013/09/21 06:13:09 +0800 HP-HP gfdghhshdhfg MESSAGE Scheduled update executed successfully: database updated from version v2013.09.20.02 to version v2013.09.20.102013/09/21 06:13:10 +0800 HP-HP gfdghhshdhfg MESSAGE IP Protection stopped successfully2013/09/21 06:13:42 +0800 HP-HP gfdghhshdhfg MESSAGE Database refreshed successfully2013/09/21 06:13:42 +0800 HP-HP gfdghhshdhfg MESSAGE Starting IP protection2013/09/21 06:13:44 +0800 HP-HP gfdghhshdhfg MESSAGE IP Protection started successfully2013/09/21 06:39:46 +0800 HP-HP gfdghhshdhfg IP-BLOCK 37.221.160.203 (Type: incoming, Port: 443, Process: pmb.exe)2013/09/21 06:39:46 +0800 HP-HP gfdghhshdhfg IP-BLOCK 37.221.160.203 (Type: incoming, Port: 443, Process: pmb.exe)2013/09/21 06:39:46 +0800 HP-HP gfdghhshdhfg IP-BLOCK 37.221.160.203 (Type: incoming, Port: 443, Process: pmb.exe)2013/09/21 07:20:57 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/21 07:32:31 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 07:55:38 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 07:55:38 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 08:41:58 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.246 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 09:05:16 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 09:05:16 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 09:05:48 +0800 HP-HP gfdghhshdhfg IP-BLOCK 93.174.93.176 (Type: incoming, Port: 53, Process: svchost.exe)2013/09/21 09:16:57 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/21 09:28:13 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.25.44 (Type: incoming, Port: 8088, Process: svchost.exe)2013/09/21 09:28:46 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 09:36:57 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.58 (Type: incoming, Port: 1174, Process: svchost.exe)2013/09/21 09:36:57 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.58 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/21 09:36:57 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.58 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 09:40:19 +0800 HP-HP gfdghhshdhfg IP-BLOCK 94.102.59.185 (Type: incoming, Port: 19, Process: svchost.exe)2013/09/21 09:44:05 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.10.7 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/21 09:52:08 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 09:55:29 +0800 HP-HP gfdghhshdhfg IP-BLOCK 94.102.59.185 (Type: incoming, Port: 19, Process: svchost.exe)2013/09/21 10:15:29 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.246 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 10:17:22 +0800 HP-HP gfdghhshdhfg IP-BLOCK 94.102.59.185 (Type: incoming, Port: 19, Process: svchost.exe)2013/09/21 10:38:42 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 10:43:32 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.25.44 (Type: incoming, Port: 8088, Process: svchost.exe)2013/09/21 10:50:22 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.233 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/21 11:25:48 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 11:35:43 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.57 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 11:35:43 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.57 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/21 12:01:23 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/21 12:13:12 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 12:13:12 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 12:25:00 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/21 12:36:49 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 12:43:15 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.25.44 (Type: incoming, Port: 8088, Process: svchost.exe)2013/09/21 13:12:26 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.233 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/21 14:11:31 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 16:54:56 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.25.44 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 16:56:16 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.246 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 17:29:57 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.88 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 18:18:31 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/21 18:30:24 +0800 HP-HP (null) MESSAGE Starting protection2013/09/21 18:30:25 +0800 HP-HP (null) MESSAGE Protection started successfully2013/09/21 18:30:25 +0800 HP-HP (null) MESSAGE Starting IP protection2013/09/21 18:30:27 +0800 HP-HP (null) MESSAGE IP Protection started successfully2013/09/21 19:19:42 +0800 HP-HP gfdghhshdhfg IP-BLOCK 218.8.51.108 (Type: outgoing, Port: 54232, Process: svchost.exe)2013/09/21 19:19:43 +0800 HP-HP gfdghhshdhfg IP-BLOCK 218.8.51.108 (Type: outgoing, Port: 54235, Process: svchost.exe)2013/09/21 21:17:53 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 21:38:22 +0800 HP-HP gfdghhshdhfg IP-BLOCK 93.174.93.176 (Type: incoming, Port: 53, Process: svchost.exe)2013/09/21 21:53:21 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/21 22:17:03 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.246 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/21 22:28:50 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 22:28:50 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 22:52:24 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 23:15:51 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 23:37:49 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.58 (Type: incoming, Port: 1174, Process: svchost.exe)2013/09/21 23:37:49 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.58 (Type: incoming, Port: 1174, Process: svchost.exe)2013/09/21 23:37:49 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.58 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/21 23:37:49 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.58 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/21 23:37:49 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.58 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 23:37:49 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.58 (Type: incoming, Port: 18186, Process: svchost.exe) -
IP-blocks from svchost.exe
Whitespace replied to Whitespace's topic in Resolved Malware Removal Logs
Most of the incoming ones are from 60.173.8.2XX (about 30 to 40), with some random ones. The outcoming ones are from 218.8.5X.10X. Should I post the logs? -
IP-blocks from svchost.exe
Whitespace replied to Whitespace's topic in Resolved Malware Removal Logs
I followed your instructions and there hasn't been any incoming IPs that are blocked. I noticed two blocked outgoing IPs two hours ago when I was doing those things though. Is that normal? -
IP-blocks from svchost.exe
Whitespace replied to Whitespace's topic in Resolved Malware Removal Logs
Thanks for the advice. Here are the logs: AdwCleaner # AdwCleaner v3.004 - Report created 21/09/2013 at 18:28:04 # Updated 15/09/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Dummy - HP-HP # Running from : C:\Users\gfdghhshdhfg\Downloads\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Deleted : \END ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16686 -\\ Mozilla Firefox v23.0.1 (zh-TW) [ File : C:\Users\gfdghhshdhfg\AppData\Roaming\Mozilla\Firefox\Profiles\w2txq83z.default\prefs.js ] [ File : C:\Users\Trololololololololol\AppData\Roaming\Mozilla\Firefox\Profiles\1xst0whj.default\prefs.js ] [ File : C:\Users\Dummy\AppData\Roaming\Mozilla\Firefox\Profiles\dt45wiuz.default\prefs.js ] [ File : C:\Users\Doppel\AppData\Roaming\Mozilla\Firefox\Profiles\n2kiayro.default\prefs.js ] ************************* AdwCleaner[R0].txt - [2104 octets] - [21/09/2013 18:22:28] AdwCleaner[s0].txt - [2033 octets] - [21/09/2013 18:28:04] ########## EOF - \AdwCleaner\AdwCleaner[s0].txt - [2093 octets] ########## SecurityCheck Results of screen317's Security Check version 0.99.73 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` BullGuard Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 29 Java 7 Update 21 Java version out of Date! Adobe Flash Player 11.8.800.168 Adobe Reader 10.1.8 Adobe Reader out of Date! Mozilla Firefox (23.0.1) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe BullGuard Ltd BullGuard Antivirus BullGuardUpdate.exe BullGuard Ltd BullGuard Antivirus BullGuardScanner.exe BullGuard Ltd BullGuard Antivirus BullGuard.exe gfdghhshdhfg Desktop Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` -
IP-blocks from svchost.exe
Whitespace replied to Whitespace's topic in Resolved Malware Removal Logs
Thanks for the replies. The scans didn't find anything obvious, but I see something called ALWIL when I'm scanning with the ESET Online Scanner. I'm not sure if this affected the scanner's performance, but I can't find this ALWIL thing so I can't disable it. Anyway, here is the log from Malwarebytes: www.malwarebytes.org Database version: v2013.09.20.02 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16686Dummy :: HP-HP [administrator] Protection: Enabled 20/9/2013 17:28:13mbam-log-2013-09-20 (17-28-13).txt Scan type: Full scan (C:\|D:\|E:\|Q:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 735606Time elapsed: 2 hour(s), 13 minute(s), 24 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) -
IP-blocks from svchost.exe
Whitespace replied to Whitespace's topic in Resolved Malware Removal Logs
ComboFix 13-09-17.01 - Dummy 09/2013 週三 18:56:16.1.4 - x64 Microsoft Windows 7 家用進階版 6.1.7601.1.950.852.3076.18.3959.642 [GMT 8:00] 執行位置: c:\users\gfdghhshdhfg\Downloads\ComboFix.exe AV: BullGuard Antivirus *Disabled/Outdated* {504FFF66-3028-EB7E-2E60-62B19ADD791C} SP: BullGuard Antispyware *Disabled/Outdated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\-\AppData\Local\Google\Chrome\User Data\Default\Preferences c:\users\gfdghhshdhfg\AppData\Local\assembly\tmp c:\users\gfdghhshdhfg\AppData\Local\Google\Chrome\User Data\Default\Preferences c:\users\gfdghhshdhfg\Documents\~WRL4101.tmp c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Preferences c:\windows\apppatch\AppLoc.exe . . ((((((((((((((((((((((((( 2013-08-18 至 2013-09-18 的新的檔案 ))))))))))))))))))))))))))))))) . . 2013-09-18 11:06 . 2013-09-18 11:06 -------- d-----w- c:\users\hedev\AppData\Local\temp 2013-09-18 11:06 . 2013-09-18 11:06 -------- d-----w- c:\users\Dummy\AppData\Local\temp 2013-09-18 11:06 . 2013-09-18 11:06 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-09-18 11:06 . 2013-09-18 11:06 -------- d-----w- c:\users\hp.hp-HP\AppData\Local\temp 2013-09-17 15:03 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C9F920F-15EF-416F-997E-66969C167C17}\mpengine.dll 2013-09-14 11:50 . 2013-09-17 11:01 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-09-11 14:50 . 2013-04-04 06:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-08-31 06:55 . 2013-08-31 06:59 -------- d-----w- c:\users\gfdghhshdhfg\AppData\Roaming\Natural Selection 2 2013-08-31 06:47 . 2013-08-31 06:47 -------- d-----w- c:\users\Dummy\AppData\Local\SCE 2013-08-25 13:34 . 2013-08-25 13:34 -------- d-----w- c:\users\Dummy\AppData\Roaming\RealNetworks 2013-08-25 13:33 . 2013-08-25 13:33 -------- d-----w- c:\program files (x86)\RealNetworks 2013-08-25 13:33 . 2013-08-25 13:33 -------- d-----w- c:\programdata\RealNetworks 2013-08-22 05:54 . 2013-08-22 05:55 -------- d-----w- c:\program files\HitmanPro 2013-08-22 05:40 . 2013-08-22 06:05 -------- d-----w- c:\programdata\HitmanPro 2013-08-22 05:34 . 2013-08-22 05:35 -------- d-----w- c:\programdata\MFAData 2013-08-22 05:34 . 2013-08-22 05:34 -------- d--h--w- c:\programdata\Common Files 2013-08-22 05:34 . 2013-08-22 05:34 -------- d-----w- c:\users\Dummy\AppData\Local\MFAData 2013-08-22 05:34 . 2013-08-22 05:34 -------- d-----w- c:\users\Dummy\AppData\Local\Avg2013 2013-08-21 11:28 . 2013-08-21 11:28 -------- d-----w- c:\users\Dummy\AppData\Local\ApplicationHistory . . . (((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-09-11 19:16 . 2011-11-27 01:53 79143768 ----a-w- c:\windows\system32\MRT.exe 2013-08-25 13:30 . 2012-06-30 13:35 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2013-08-25 13:30 . 2012-06-30 13:35 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2013-08-06 20:22 . 2011-10-08 06:52 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-08-02 01:48 . 2013-09-11 10:45 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-07-29 19:40 . 2013-07-29 19:40 0 ----a-w- c:\windows\SysWow64\sho650B.tmp 2013-07-28 02:40 . 2012-04-12 02:50 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-07-28 02:40 . 2011-09-27 14:22 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-07-25 09:25 . 2013-08-14 14:45 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-25 08:57 . 2013-08-14 14:45 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL 2013-07-20 10:55 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-07-19 01:58 . 2013-08-14 14:46 2048 ----a-w- c:\windows\system32\tzres.dll 2013-07-19 01:41 . 2013-08-14 14:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2013-07-18 17:16 . 2013-07-18 17:16 0 ----a-w- c:\windows\SysWow64\sho8616.tmp 2013-07-17 19:01 . 2013-07-17 19:01 0 ----a-w- c:\windows\SysWow64\sho66EA.tmp 2013-07-09 05:52 . 2013-08-14 14:47 224256 ----a-w- c:\windows\system32\wintrust.dll 2013-07-09 05:51 . 2013-08-14 14:45 1217024 ----a-w- c:\windows\system32\rpcrt4.dll 2013-07-09 05:46 . 2013-08-14 14:47 1472512 ----a-w- c:\windows\system32\crypt32.dll 2013-07-09 05:46 . 2013-08-14 14:47 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-07-09 05:46 . 2013-08-14 14:47 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-07-09 04:52 . 2013-08-14 14:45 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll 2013-07-09 04:52 . 2013-08-14 14:47 175104 ----a-w- c:\windows\SysWow64\wintrust.dll 2013-07-09 04:46 . 2013-08-14 14:47 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-07-09 04:46 . 2013-08-14 14:47 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-07-09 04:46 . 2013-08-14 14:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-07-06 06:03 . 2013-08-14 14:44 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-07-05 18:53 . 2013-07-05 18:53 0 ----a-w- c:\windows\SysWow64\sho702A.tmp 2013-07-04 23:32 . 2013-07-04 23:32 0 ----a-w- c:\windows\SysWow64\sho11DE.tmp 2013-06-30 01:46 . 2013-06-30 01:46 0 ----a-w- c:\windows\SysWow64\shoB46F.tmp 2013-06-26 11:21 . 2013-06-26 11:21 23208 ----a-w- c:\windows\system32\drivers\Sftvollh.sys 2013-06-26 11:21 . 2013-06-26 11:21 28840 ----a-w- c:\windows\system32\drivers\Sftredirlh.sys 2013-06-26 11:21 . 2013-06-26 11:21 273576 ----a-w- c:\windows\system32\drivers\Sftplaylh.sys 2013-06-26 11:21 . 2013-06-26 11:21 1777320 ----a-w- c:\windows\system32\sftldr.dll 2013-06-26 11:21 . 2013-06-26 11:21 1130664 ----a-w- c:\windows\SysWow64\sftldr_wow64.dll 2013-06-26 11:21 . 2013-06-26 11:21 767144 ----a-w- c:\windows\system32\drivers\Sftfslh.sys 2013-06-24 23:17 . 2013-06-24 23:17 0 ----a-w- c:\windows\SysWow64\sho88E6.tmp 2013-06-23 16:26 . 2013-06-23 16:26 0 ----a-w- c:\windows\SysWow64\sho9F5F.tmp 2013-06-22 20:00 . 2013-06-22 20:00 0 ----a-w- c:\windows\SysWow64\shoB822.tmp . . ((((((((((((((((((((((((((((((((((((( 重要登入點 )))))))))))))))))))))))))))))))))))))))))))))))))) . . *注意* 空白與合法缺省登錄將不會被顯示 REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "MsgCenterExe"="c:\program files (x86)\real\realplayer\update\RealOneMessageCenter.exe" [2013-08-25 83072] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe" [2010-07-21 2095616] "BATINDICATORHL"="c:\program files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe" [2010-07-23 557056] "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-10-22 895512] "IME14 CHT Setup"="c:\progra~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2012-03-13 81200] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320] "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-08-25 295512] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes Anti-Malware"="c:\users\gfdghhshdhfg\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040] "Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2013-04-04 1127496] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e00d0404] IME File REG_SZ IMTCC14.IME . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e00e0404] IME File REG_SZ IMTCQ14.IME . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e00f0404] IME File REG_SZ IMTCJ14.IME . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 BgRaSvc;BgRaSvc;c:\program files\BullGuard Ltd\BullGuard Antivirus\Support\BgRaSvc.exe;c:\program files\BullGuard Ltd\BullGuard Antivirus\Support\BgRaSvc.exe [x] R3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows 啟用技術服務;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S1 BdSpy;BdSpy;c:\windows\system32\DRIVERS\BdSpy.sys;c:\windows\SYSNATIVE\DRIVERS\BdSpy.sys [x] S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [x] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 BsBrowser;BullGuard antiphishing service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x] S2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x] S2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x] S2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x] S2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard Antivirus\BullGuardUpdate.exe;c:\program files\BullGuard Ltd\BullGuard Antivirus\BullGuardUpdate.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x] S2 ImeDictUpdateService;Microsoft IME Dictionary Update;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [x] S2 MBAMScheduler;MBAMScheduler;c:\users\gfdghhshdhfg\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\users\gfdghhshdhfg\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\users\gfdghhshdhfg\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe;c:\users\gfdghhshdhfg\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x] S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x] S3 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard Antivirus\BullGuardScanner.exe;c:\program files\BullGuard Ltd\BullGuard Antivirus\BullGuardScanner.exe [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . ‘計劃任務’ 文件夾 裡的內容 . 2013-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-05 10:53] . 2013-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-05 10:53] . 2013-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-423791886-1600473386-2339945710-1001Core.job - c:\users\gfdghhshdhfg\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-05 10:51] . 2013-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-423791886-1600473386-2339945710-1001UA.job - c:\users\gfdghhshdhfg\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-05 10:51] . 2013-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-423791886-1600473386-2339945710-1008Core.job - c:\users\-\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-10 16:58] . 2013-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-423791886-1600473386-2339945710-1008UA.job - c:\users\-\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-10 16:58] . 2013-08-20 c:\windows\Tasks\HPCeeScheduleForgfdghhshdhfg.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . 2013-08-27 c:\windows\Tasks\HPCeeScheduleForHP-HP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-13 11046504] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896] "BullGuard"="c:\program files\BullGuard Ltd\BullGuard Antivirus\bullguard.exe" [2011-10-04 2148664] "IME14 CHT Setup"="c:\progra~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2012-03-13 110896] . ------- 而外的掃描 ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm LSP: c:\windows\system32\BGLsp.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.8.1 TCP: Interfaces\{2366C26E-B6ED-4F6C-B00D-8F3E71CF3A8E}: NameServer = 203.198.23.208 218.102.32.208 TCP: Interfaces\{2FC9F5EA-3143-44E7-AC3A-069298D7F349}: NameServer = 203.198.23.208 218.102.32.208 FF - ProfilePath - c:\users\Dummy\AppData\Roaming\Mozilla\Firefox\Profiles\dt45wiuz.default\ . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start AddRemove-Katawa Shoujo - c:\users\gfdghhshdhfg\Desktop\Katawa Shoujo\Uninstall Katawa Shoujo.exe AddRemove-Strange Adventures in Infinite Space - c:\users\gfdghhshdhfg\Desktop\uninstall.exe AddRemove-{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8} - c:\program files (x86)\InstallShield Installation Information\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}\setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . 完成時間: 2013-09-18 19:09:09 ComboFix-quarantined-files.txt 2013-09-18 11:09 . Pre-Run: 745,043,304,448 bytes free Post-Run: 749,323,616,256 bytes free . - - End Of File - - 419ADF378BC2ECA850F5AA4694296E93 -
Hello. Malwarebytes has blocked multiple incoming IPs with similar addresses and some outgoing IPs from svchost.exe since I downloaded the trial 10 days ago. Scans from my antivirus and Malwarebytes have turned up nothing. I am worried it might be a sign of infection. Could you please take a look at the logs? DDS.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16686 BrowserJavaVersion: 10.21.2Run by Dummy at 15:43:33 on 2013-09-20Microsoft Windows 7 家用進階版 6.1.7601.1.950.852.3076.18.3959.528 [GMT 8:00].AV: BullGuard Antivirus *Enabled/Updated* {504FFF66-3028-EB7E-2E60-62B19ADD791C}SP: BullGuard Antispyware *Enabled/Updated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files\HitmanPro\hmpsched.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\nvvsvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Realtek\Audio\HDA\AERTSr64.EXEC:\Windows\SysWOW64\svchost.exe -k AkamaiC:\Windows\System32\SvcHost.exe -k BullGuard_LowPrivC:\Windows\System32\SvcHost.exe -k BullGuardC:\Windows\System32\SvcHost.exe -k BullGuard_MainC:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exeC:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exeC:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXEc:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Users\gfdghhshdhfg\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Users\gfdghhshdhfg\Desktop\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\PDF Complete\pdfsvc.exeC:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\BullGuard Ltd\BullGuard Antivirus\BullGuardUpdate.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exeC:\Users\gfdghhshdhfg\Desktop\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXEC:\Windows\system32\taskeng.exeC:\Program Files\BullGuard Ltd\BullGuard Antivirus\BullGuardScanner.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exeC:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exeC:\Program Files\BullGuard Ltd\BullGuard Antivirus\BullGuard.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Users\gfdghhshdhfg\AppData\Local\Akamai\netsession_win.exeC:\Program Files (x86)\Pando Networks\Media Booster\PMB.exeC:\Users\gfdghhshdhfg\AppData\Local\Akamai\netsession_win.exeC:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exeC:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exeC:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exeC:\Program Files (x86)\Real\RealPlayer\Update\realsched.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Program Files (x86)\Steam\Steam.exeC:\Program Files (x86)\Common Files\Steam\SteamService.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Windows\system32\taskmgr.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllBHO: BGAntiphishingBHO Class: {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard Antivirus\Files32\Antiphishing\IE\BGAntiphishingIEBHO.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dlluRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunuRun: [MsgCenterExe] "c:\program files (x86)\real\realplayer\update\RealOneMessageCenter.exe" -osbootmRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exemRun: [bATINDICATORHL] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exemRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exemRun: [iME14 CHT Setup] C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /LogmRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osbootmRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRunOnce: [Malwarebytes Anti-Malware] C:\Users\gfdghhshdhfg\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentmRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScriptuPolicies-Explorer: NoDriveTypeAutoRun = dword:145uPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDrives = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard Antivirus\Files32\Antiphishing\IE\BGAntiphishingIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllLSP: C:\Windows\System32\BGLsp.dllTrusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comTCP: NameServer = 192.168.8.1TCP: Interfaces\{2366C26E-B6ED-4F6C-B00D-8F3E71CF3A8E} : NameServer = 203.198.23.208 218.102.32.208TCP: Interfaces\{2FC9F5EA-3143-44E7-AC3A-069298D7F349} : NameServer = 203.198.23.208 218.102.32.208TCP: Interfaces\{A30A7FB0-4481-4DE3-89A5-52BB9855B80C} : DHCPNameServer = 192.168.8.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-BHO: BGAntiphishingBHO Class: {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard Antivirus\Antiphishing\IE\BGAntiphishingIEBHO.dllx64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dllx64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exex64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /backgroundx64-Run: [bullGuard] "C:\Program Files\BullGuard Ltd\BullGuard Antivirus\bullguard.exe" -bootx64-Run: [iME14 CHT Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Logx64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard Antivirus\Antiphishing\IE\BGAntiphishingIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Dummy\AppData\Roaming\Mozilla\Firefox\Profiles\dt45wiuz.default\.============= SERVICES / DRIVERS ===============.R1 BdSpy;BdSpy;C:\Windows\System32\drivers\BdSpy.sys [2010-3-12 63712]R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-5-27 56344]R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-5-27 172632]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-9-11 25928]R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-5-27 1002848]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-5-27 408680]R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]S3 clwvd;HP Webcam Splitter;C:\Windows\System32\drivers\clwvd.sys [2010-9-4 31088]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-10-9 59392].=============== Created Last 30 ================.2013-09-19 12:18:12 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1C9F920F-15EF-416F-997E-66969C167C17}\offreg.dll2013-09-18 14:05:44 -------- d-sh--w- C:\$RECYCLE.BIN2013-09-18 12:59:32 -------- d-----w- C:\Program Files (x86)\ESET2013-09-18 11:09:11 -------- d-----w- C:\Users\Dummy\AppData\Local\temp2013-09-17 15:03:56 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1C9F920F-15EF-416F-997E-66969C167C17}\mpengine.dll2013-09-14 11:50:51 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-09-11 14:50:20 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-09-03 13:53:52 187248 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll2013-08-31 06:47:36 -------- d-----w- C:\Users\Dummy\AppData\Local\SCE2013-08-25 13:34:12 -------- d-----w- C:\Users\Dummy\AppData\Roaming\RealNetworks2013-08-25 13:33:16 -------- d-----w- C:\Program Files (x86)\RealNetworks2013-08-25 13:33:08 -------- d-----w- C:\ProgramData\RealNetworks2013-08-23 15:14:49 91544 ----a-w- C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll2013-08-22 05:54:57 -------- d-----w- C:\Program Files\HitmanPro2013-08-22 05:40:23 -------- d-----w- C:\ProgramData\HitmanPro2013-08-22 05:34:02 -------- d--h--w- C:\ProgramData\Common Files2013-08-22 05:34:02 -------- d-----w- C:\Users\Dummy\AppData\Local\MFAData2013-08-22 05:34:02 -------- d-----w- C:\Users\Dummy\AppData\Local\Avg20132013-08-22 05:34:02 -------- d-----w- C:\ProgramData\MFAData2013-08-21 11:28:23 -------- d-----w- C:\Users\Dummy\AppData\Local\ApplicationHistory.==================== Find3M ====================.2013-09-19 20:14:45 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-09-19 20:14:45 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-08-25 13:30:32 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll2013-08-25 13:30:32 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys2013-08-06 20:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll2013-07-29 19:40:55 0 ----a-w- C:\Windows\SysWow64\sho650B.tmp2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2013-07-18 17:16:44 0 ----a-w- C:\Windows\SysWow64\sho8616.tmp2013-07-17 19:01:44 0 ----a-w- C:\Windows\SysWow64\sho66EA.tmp2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-07-05 18:53:29 0 ----a-w- C:\Windows\SysWow64\sho702A.tmp2013-07-04 23:32:26 0 ----a-w- C:\Windows\SysWow64\sho11DE.tmp2013-06-30 01:46:01 0 ----a-w- C:\Windows\SysWow64\shoB46F.tmp2013-06-26 11:21:50 23208 ----a-w- C:\Windows\System32\drivers\Sftvollh.sys2013-06-26 11:21:48 28840 ----a-w- C:\Windows\System32\drivers\Sftredirlh.sys2013-06-26 11:21:46 273576 ----a-w- C:\Windows\System32\drivers\Sftplaylh.sys2013-06-26 11:21:46 1777320 ----a-w- C:\Windows\System32\sftldr.dll2013-06-26 11:21:46 1130664 ----a-w- C:\Windows\SysWow64\sftldr_wow64.dll2013-06-26 11:21:44 767144 ----a-w- C:\Windows\System32\drivers\Sftfslh.sys2013-06-24 23:17:55 0 ----a-w- C:\Windows\SysWow64\sho88E6.tmp2013-06-23 16:26:23 0 ----a-w- C:\Windows\SysWow64\sho9F5F.tmp2013-06-22 20:00:41 0 ----a-w- C:\Windows\SysWow64\shoB822.tmp.============= FINISH: 15:44:49.78 =============== Attached.txt .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 家用進階版 Boot Device: \Device\HarddiskVolume1Install Date: 4/8/2011 16:41:08System Uptime: 20/9/2013 6:41:18 (9 hours ago).Motherboard: Hewlett-Packard | | 2AA6Processor: Intel® Core i3 CPU 560 @ 3.33GHz | CPU 1 | 2266/133mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 916 GiB total, 705.631 GiB free.D: is FIXED (NTFS) - 15 GiB total, 1.89 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}Description: USB 視訊裝置Device ID: USB\VID_04F2&PID_B2B2&MI_00\7&2BE61223&0&0000Manufacturer: MicrosoftName: USB WebcamPNP Device ID: USB\VID_04F2&PID_B2B2&MI_00\7&2BE61223&0&0000Service: usbvideo.Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}Description: HP Webcam SplitterDevice ID: ROOT\MEDIA\0000Manufacturer: CyberLinkName: HP Webcam SplitterPNP Device ID: ROOT\MEDIA\0000Service: clwvd.==== System Restore Points ===================.RP260: 18/9/2013 20:55:32 - ComboFix created restore point.==== Installed Programs ======================.7-Zip 9.20 (x64 edition)ABBYY FineReader 9.0 SprintActiveCheck component for HP Active Support LibraryAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.8)Agatha Christie - Peril at End HouseAkamai NetSession InterfaceAlien SwarmBejeweled 2 DeluxeBing BarBing Rewards Client InstallerBlackhawk Striker 2Blasterball 3Bounce SymphonyBuild Your Own Net Dream (remove only)BullGuard Antivirus 9.0BYONDCake ManiaChampions Online: Free For AllChuzzle DeluxeCounter-Strike Online 客戶端CyberLink DVD Suite DeluxeD3DX10Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDora's World AdventureDragons ProphetDVD Menu Pack for HP MediaSmart VideoEpson Easy Photo Print 2Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)Epson Event ManagerEPSON ME 330 Series 用?指南EPSON ScanESET Online Scanner v3