[IP-blocks from svchost.exe]

I see. Thank you for your help and explanation.

[IP-blocks from svchost.exe]

These are the logs from the last three days.

 

23/9/2013

 

2013/09/23 00:08:44 +0800 HP-HP gfdghhshdhfg IP-BLOCK 210.205.6.66 (Type: incoming, Port: 5994, Process: svchost.exe)

2013/09/23 00:12:45 +0800 HP-HP gfdghhshdhfg IP-BLOCK 89.248.168.224 (Type: incoming, Port: 123, Process: svchost.exe)

2013/09/23 00:12:45 +0800 HP-HP gfdghhshdhfg IP-BLOCK 89.248.168.224 (Type: incoming, Port: 123, Process: svchost.exe)

2013/09/23 00:12:45 +0800 HP-HP gfdghhshdhfg IP-BLOCK 89.248.168.224 (Type: incoming, Port: 123, Process: svchost.exe)

2013/09/23 01:06:51 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.246 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/23 08:17:00 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 1998, Process: svchost.exe)

2013/09/23 08:17:00 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 1998, Process: svchost.exe)

2013/09/23 08:28:35 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/23 08:48:35 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.88 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/23 09:38:54 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/23 09:38:54 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/23 10:02:44 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/23 10:47:31 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.69 (Type: incoming, Port: 1998, Process: svchost.exe)

2013/09/23 10:47:32 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.69 (Type: incoming, Port: 1174, Process: svchost.exe)

2013/09/23 11:02:51 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.233 (Type: incoming, Port: 1998, Process: svchost.exe)

2013/09/23 11:26:47 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 1998, Process: svchost.exe)

2013/09/23 11:38:43 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/23 11:38:43 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/23 12:14:31 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 1998, Process: svchost.exe)

2013/09/23 12:14:33 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 1998, Process: svchost.exe)

2013/09/23 13:01:45 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 1998, Process: svchost.exe)

2013/09/23 14:00:16 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/23 14:36:08 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.233 (Type: incoming, Port: 1998, Process: svchost.exe)

2013/09/23 15:11:30 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/23 15:58:15 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/23 16:33:31 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 1998, Process: svchost.exe)

2013/09/23 18:32:33 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 1998, Process: svchost.exe)

2013/09/23 18:44:41 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/23 18:45:45 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.57 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/23 18:45:45 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.57 (Type: incoming, Port: 1998, Process: svchost.exe)

2013/09/23 19:49:07 +0800 HP-HP gfdghhshdhfg IP-BLOCK 94.102.51.196 (Type: incoming, Port: 19, Process: svchost.exe)

2013/09/23 20:01:12 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/23 20:01:12 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/23 20:14:30 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 1998, Process: svchost.exe)

2013/09/23 20:22:15 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.11.211 (Type: incoming, Port: 1433, Process: svchost.exe)

2013/09/23 20:22:16 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.11.211 (Type: incoming, Port: 1433, Process: svchost.exe)

2013/09/23 20:30:19 +0800 HP-HP gfdghhshdhfg IP-BLOCK 42.2.151.79 (Type: incoming, Port: 7466, Process: svchost.exe)

2013/09/23 20:30:19 +0800 HP-HP gfdghhshdhfg IP-BLOCK 42.2.151.79 (Type: incoming, Port: 7466, Process: svchost.exe)

2013/09/23 20:30:27 +0800 HP-HP gfdghhshdhfg IP-BLOCK 42.2.151.79 (Type: incoming, Port: 7466, Process: svchost.exe)

2013/09/23 22:40:57 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.88 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/23 22:48:03 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.233 (Type: incoming, Port: 1998, Process: svchost.exe)

2013/09/23 23:03:51 +0800 HP-HP gfdghhshdhfg IP-BLOCK 46.166.168.105 (Type: incoming, Port: 3389, Process: svchost.exe)

2013/09/23 23:47:29 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/23 23:59:14 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 1998, Process: svchost.exe)

 

 

22/9/2013

 

2013/09/22 08:55:25 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/22 09:07:06 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 1998, Process: svchost.exe)

2013/09/22 09:18:36 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/22 09:30:15 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 1998, Process: svchost.exe)

2013/09/22 10:16:57 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.233 (Type: incoming, Port: 1998, Process: svchost.exe)

2013/09/22 10:52:24 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.233 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/22 11:18:21 +0800 HP-HP gfdghhshdhfg IP-BLOCK 218.8.55.109 (Type: outgoing, Port: 57345, Process: chrome.exe)

2013/09/22 11:18:21 +0800 HP-HP gfdghhshdhfg IP-BLOCK 218.8.55.109 (Type: outgoing, Port: 57346, Process: chrome.exe)

2013/09/22 11:18:21 +0800 HP-HP gfdghhshdhfg IP-BLOCK 218.8.55.109 (Type: outgoing, Port: 57347, Process: chrome.exe)

2013/09/22 11:18:21 +0800 HP-HP gfdghhshdhfg IP-BLOCK 218.8.55.109 (Type: outgoing, Port: 57354, Process: chrome.exe)

2013/09/22 14:01:29 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/22 15:25:23 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 1998, Process: svchost.exe)

2013/09/22 17:00:57 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.233 (Type: incoming, Port: 1998, Process: svchost.exe)

2013/09/22 17:12:47 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/22 17:13:11 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.88 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/22 17:24:45 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 1998, Process: svchost.exe)

2013/09/22 17:36:46 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/22 17:48:41 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 1998, Process: svchost.exe)

2013/09/22 18:00:45 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/22 19:10:23 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.69 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/22 19:12:49 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/22 19:36:50 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.246 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/22 21:22:27 +0800 HP-HP gfdghhshdhfg IP-BLOCK 61.160.250.96 (Type: incoming, Port: 1433, Process: svchost.exe)

2013/09/22 22:04:04 +0800 HP-HP gfdghhshdhfg IP-BLOCK 37.221.170.17 (Type: outgoing, Port: 57644, Process: chrome.exe)

2013/09/22 23:44:27 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 1998, Process: svchost.exe)

2013/09/22 23:56:01 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/22 23:56:01 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)

 

 

21/9/2013

 

2013/09/21 00:00:22 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 1998, Process: svchost.exe)

2013/09/21 00:00:22 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 1998, Process: svchost.exe)

2013/09/21 00:35:58 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/21 01:23:06 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.233 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/21 02:33:42 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/21 06:00:53 +0800 HP-HP (null) MESSAGE Starting protection

2013/09/21 06:00:53 +0800 HP-HP (null) MESSAGE Protection started successfully

2013/09/21 06:00:53 +0800 HP-HP (null) MESSAGE Starting IP protection

2013/09/21 06:00:55 +0800 HP-HP (null) MESSAGE IP Protection started successfully

2013/09/21 06:13:04 +0800 HP-HP gfdghhshdhfg MESSAGE Executing scheduled update:  Daily

2013/09/21 06:13:09 +0800 HP-HP gfdghhshdhfg MESSAGE Starting database refresh

2013/09/21 06:13:09 +0800 HP-HP gfdghhshdhfg MESSAGE Stopping IP protection

2013/09/21 06:13:09 +0800 HP-HP gfdghhshdhfg MESSAGE Scheduled update executed successfully:  database updated from version v2013.09.20.02 to version v2013.09.20.10

2013/09/21 06:13:10 +0800 HP-HP gfdghhshdhfg MESSAGE IP Protection stopped successfully

2013/09/21 06:13:42 +0800 HP-HP gfdghhshdhfg MESSAGE Database refreshed successfully

2013/09/21 06:13:42 +0800 HP-HP gfdghhshdhfg MESSAGE Starting IP protection

2013/09/21 06:13:44 +0800 HP-HP gfdghhshdhfg MESSAGE IP Protection started successfully

2013/09/21 06:39:46 +0800 HP-HP gfdghhshdhfg IP-BLOCK 37.221.160.203 (Type: incoming, Port: 443, Process: pmb.exe)

2013/09/21 06:39:46 +0800 HP-HP gfdghhshdhfg IP-BLOCK 37.221.160.203 (Type: incoming, Port: 443, Process: pmb.exe)

2013/09/21 06:39:46 +0800 HP-HP gfdghhshdhfg IP-BLOCK 37.221.160.203 (Type: incoming, Port: 443, Process: pmb.exe)

2013/09/21 07:20:57 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 1998, Process: svchost.exe)

2013/09/21 07:32:31 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/21 07:55:38 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/21 07:55:38 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/21 08:41:58 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.246 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/21 09:05:16 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/21 09:05:16 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/21 09:05:48 +0800 HP-HP gfdghhshdhfg IP-BLOCK 93.174.93.176 (Type: incoming, Port: 53, Process: svchost.exe)

2013/09/21 09:16:57 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 1998, Process: svchost.exe)

2013/09/21 09:28:13 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.25.44 (Type: incoming, Port: 8088, Process: svchost.exe)

2013/09/21 09:28:46 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/21 09:36:57 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.58 (Type: incoming, Port: 1174, Process: svchost.exe)

2013/09/21 09:36:57 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.58 (Type: incoming, Port: 1998, Process: svchost.exe)

2013/09/21 09:36:57 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.58 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/21 09:40:19 +0800 HP-HP gfdghhshdhfg IP-BLOCK 94.102.59.185 (Type: incoming, Port: 19, Process: svchost.exe)

2013/09/21 09:44:05 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.10.7 (Type: incoming, Port: 1998, Process: svchost.exe)

2013/09/21 09:52:08 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/21 09:55:29 +0800 HP-HP gfdghhshdhfg IP-BLOCK 94.102.59.185 (Type: incoming, Port: 19, Process: svchost.exe)

2013/09/21 10:15:29 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.246 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/21 10:17:22 +0800 HP-HP gfdghhshdhfg IP-BLOCK 94.102.59.185 (Type: incoming, Port: 19, Process: svchost.exe)

2013/09/21 10:38:42 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/21 10:43:32 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.25.44 (Type: incoming, Port: 8088, Process: svchost.exe)

2013/09/21 10:50:22 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.233 (Type: incoming, Port: 1998, Process: svchost.exe)

2013/09/21 11:25:48 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/21 11:35:43 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.57 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/21 11:35:43 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.57 (Type: incoming, Port: 1998, Process: svchost.exe)

2013/09/21 12:01:23 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 1998, Process: svchost.exe)

2013/09/21 12:13:12 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/21 12:13:12 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/21 12:25:00 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 1998, Process: svchost.exe)

2013/09/21 12:36:49 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/21 12:43:15 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.25.44 (Type: incoming, Port: 8088, Process: svchost.exe)

2013/09/21 13:12:26 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.233 (Type: incoming, Port: 1998, Process: svchost.exe)

2013/09/21 14:11:31 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/21 16:54:56 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.25.44 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/21 16:56:16 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.246 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/21 17:29:57 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.88 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/21 18:18:31 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 1998, Process: svchost.exe)

2013/09/21 18:30:24 +0800 HP-HP (null) MESSAGE Starting protection

2013/09/21 18:30:25 +0800 HP-HP (null) MESSAGE Protection started successfully

2013/09/21 18:30:25 +0800 HP-HP (null) MESSAGE Starting IP protection

2013/09/21 18:30:27 +0800 HP-HP (null) MESSAGE IP Protection started successfully

2013/09/21 19:19:42 +0800 HP-HP gfdghhshdhfg IP-BLOCK 218.8.51.108 (Type: outgoing, Port: 54232, Process: svchost.exe)

2013/09/21 19:19:43 +0800 HP-HP gfdghhshdhfg IP-BLOCK 218.8.51.108 (Type: outgoing, Port: 54235, Process: svchost.exe)

2013/09/21 21:17:53 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/21 21:38:22 +0800 HP-HP gfdghhshdhfg IP-BLOCK 93.174.93.176 (Type: incoming, Port: 53, Process: svchost.exe)

2013/09/21 21:53:21 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 1998, Process: svchost.exe)

2013/09/21 22:17:03 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.246 (Type: incoming, Port: 1998, Process: svchost.exe)

2013/09/21 22:28:50 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/21 22:28:50 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/21 22:52:24 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/21 23:15:51 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/21 23:37:49 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.58 (Type: incoming, Port: 1174, Process: svchost.exe)

2013/09/21 23:37:49 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.58 (Type: incoming, Port: 1174, Process: svchost.exe)

2013/09/21 23:37:49 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.58 (Type: incoming, Port: 1998, Process: svchost.exe)

2013/09/21 23:37:49 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.58 (Type: incoming, Port: 1998, Process: svchost.exe)

2013/09/21 23:37:49 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.58 (Type: incoming, Port: 18186, Process: svchost.exe)

2013/09/21 23:37:49 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.58 (Type: incoming, Port: 18186, Process: svchost.exe)

 

 

[IP-blocks from svchost.exe]

Most of the incoming ones are from 60.173.8.2XX (about 30 to 40), with some random ones. The outcoming ones are from 218.8.5X.10X. Should I post the logs?

[IP-blocks from svchost.exe]

I followed your instructions and there hasn't been any incoming IPs that are blocked. I noticed two blocked outgoing IPs two hours ago when I was doing those things though. Is that normal?

[IP-blocks from svchost.exe]

Thanks for the advice. Here are the logs:

 

AdwCleaner

 

# AdwCleaner v3.004 - Report created 21/09/2013 at 18:28:04
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dummy - HP-HP
# Running from : C:\Users\gfdghhshdhfg\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : \END

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v23.0.1 (zh-TW)

[ File : C:\Users\gfdghhshdhfg\AppData\Roaming\Mozilla\Firefox\Profiles\w2txq83z.default\prefs.js ]



[ File : C:\Users\Trololololololololol\AppData\Roaming\Mozilla\Firefox\Profiles\1xst0whj.default\prefs.js ]


[ File : C:\Users\Dummy\AppData\Roaming\Mozilla\Firefox\Profiles\dt45wiuz.default\prefs.js ]


[ File : C:\Users\Doppel\AppData\Roaming\Mozilla\Firefox\Profiles\n2kiayro.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2104 octets] - [21/09/2013 18:22:28]
AdwCleaner[s0].txt - [2033 octets] - [21/09/2013 18:28:04]

########## EOF - \AdwCleaner\AdwCleaner[s0].txt - [2093 octets] ##########
 

SecurityCheck

 

 Results of screen317's Security Check version 0.99.73  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
BullGuard Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 6 Update 29  
 Java 7 Update 21  
 Java version out of Date!
 Adobe Flash Player 11.8.800.168  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox (23.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 BullGuard Ltd BullGuard Antivirus BullGuardUpdate.exe  
 BullGuard Ltd BullGuard Antivirus BullGuardScanner.exe  
 BullGuard Ltd BullGuard Antivirus BullGuard.exe  
 gfdghhshdhfg Desktop Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 

[IP-blocks from svchost.exe]

Thanks for the replies. The scans didn't find anything obvious, but I see something called ALWIL when I'm scanning with the ESET Online Scanner. I'm not sure if this affected the scanner's performance, but I can't find this ALWIL thing so I can't disable it. Anyway, here is the log from Malwarebytes:

 

www.malwarebytes.org

 

Database version: v2013.09.20.02

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16686

Dummy :: HP-HP [administrator]

 

Protection: Enabled

 

20/9/2013 17:28:13

mbam-log-2013-09-20 (17-28-13).txt

 

Scan type: Full scan (C:\|D:\|E:\|Q:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 735606

Time elapsed: 2 hour(s), 13 minute(s), 24 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

[IP-blocks from svchost.exe]

ComboFix 13-09-17.01 - Dummy 09/2013 週三  18:56:16.1.4 - x64

Microsoft Windows 7 家用進階版   6.1.7601.1.950.852.3076.18.3959.642 [GMT 8:00]

執行位置: c:\users\gfdghhshdhfg\Downloads\ComboFix.exe

AV: BullGuard Antivirus *Disabled/Outdated* {504FFF66-3028-EB7E-2E60-62B19ADD791C}

SP: BullGuard Antispyware *Disabled/Outdated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   被刪除的檔案   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\-\AppData\Local\Google\Chrome\User Data\Default\Preferences

c:\users\gfdghhshdhfg\AppData\Local\assembly\tmp

c:\users\gfdghhshdhfg\AppData\Local\Google\Chrome\User Data\Default\Preferences

c:\users\gfdghhshdhfg\Documents\~WRL4101.tmp

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Preferences

c:\windows\apppatch\AppLoc.exe

.

.

(((((((((((((((((((((((((  2013-08-18 至 2013-09-18 的新的檔案  )))))))))))))))))))))))))))))))

.

.

2013-09-18 11:06 . 2013-09-18 11:06 -------- d-----w- c:\users\hedev\AppData\Local\temp

2013-09-18 11:06 . 2013-09-18 11:06 -------- d-----w- c:\users\Dummy\AppData\Local\temp

2013-09-18 11:06 . 2013-09-18 11:06 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-09-18 11:06 . 2013-09-18 11:06 -------- d-----w- c:\users\hp.hp-HP\AppData\Local\temp

2013-09-17 15:03 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C9F920F-15EF-416F-997E-66969C167C17}\mpengine.dll

2013-09-14 11:50 . 2013-09-17 11:01 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-09-11 14:50 . 2013-04-04 06:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-08-31 06:55 . 2013-08-31 06:59 -------- d-----w- c:\users\gfdghhshdhfg\AppData\Roaming\Natural Selection 2

2013-08-31 06:47 . 2013-08-31 06:47 -------- d-----w- c:\users\Dummy\AppData\Local\SCE

2013-08-25 13:34 . 2013-08-25 13:34 -------- d-----w- c:\users\Dummy\AppData\Roaming\RealNetworks

2013-08-25 13:33 . 2013-08-25 13:33 -------- d-----w- c:\program files (x86)\RealNetworks

2013-08-25 13:33 . 2013-08-25 13:33 -------- d-----w- c:\programdata\RealNetworks

2013-08-22 05:54 . 2013-08-22 05:55 -------- d-----w- c:\program files\HitmanPro

2013-08-22 05:40 . 2013-08-22 06:05 -------- d-----w- c:\programdata\HitmanPro

2013-08-22 05:34 . 2013-08-22 05:35 -------- d-----w- c:\programdata\MFAData

2013-08-22 05:34 . 2013-08-22 05:34 -------- d--h--w- c:\programdata\Common Files

2013-08-22 05:34 . 2013-08-22 05:34 -------- d-----w- c:\users\Dummy\AppData\Local\MFAData

2013-08-22 05:34 . 2013-08-22 05:34 -------- d-----w- c:\users\Dummy\AppData\Local\Avg2013

2013-08-21 11:28 . 2013-08-21 11:28 -------- d-----w- c:\users\Dummy\AppData\Local\ApplicationHistory

.

.

.

((((((((((((((((((((((((((((((((((((((((   在三個月內被修改的檔案   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-09-11 19:16 . 2011-11-27 01:53 79143768 ----a-w- c:\windows\system32\MRT.exe

2013-08-25 13:30 . 2012-06-30 13:35 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2013-08-25 13:30 . 2012-06-30 13:35 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2013-08-06 20:22 . 2011-10-08 06:52 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-08-02 01:48 . 2013-09-11 10:45 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-07-29 19:40 . 2013-07-29 19:40 0 ----a-w- c:\windows\SysWow64\sho650B.tmp

2013-07-28 02:40 . 2012-04-12 02:50 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-07-28 02:40 . 2011-09-27 14:22 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-07-25 09:25 . 2013-08-14 14:45 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-07-25 08:57 . 2013-08-14 14:45 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL

2013-07-20 10:55 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-07-19 01:58 . 2013-08-14 14:46 2048 ----a-w- c:\windows\system32\tzres.dll

2013-07-19 01:41 . 2013-08-14 14:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2013-07-18 17:16 . 2013-07-18 17:16 0 ----a-w- c:\windows\SysWow64\sho8616.tmp

2013-07-17 19:01 . 2013-07-17 19:01 0 ----a-w- c:\windows\SysWow64\sho66EA.tmp

2013-07-09 05:52 . 2013-08-14 14:47 224256 ----a-w- c:\windows\system32\wintrust.dll

2013-07-09 05:51 . 2013-08-14 14:45 1217024 ----a-w- c:\windows\system32\rpcrt4.dll

2013-07-09 05:46 . 2013-08-14 14:47 1472512 ----a-w- c:\windows\system32\crypt32.dll

2013-07-09 05:46 . 2013-08-14 14:47 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2013-07-09 05:46 . 2013-08-14 14:47 139776 ----a-w- c:\windows\system32\cryptnet.dll

2013-07-09 04:52 . 2013-08-14 14:45 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll

2013-07-09 04:52 . 2013-08-14 14:47 175104 ----a-w- c:\windows\SysWow64\wintrust.dll

2013-07-09 04:46 . 2013-08-14 14:47 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll

2013-07-09 04:46 . 2013-08-14 14:47 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2013-07-09 04:46 . 2013-08-14 14:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2013-07-06 06:03 . 2013-08-14 14:44 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-07-05 18:53 . 2013-07-05 18:53 0 ----a-w- c:\windows\SysWow64\sho702A.tmp

2013-07-04 23:32 . 2013-07-04 23:32 0 ----a-w- c:\windows\SysWow64\sho11DE.tmp

2013-06-30 01:46 . 2013-06-30 01:46 0 ----a-w- c:\windows\SysWow64\shoB46F.tmp

2013-06-26 11:21 . 2013-06-26 11:21 23208 ----a-w- c:\windows\system32\drivers\Sftvollh.sys

2013-06-26 11:21 . 2013-06-26 11:21 28840 ----a-w- c:\windows\system32\drivers\Sftredirlh.sys

2013-06-26 11:21 . 2013-06-26 11:21 273576 ----a-w- c:\windows\system32\drivers\Sftplaylh.sys

2013-06-26 11:21 . 2013-06-26 11:21 1777320 ----a-w- c:\windows\system32\sftldr.dll

2013-06-26 11:21 . 2013-06-26 11:21 1130664 ----a-w- c:\windows\SysWow64\sftldr_wow64.dll

2013-06-26 11:21 . 2013-06-26 11:21 767144 ----a-w- c:\windows\system32\drivers\Sftfslh.sys

2013-06-24 23:17 . 2013-06-24 23:17 0 ----a-w- c:\windows\SysWow64\sho88E6.tmp

2013-06-23 16:26 . 2013-06-23 16:26 0 ----a-w- c:\windows\SysWow64\sho9F5F.tmp

2013-06-22 20:00 . 2013-06-22 20:00 0 ----a-w- c:\windows\SysWow64\shoB822.tmp

.

.

(((((((((((((((((((((((((((((((((((((   重要登入點   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*注意* 空白與合法缺省登錄將不會被顯示 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"MsgCenterExe"="c:\program files (x86)\real\realplayer\update\RealOneMessageCenter.exe" [2013-08-25 83072]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe" [2010-07-21 2095616]

"BATINDICATORHL"="c:\program files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe" [2010-07-23 557056]

"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-10-22 895512]

"IME14 CHT Setup"="c:\progra~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2012-03-13 81200]

"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]

"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-08-25 295512]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware"="c:\users\gfdghhshdhfg\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]

"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2013-04-04 1127496]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e00d0404]

   IME File REG_SZ         IMTCC14.IME

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e00e0404]

   IME File REG_SZ         IMTCQ14.IME

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e00f0404]

   IME File REG_SZ         IMTCJ14.IME

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 BgRaSvc;BgRaSvc;c:\program files\BullGuard Ltd\BullGuard Antivirus\Support\BgRaSvc.exe;c:\program files\BullGuard Ltd\BullGuard Antivirus\Support\BgRaSvc.exe [x]

R3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows 啟用技術服務;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S1 BdSpy;BdSpy;c:\windows\system32\DRIVERS\BdSpy.sys;c:\windows\SYSNATIVE\DRIVERS\BdSpy.sys [x]

S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [x]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]

S2 BsBrowser;BullGuard antiphishing service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x]

S2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x]

S2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x]

S2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x]

S2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard Antivirus\BullGuardUpdate.exe;c:\program files\BullGuard Ltd\BullGuard Antivirus\BullGuardUpdate.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]

S2 ImeDictUpdateService;Microsoft IME Dictionary Update;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [x]

S2 MBAMScheduler;MBAMScheduler;c:\users\gfdghhshdhfg\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\users\gfdghhshdhfg\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\users\gfdghhshdhfg\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe;c:\users\gfdghhshdhfg\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]

S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]

S3 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard Antivirus\BullGuardScanner.exe;c:\program files\BullGuard Ltd\BullGuard Antivirus\BullGuardScanner.exe [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ   Akamai

.

 ‘計劃任務’ 文件夾 裡的內容

.

2013-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-05 10:53]

.

2013-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-05 10:53]

.

2013-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-423791886-1600473386-2339945710-1001Core.job

- c:\users\gfdghhshdhfg\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-05 10:51]

.

2013-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-423791886-1600473386-2339945710-1001UA.job

- c:\users\gfdghhshdhfg\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-05 10:51]

.

2013-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-423791886-1600473386-2339945710-1008Core.job

- c:\users\-\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-10 16:58]

.

2013-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-423791886-1600473386-2339945710-1008UA.job

- c:\users\-\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-10 16:58]

.

2013-08-20 c:\windows\Tasks\HPCeeScheduleForgfdghhshdhfg.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

2013-08-27 c:\windows\Tasks\HPCeeScheduleForHP-HP$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-13 11046504]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]

"BullGuard"="c:\program files\BullGuard Ltd\BullGuard Antivirus\bullguard.exe" [2011-10-04 2148664]

"IME14 CHT Setup"="c:\progra~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2012-03-13 110896]

.

------- 而外的掃描 -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

LSP: c:\windows\system32\BGLsp.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.8.1

TCP: Interfaces\{2366C26E-B6ED-4F6C-B00D-8F3E71CF3A8E}: NameServer = 203.198.23.208 218.102.32.208

TCP: Interfaces\{2FC9F5EA-3143-44E7-AC3A-069298D7F349}: NameServer = 203.198.23.208 218.102.32.208

FF - ProfilePath - c:\users\Dummy\AppData\Roaming\Mozilla\Firefox\Profiles\dt45wiuz.default\

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

AddRemove-Katawa Shoujo - c:\users\gfdghhshdhfg\Desktop\Katawa Shoujo\Uninstall Katawa Shoujo.exe

AddRemove-Strange Adventures in Infinite Space - c:\users\gfdghhshdhfg\Desktop\uninstall.exe

AddRemove-{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8} - c:\program files (x86)\InstallShield Installation Information\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

完成時間: 2013-09-18  19:09:09

ComboFix-quarantined-files.txt  2013-09-18 11:09

.

Pre-Run: 745,043,304,448 bytes free

Post-Run: 749,323,616,256 bytes free

.

- - End Of File - - 419ADF378BC2ECA850F5AA4694296E93

[IP-blocks from svchost.exe]

Hello. Malwarebytes has blocked multiple incoming IPs with similar addresses and some outgoing IPs from svchost.exe since I downloaded the trial 10 days ago. Scans from my antivirus and Malwarebytes have turned up nothing.  I am worried it might be a sign of infection. Could you please take a look at the logs?

 

DDS.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 10.21.2

Run by Dummy at 15:43:33 on 2013-09-20

Microsoft Windows 7 家用進階版   6.1.7601.1.950.852.3076.18.3959.528 [GMT 8:00]

.

AV: BullGuard Antivirus *Enabled/Updated* {504FFF66-3028-EB7E-2E60-62B19ADD791C}

SP: BullGuard Antispyware *Enabled/Updated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\HitmanPro\hmpsched.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Windows\System32\SvcHost.exe -k BullGuard_LowPriv

C:\Windows\System32\SvcHost.exe -k BullGuard

C:\Windows\System32\SvcHost.exe -k BullGuard_Main

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Users\gfdghhshdhfg\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Users\gfdghhshdhfg\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\PDF Complete\pdfsvc.exe

C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\BullGuard Ltd\BullGuard Antivirus\BullGuardUpdate.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Users\gfdghhshdhfg\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\BullGuard Ltd\BullGuard Antivirus\BullGuardScanner.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files\BullGuard Ltd\BullGuard Antivirus\BullGuard.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\gfdghhshdhfg\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

C:\Users\gfdghhshdhfg\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe

C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Windows\system32\taskmgr.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: BGAntiphishingBHO Class: {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard Antivirus\Files32\Antiphishing\IE\BGAntiphishingIEBHO.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [MsgCenterExe] "c:\program files (x86)\real\realplayer\update\RealOneMessageCenter.exe"  -osboot

mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe

mRun: [bATINDICATORHL] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe

mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun: [iME14 CHT Setup] C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log

mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: [Malwarebytes Anti-Malware] C:\Users\gfdghhshdhfg\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard Antivirus\Files32\Antiphishing\IE\BGAntiphishingIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

LSP: C:\Windows\System32\BGLsp.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: NameServer = 192.168.8.1

TCP: Interfaces\{2366C26E-B6ED-4F6C-B00D-8F3E71CF3A8E} : NameServer = 203.198.23.208 218.102.32.208

TCP: Interfaces\{2FC9F5EA-3143-44E7-AC3A-069298D7F349} : NameServer = 203.198.23.208 218.102.32.208

TCP: Interfaces\{A30A7FB0-4481-4DE3-89A5-52BB9855B80C} : DHCPNameServer = 192.168.8.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: BGAntiphishingBHO Class: {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard Antivirus\Antiphishing\IE\BGAntiphishingIEBHO.dll

x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background

x64-Run: [bullGuard] "C:\Program Files\BullGuard Ltd\BullGuard Antivirus\bullguard.exe" -boot

x64-Run: [iME14 CHT Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard Antivirus\Antiphishing\IE\BGAntiphishingIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Dummy\AppData\Roaming\Mozilla\Firefox\Profiles\dt45wiuz.default\

.

============= SERVICES / DRIVERS ===============

.

R1 BdSpy;BdSpy;C:\Windows\System32\drivers\BdSpy.sys [2010-3-12 63712]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-5-27 56344]

R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-5-27 172632]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-9-11 25928]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-5-27 1002848]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-5-27 408680]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]

S3 clwvd;HP Webcam Splitter;C:\Windows\System32\drivers\clwvd.sys [2010-9-4 31088]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-10-9 59392]

.

=============== Created Last 30 ================

.

2013-09-19 12:18:12 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1C9F920F-15EF-416F-997E-66969C167C17}\offreg.dll

2013-09-18 14:05:44 -------- d-sh--w- C:\$RECYCLE.BIN

2013-09-18 12:59:32 -------- d-----w- C:\Program Files (x86)\ESET

2013-09-18 11:09:11 -------- d-----w- C:\Users\Dummy\AppData\Local\temp

2013-09-17 15:03:56 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1C9F920F-15EF-416F-997E-66969C167C17}\mpengine.dll

2013-09-14 11:50:51 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-09-11 14:50:20 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-09-03 13:53:52 187248 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2013-08-31 06:47:36 -------- d-----w- C:\Users\Dummy\AppData\Local\SCE

2013-08-25 13:34:12 -------- d-----w- C:\Users\Dummy\AppData\Roaming\RealNetworks

2013-08-25 13:33:16 -------- d-----w- C:\Program Files (x86)\RealNetworks

2013-08-25 13:33:08 -------- d-----w- C:\ProgramData\RealNetworks

2013-08-23 15:14:49 91544 ----a-w- C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll

2013-08-22 05:54:57 -------- d-----w- C:\Program Files\HitmanPro

2013-08-22 05:40:23 -------- d-----w- C:\ProgramData\HitmanPro

2013-08-22 05:34:02 -------- d--h--w- C:\ProgramData\Common Files

2013-08-22 05:34:02 -------- d-----w- C:\Users\Dummy\AppData\Local\MFAData

2013-08-22 05:34:02 -------- d-----w- C:\Users\Dummy\AppData\Local\Avg2013

2013-08-22 05:34:02 -------- d-----w- C:\ProgramData\MFAData

2013-08-21 11:28:23 -------- d-----w- C:\Users\Dummy\AppData\Local\ApplicationHistory

.

==================== Find3M  ====================

.

2013-09-19 20:14:45 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-09-19 20:14:45 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-08-25 13:30:32 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2013-08-25 13:30:32 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll

2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys

2013-08-06 20:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys

2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll

2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll

2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll

2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll

2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe

2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe

2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2013-07-29 19:40:55 0 ----a-w- C:\Windows\SysWow64\sho650B.tmp

2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-07-18 17:16:44 0 ----a-w- C:\Windows\SysWow64\sho8616.tmp

2013-07-17 19:01:44 0 ----a-w- C:\Windows\SysWow64\sho66EA.tmp

2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll

2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll

2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll

2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll

2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll

2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-07-05 18:53:29 0 ----a-w- C:\Windows\SysWow64\sho702A.tmp

2013-07-04 23:32:26 0 ----a-w- C:\Windows\SysWow64\sho11DE.tmp

2013-06-30 01:46:01 0 ----a-w- C:\Windows\SysWow64\shoB46F.tmp

2013-06-26 11:21:50 23208 ----a-w- C:\Windows\System32\drivers\Sftvollh.sys

2013-06-26 11:21:48 28840 ----a-w- C:\Windows\System32\drivers\Sftredirlh.sys

2013-06-26 11:21:46 273576 ----a-w- C:\Windows\System32\drivers\Sftplaylh.sys

2013-06-26 11:21:46 1777320 ----a-w- C:\Windows\System32\sftldr.dll

2013-06-26 11:21:46 1130664 ----a-w- C:\Windows\SysWow64\sftldr_wow64.dll

2013-06-26 11:21:44 767144 ----a-w- C:\Windows\System32\drivers\Sftfslh.sys

2013-06-24 23:17:55 0 ----a-w- C:\Windows\SysWow64\sho88E6.tmp

2013-06-23 16:26:23 0 ----a-w- C:\Windows\SysWow64\sho9F5F.tmp

2013-06-22 20:00:41 0 ----a-w- C:\Windows\SysWow64\shoB822.tmp

.

============= FINISH: 15:44:49.78 ===============

 

Attached.txt

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 家用進階版 

Boot Device: \Device\HarddiskVolume1

Install Date: 4/8/2011 16:41:08

System Uptime: 20/9/2013 6:41:18 (9 hours ago)

.

Motherboard: Hewlett-Packard |  | 2AA6

Processor: Intel® Core i3 CPU         560  @ 3.33GHz | CPU 1 | 2266/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 916 GiB total, 705.631 GiB free.

D: is FIXED (NTFS) - 15 GiB total, 1.89 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: USB 視訊裝置

Device ID: USB\VID_04F2&PID_B2B2&MI_00\7&2BE61223&0&0000

Manufacturer: Microsoft

Name: USB Webcam

PNP Device ID: USB\VID_04F2&PID_B2B2&MI_00\7&2BE61223&0&0000

Service: usbvideo

.

Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}

Description: HP Webcam Splitter

Device ID: ROOT\MEDIA\0000

Manufacturer: CyberLink

Name: HP Webcam Splitter

PNP Device ID: ROOT\MEDIA\0000

Service: clwvd

.

==== System Restore Points ===================

.

RP260: 18/9/2013 20:55:32 - ComboFix created restore point

.

==== Installed Programs ======================

.

7-Zip 9.20 (x64 edition)

ABBYY FineReader 9.0 Sprint

ActiveCheck component for HP Active Support Library

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.8)

Agatha Christie - Peril at End House

Akamai NetSession Interface

Alien Swarm

Bejeweled 2 Deluxe

Bing Bar

Bing Rewards Client Installer

Blackhawk Striker 2

Blasterball 3

Bounce Symphony

Build Your Own Net Dream (remove only)

BullGuard Antivirus 9.0

BYOND

Cake Mania

Champions Online: Free For All

Chuzzle Deluxe

Counter-Strike Online 客戶端

CyberLink DVD Suite Deluxe

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dora's World Adventure

Dragons Prophet

DVD Menu Pack for HP MediaSmart Video

Epson Easy Photo Print 2

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

Epson Event Manager

EPSON ME 330 Series 用?指南

EPSON Scan

ESET Online Scanner v3