idm
-
Posts
6 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by idm
-
-
Hello,
Thank you for your help. I have since (my initial posting) been working with malewarebytes support directly and the problem seems to have been resloved. They suggested much of what you did and could not find anything and suggested the router. Between that and uninstalling Skype and Windows Live Essentials (my own thoughts) the issue appears to have been resolved (After 8 hours of testing).
You are correcnt on my AV selection and I had just tried Kaspersky to try and detect a virus.
One quick question, why did you want skype disabled? Could that have been a cause?
Thanks again,
Ian
-
Hello,
Please can you help? I installed the Pro version of MalwareBytes last week and discovered that MWB is blocking outgoing requests continuously. I have scanned for Viruses with multiple AV programs and nothing is found. I have followed the directions and rund DDS, GMER (tried ComboFix as well) and these continue. I have included the DDS file and attached the other request files. MWB shoes noting in a scan but the following is a sample of the blocks:
11:41:35 xxxx IP-BLOCK 58.218.199.147 (Type: outgoing, Port: 137)
11:41:35 xxxx IP-BLOCK 58.218.199.147 (Type: outgoing, Port: 137)
11:41:35 xxxx IP-BLOCK 58.218.199.147 (Type: outgoing, Port: 137)
11:54:12 xxxx MESSAGE Protection started successfully
11:54:17 xxxx MESSAGE IP Protection started successfully
12:03:51 xxxx MESSAGE IP Protection stopped
13:35:36 xxxx MESSAGE Protection started successfully
13:35:40 xxxx MESSAGE IP Protection started successfully
13:36:51 xxxx IP-BLOCK 58.218.199.147 (Type: outgoing, Port: 137)
13:36:51 xxxx IP-BLOCK 58.218.199.147 (Type: outgoing, Port: 137)
13:36:51 xxxx IP-BLOCK 58.218.199.147 (Type: outgoing, Port: 137)
14:13:02 xxxx MESSAGE Protection started successfully
14:13:06 xxxx MESSAGE IP Protection started successfully
15:25:56 xxxx IP-BLOCK 221.192.199.49 (Type: outgoing, Port: 137)
15:25:56 xxxx IP-BLOCK 221.192.199.49 (Type: outgoing, Port: 137)
15:25:56 xxxx IP-BLOCK 221.192.199.49 (Type: outgoing, Port: 137)
15:32:07 xxxx IP-BLOCK 58.218.199.147 (Type: outgoing, Port: 137)
15:32:07 xxxx IP-BLOCK 58.218.199.147 (Type: outgoing, Port: 137)
15:32:15 xxxx IP-BLOCK 58.218.199.147 (Type: outgoing, Port: 137)
17:11:34 xxxx IP-BLOCK 58.218.199.250 (Type: outgoing, Port: 137)
17:11:34 xxxx IP-BLOCK 58.218.199.250 (Type: outgoing, Port: 137)
17:11:42 xxxx IP-BLOCK 58.218.199.250 (Type: outgoing, Port: 137)
17:27:34 xxxx IP-BLOCK 58.218.199.147 (Type: outgoing, Port: 137)
17:27:35 xxxx IP-BLOCK 58.218.199.147 (Type: outgoing, Port: 137)
17:27:35 xxxx IP-BLOCK 58.218.199.147 (Type: outgoing, Port: 137)
17:54:33 xxxx MESSAGE IP Protection stopped
17:54:34 xxxx MESSAGE Database updated successfully
17:54:35 xxxx MESSAGE IP Protection started successfully
18:01:11 xxxx MESSAGE IP Protection stopped
18:16:24 xxxx MESSAGE Protection started successfully
18:16:29 xxxx MESSAGE IP Protection started successfully
18:58:09 xxxx MESSAGE Protection started successfully
18:58:14 xxxx MESSAGE IP Protection started successfully
19:24:44 xxxx IP-BLOCK 221.192.199.49 (Type: outgoing, Port: 137)
19:24:53 xxxx IP-BLOCK 221.192.199.49 (Type: outgoing, Port: 137)
19:24:53 xxxx IP-BLOCK 221.192.199.49 (Type: outgoing, Port: 137)
DDS.txt:
DDS (Ver_2011-07-14.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by Mead at 19:02:35 on 2011-07-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6125.3818 [GMT -4:00]
.
AV: Ad-Aware Total Security *Enabled/Updated* {54ACC2FC-837E-E665-7A92-5352D560D5EF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Ad-Aware Total Security *Enabled/Updated* {EFCD2318-A544-E9EB-4022-6820AEE79F52}
FW: Ad-Aware Personal Firewall *Enabled* {6C9743D9-C911-E73D-51CD-FA672BB39294}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtlX64.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Windows Home Server\esClient.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
C:\Program Files (x86)\Garmin\gStart.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Windows Home Server\WHSTrayApp.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Users\Mead\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVKTray\AVKTray.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\Firewall\GDFirewallTray.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvcx64.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\G Data\AVKProxy\AvkBap64.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
BHO: Ad-Aware WebFilter: {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\WebFilter\AvkWebIE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Ad-Aware WebFilter: {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\WebFilter\AvkWebIE.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
uRun: [gStart] C:\Program Files (x86)\Garmin\gStart.exe
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [G Data AntiVirus Tray Application] C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVKTray\AVKTray.exe
mRun: [GDFirewallTray] C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\Firewall\GDFirewallTray.exe
mRun: [sHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
mRun: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
StartupFolder: C:\Users\Mead\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Mead\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINDOW~1.LNK - C:\Windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{0949EF99-6D8E-4FAE-AD72-412D7877F507} : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{2374A6D6-AE42-4B6E-AA26-EBA3EF03E41F} : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{2374A6D6-AE42-4B6E-AA26-EBA3EF03E41F}\D464840284F4D454 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{2374A6D6-AE42-4B6E-AA26-EBA3EF03E41F}\D464840284F4D45402548545 : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
x64-BHO: Ad-Aware WebFilter: {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\Webfilter\AVKWebIEx64.dll
x64-BHO: BrowserHelper Class: {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Ad-Aware WebFilter: {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\Webfilter\AVKWebIEx64.dll
x64-TB: Home Server Banner: {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe
x64-Run: [intelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R?2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576]
R0 GDBehave;GDBehave;C:\Windows\System32\drivers\GDBehave.sys [2011-4-18 40392]
R1 GDMnIcpt;GDMnIcpt;C:\Windows\System32\drivers\MiniIcpt.sys [2011-4-18 85960]
R1 gdwfpcd;G DATA WFP CD;C:\Windows\System32\drivers\gdwfpcd64.sys [2011-4-18 48584]
R1 GRD;G Data Rootkit Detector Driver;C:\Windows\System32\drivers\GRD.sys [2011-4-18 106224]
R1 HookCentre;HookCentre;C:\Windows\System32\drivers\HookCentre.sys [2011-4-18 49096]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-1-10 231280]
R2 AVKProxy;Ad-Aware Total Security Proxy;C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2010-6-29 1081384]
R2 AVKService;Ad-Aware Scheduler;C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe [2010-6-29 412944]
R2 AVKWCtl;Ad-Aware Filesystem Monitor;C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtlX64.exe [2010-6-23 2170224]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 esClient;Windows Media Center Client Service;C:\Program Files\Windows Home Server\esClient.exe [2011-1-10 109936]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-9-19 13336]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-3-1 373640]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-9-17 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2011-4-19 72216]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-14 366640]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-3-14 47616]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-6-1 367456]
R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2011-4-17 14112]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2010-9-19 94208]
R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsne64.sys [2010-9-19 78848]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-6-12 259192]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2011-4-17 575856]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-4-17 836608]
R2 WHSConnector;Windows Home Server Connector Service;C:\Program Files\Windows Home Server\WHSConnector.exe [2011-1-10 489840]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872]
R3 BackupReader;BackupReader;C:\Windows\System32\drivers\BackupReader.sys [2011-1-10 53104]
R3 bpenum;bpenum;C:\Windows\System32\drivers\bpenum.sys [2010-5-16 71168]
R3 bpusb;bpusb;C:\Windows\System32\drivers\bpusb.sys [2010-5-16 81920]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2011-4-17 342056]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-4-17 39464]
R3 GDFwSvc;Ad-Aware Personal Firewall;C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvcx64.exe [2010-6-15 1954472]
R3 GDPkIcpt;GDPkIcpt;C:\Windows\System32\drivers\PktIcpt.sys [2011-4-18 57288]
R3 GDScan;Ad-Aware Scanner;C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [2010-6-29 624064]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-7-10 25912]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-5-31 7689216]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-4-27 83080]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-4-27 184968]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-9-19 86120]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-6-1 12032]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-4-24 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-4-24 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-4-24 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-4-24 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-6-12 44736]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);C:\Windows\System32\drivers\evsbc.sys [2011-5-10 32768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-17 136176]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2010-5-16 175104]
S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);C:\Windows\System32\drivers\evserial.sys [2011-5-10 67072]
S3 GDBackupSvc;Ad-Aware Backup Service;C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVKBackup\AVKBackupService.exe [2010-6-29 911976]
S3 GDTunerSvc;Ad-Aware Tuner Service;C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVKTuner\AVKTunerService.exe [2010-6-29 1234896]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-17 136176]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-9-19 158720]
S3 libusb0;LibUsb-Win32 - Kernel Driver 07/07/2009, 0.1.12.2;C:\Windows\System32\drivers\libusb0.sys [2009-7-7 32256]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-6-21 108400]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-6-18 423280]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-6-21 67952]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-6-7 304496]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-19 59392]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-6-9 537456]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-6-9 384880]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-6-9 101232]
S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2011-4-17 1250160]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-19 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-9-19 402720]
S4 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-6-17 851824]
.
=============== Created Last 30 ================
.
2011-07-17 22:08:58 -------- d-----w- C:\fg34hj2677f
2011-07-17 22:05:15 -------- d-----w- C:\fg34hj10510f
2011-07-17 22:01:36 -------- d-----w- C:\fg34hj
2011-07-17 18:18:44 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-07-17 17:32:52 -------- d-sh--w- C:\$RECYCLE.BIN
2011-07-17 16:05:40 98816 ----a-w- C:\Windows\sed.exe
2011-07-17 16:05:40 256000 ----a-w- C:\Windows\PEV.exe
2011-07-17 16:05:40 208896 ----a-w- C:\Windows\MBR.exe
2011-07-17 15:41:19 -------- d--h--w- C:\Windows\AxInstSV
2011-07-16 16:39:09 1017208 ----a-w- C:\Windows\SysWow64\CLVSD.ax
2011-07-16 02:41:14 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2011-07-16 02:34:49 -------- d-----w- C:\ProgramData\PC Tools
2011-07-15 23:16:49 0 ----a-w- C:\Windows\SysWow64\sho38E2.tmp
2011-07-15 17:35:15 -------- d-----w- C:\Program Files (x86)\Sophos
2011-07-15 17:24:14 -------- d-----w- C:\ProgramData\{F77EE8EF-305B-4394-A018-C1A57D2D66B5}
2011-07-15 17:24:07 -------- d-----w- C:\Users\Mead\AppData\Local\PackageAware
2011-07-15 16:44:05 0 ----a-w- C:\Windows\SysWow64\sho6F55.tmp
2011-07-15 16:23:43 0 ----a-w- C:\Windows\SysWow64\shoF17D.tmp
2011-07-15 16:18:47 -------- d-----w- C:\Program Files\Common Files\CANON
2011-07-15 16:17:16 -------- d-----w- C:\Program Files\Canon
2011-07-15 16:13:45 82944 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPP9N.DLL
2011-07-15 16:13:44 28160 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPD9N.DLL
2011-07-15 16:13:00 92672 ----a-w- C:\Windows\System32\CNC860I.DLL
2011-07-15 16:13:00 299520 ----a-w- C:\Windows\System32\CNC860L.DLL
2011-07-15 16:13:00 235008 ----a-w- C:\Windows\System32\CNC860O.DLL
2011-07-15 16:13:00 17920 ----a-w- C:\Windows\System32\CNHMCA6.DLL
2011-07-15 16:12:59 1342976 ----a-w- C:\Windows\System32\CNC860C.DLL
2011-07-15 16:10:02 152064 ----a-w- C:\Windows\System32\CNMN6UI.DLL
2011-07-15 16:10:01 251904 ----a-w- C:\Windows\System32\CNMN6PPM.DLL
2011-07-15 16:08:08 -------- d-----w- C:\Program Files (x86)\Canon
2011-07-15 06:43:06 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{14399C09-CAD1-4571-B57A-ECEDA5933CEF}\mpengine.dll
2011-07-13 19:09:00 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-13 19:09:00 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-11 00:37:55 -------- d-----w- C:\Users\Mead\AppData\Roaming\Malwarebytes
2011-07-11 00:37:34 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-11 00:37:32 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-11 00:37:28 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-11 00:37:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-06-28 18:41:01 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-06-28 18:41:01 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-06-28 18:41:01 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-06-28 18:41:01 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-06-28 18:41:01 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
.
==================== Find3M ====================
.
2011-06-24 02:18:17 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-24 23:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-28 03:55:08 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2011-04-28 03:54:56 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS
2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-04-23 01:29:25 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-04-23 01:19:19 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-04-22 23:35:56 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-04-22 23:25:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-04-20 03:08:38 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-04-20 03:08:37 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-04-19 21:11:47 106224 ----a-w- C:\Windows\SysWow64\drivers\GRD.sys
2011-04-19 02:25:50 106224 ----a-w- C:\Windows\System32\drivers\GRD.sys
2011-04-19 02:03:48 40392 ----a-w- C:\Windows\System32\drivers\GDBehave.sys
2011-04-19 02:03:34 57288 ----a-w- C:\Windows\System32\drivers\PktIcpt.sys
2011-04-19 02:03:17 85960 ----a-w- C:\Windows\System32\drivers\MiniIcpt.sys
2011-04-19 02:03:17 49096 ----a-w- C:\Windows\System32\drivers\HookCentre.sys
2011-04-19 02:03:16 48584 ----a-w- C:\Windows\System32\drivers\gdwfpcd64.sys
2011-04-19 02:02:18 15880 ----a-w- C:\Windows\SysWow64\lsdelete.exe
.
============= FINISH: 19:03:36.33 ===============
Any help would be much appreciated.
Thanks, Ian
-
Sorry, partial post. See later post with full details.
Thanks.
-
Hello,
I have constant out going requests from my laptop to China as reported by a registered version of Malwarebytes. See below:
03:32:10 xxxx IP-BLOCK 58.218.199.227 (Type: outgoing, Port: 137)
03:32:10 xxxx IP-BLOCK 58.218.199.227 (Type: outgoing, Port: 137)
03:32:10 xxxx IP-BLOCK 58.218.199.227 (Type: outgoing, Port: 137)
05:55:35 xxxx IP-BLOCK 221.192.199.49 (Type: outgoing, Port: 137)
05:55:35 xxxx IP-BLOCK 221.192.199.49 (Type: outgoing, Port: 137)
05:55:43 xxxx IP-BLOCK 221.192.199.49 (Type: outgoing, Port: 137)
07:32:53 xxxx IP-BLOCK 58.218.199.227 (Type: outgoing, Port: 137)
07:32:53 xxxx IP-BLOCK 58.218.199.227 (Type: outgoing, Port: 137)
07:33:01 xxxx IP-BLOCK 58.218.199.227 (Type: outgoing, Port: 137)
07:40:38 xxxx IP-BLOCK 58.218.199.250 (Type: outgoing, Port: 137)
07:40:38 xxxx IP-BLOCK 58.218.199.250 (Type: outgoing, Port: 137)
07:40:38 xxxx IP-BLOCK 58.218.199.250 (Type: outgoing, Port: 137)
09:15:29 xxxx IP-BLOCK 221.192.199.49 (Type: outgoing, Port: 137)
09:15:30 xxxx IP-BLOCK 221.192.199.49 (Type: outgoing, Port: 137)
09:15:30 xxxx IP-BLOCK 221.192.199.49 (Type: outgoing, Port: 137)
09:21:38 xxxx IP-BLOCK 58.218.199.250 (Type: outgoing, Port: 137)
09:21:46 xxxx IP-BLOCK 58.218.199.250 (Type: outgoing, Port: 137)
09:21:46 xxxx IP-BLOCK 58.218.199.250 (Type: outgoing, Port: 137)
10:36:54 xxxx MESSAGE Scheduled update executed successfully
10:37:27 xxxx MESSAGE IP Protection stopped
10:37:29 xxxx MESSAGE Database updated successfully
10:37:30 xxxx MESSAGE IP Protection started successfully
10:49:46 xxxx IP-BLOCK 58.218.199.147 (Type: outgoing, Port: 137)
10:49:46 xxxx IP-BLOCK 58.218.199.147 (Type: outgoing, Port: 137)
10:49:46 xxxx IP-BLOCK 58.218.199.147 (Type: outgoing, Port: 137)
13:24:05 xxxx MESSAGE IP Protection stopped
13:24:21 xxxx MESSAGE Database updated successfully
13:24:21 xxxx MESSAGE IP Protection started successfully
14:18:18 xxxx IP-BLOCK 221.192.199.49 (Type: outgoing, Port: 137)
14:18:18 xxxx IP-BLOCK 221.192.199.49 (Type: outgoing, Port: 137)
14:18:18 xxxx IP-BLOCK 221.192.199.49 (Type: outgoing, Port: 137)
14:39:48 xxxx IP-BLOCK 58.218.199.147 (Type: outgoing, Port: 137)
14:39:48 xxxx IP-BLOCK 58.218.199.147 (Type: outgoing, Port: 137)
14:39:48 xxxx IP-BLOCK 58.218.199.147 (Type: outgoing, Port: 137)
14:54:05 xxxx MESSAGE IP Protection stopped
14:54:07 xxxx MESSAGE Database updated successfully
14:54:08 xxxx MESSAGE IP Protection started successfully
15:12:21 xxxx MESSAGE Protection started successfully
15:12:25 xxxx MESSAGE IP Protection started successfully
15:42:52 xxxx MESSAGE Protection started successfully
15:42:57 xxxx MESSAGE IP Protection started successfully
15:59:25 xxxx IP-BLOCK 221.192.199.49 (Type: outgoing, Port: 137)
15:59:25 xxxx IP-BLOCK 221.192.199.49 (Type: outgoing, Port: 137)
15:59:25 xxxx IP-BLOCK 221.192.199.49 (Type: outgoing, Port: 137)
DDS.txt:
DDS (Ver_2011-07-14.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by Mead at 15:14:50 on 2011-07-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6125.3507 [GMT -4:00]
.
AV: Ad-Aware Total Security *Enabled/Updated* {54ACC2FC-837E-E665-7A92-5352D560D5EF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Ad-Aware Total Security *Enabled/Updated* {EFCD2318-A544-E9EB-4022-6820AEE79F52}
FW: Ad-Aware Personal Firewall *Enabled* {6C9743D9-C911-E73D-51CD-FA672BB39294}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtlX64.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Windows Home Server\esClient.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
C:\Program Files (x86)\Garmin\gStart.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\Windows Home Server\WHSTrayApp.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVKTray\AVKTray.exe
C:\Users\Mead\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\Firewall\GDFirewallTray.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvcx64.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\G Data\AVKProxy\AvkBap64.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Windows\System32\vds.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mWinlogon: Userinit = userinit.exe
BHO: Ad-Aware WebFilter: {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\WebFilter\AvkWebIE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - <orphaned>
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Ad-Aware WebFilter: {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\WebFilter\AvkWebIE.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
uRun: [gStart] C:\Program Files (x86)\Garmin\gStart.exe
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [G Data AntiVirus Tray Application] C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVKTray\AVKTray.exe
mRun: [GDFirewallTray] C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\Firewall\GDFirewallTray.exe
mRun: [sHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
mRun: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
StartupFolder: C:\Users\Mead\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Mead\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINDOW~1.LNK - C:\Windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{0949EF99-6D8E-4FAE-AD72-412D7877F507} : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{2374A6D6-AE42-4B6E-AA26-EBA3EF03E41F} : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{2374A6D6-AE42-4B6E-AA26-EBA3EF03E41F}\D464840284F4D454 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{2374A6D6-AE42-4B6E-AA26-EBA3EF03E41F}\D464840284F4D45402548545 : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Ad-Aware WebFilter: {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\Webfilter\AVKWebIEx64.dll
x64-BHO: BrowserHelper Class: {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Ad-Aware WebFilter: {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\Webfilter\AVKWebIEx64.dll
x64-TB: Home Server Banner: {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe
x64-Run: [intelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R?2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576]
R0 GDBehave;GDBehave;C:\Windows\System32\drivers\GDBehave.sys [2011-4-18 40392]
R1 GDMnIcpt;GDMnIcpt;C:\Windows\System32\drivers\MiniIcpt.sys [2011-4-18 85960]
R1 gdwfpcd;G DATA WFP CD;C:\Windows\System32\drivers\gdwfpcd64.sys [2011-4-18 48584]
R1 GRD;G Data Rootkit Detector Driver;C:\Windows\System32\drivers\GRD.sys [2011-4-18 106224]
R1 HookCentre;HookCentre;C:\Windows\System32\drivers\HookCentre.sys [2011-4-18 49096]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-1-10 231280]
R2 AVKProxy;Ad-Aware Total Security Proxy;C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2010-6-29 1081384]
R2 AVKService;Ad-Aware Scheduler;C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe [2010-6-29 412944]
R2 AVKWCtl;Ad-Aware Filesystem Monitor;C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtlX64.exe [2010-6-23 2170224]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 esClient;Windows Media Center Client Service;C:\Program Files\Windows Home Server\esClient.exe [2011-1-10 109936]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-9-19 13336]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-3-1 373640]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-9-17 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2011-4-19 72216]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-14 366640]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-3-14 47616]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-6-1 367456]
R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2011-4-17 14112]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2010-9-19 94208]
R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsne64.sys [2010-9-19 78848]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-6-12 259192]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2011-4-17 575856]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-4-17 836608]
R2 WHSConnector;Windows Home Server Connector Service;C:\Program Files\Windows Home Server\WHSConnector.exe [2011-1-10 489840]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872]
R3 BackupReader;BackupReader;C:\Windows\System32\drivers\BackupReader.sys [2011-1-10 53104]
R3 bpenum;bpenum;C:\Windows\System32\drivers\bpenum.sys [2010-5-16 71168]
R3 bpusb;bpusb;C:\Windows\System32\drivers\bpusb.sys [2010-5-16 81920]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2011-4-17 342056]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-4-17 39464]
R3 GDFwSvc;Ad-Aware Personal Firewall;C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvcx64.exe [2010-6-15 1954472]
R3 GDPkIcpt;GDPkIcpt;C:\Windows\System32\drivers\PktIcpt.sys [2011-4-18 57288]
R3 GDScan;Ad-Aware Scanner;C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [2010-6-29 624064]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-7-10 25912]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-5-31 7689216]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-4-27 83080]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-4-27 184968]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-9-19 86120]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-6-1 12032]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-4-24 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-4-24 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-4-24 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-4-24 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-6-12 44736]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);C:\Windows\System32\drivers\evsbc.sys [2011-5-10 32768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-17 136176]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2010-5-16 175104]
S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);C:\Windows\System32\drivers\evserial.sys [2011-5-10 67072]
S3 GDBackupSvc;Ad-Aware Backup Service;C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVKBackup\AVKBackupService.exe [2010-6-29 911976]
S3 GDTunerSvc;Ad-Aware Tuner Service;C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVKTuner\AVKTunerService.exe [2010-6-29 1234896]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-17 136176]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-9-19 158720]
S3 libusb0;LibUsb-Win32 - Kernel Driver 07/07/2009, 0.1.12.2;C:\Windows\System32\drivers\libusb0.sys [2009-7-7 32256]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-6-21 108400]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-6-18 423280]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-6-21 67952]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-6-7 304496]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-19 59392]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-6-9 537456]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-6-9 384880]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-6-9 101232]
S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2011-4-17 1250160]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-19 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-9-19 402720]
S4 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-6-17 851824]
.
=============== Created Last 30 ================
.
2011-07-16 16:39:09 1017208 ----a-w- C:\Windows\SysWow64\CLVSD.ax
2011-07-16 02:41:14 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2011-07-16 02:34:49 -------- d-----w- C:\ProgramData\PC Tools
2011-07-15 23:16:49 0 ----a-w- C:\Windows\SysWow64\sho38E2.tmp
2011-07-15 23:16:07 18816 ------w- C:\Windows\SysWow64\SAVRKBootTasks.sys
2011-07-15 17:35:15 -------- d-----w- C:\Program Files (x86)\Sophos
2011-07-15 17:24:14 -------- d-----w- C:\ProgramData\{F77EE8EF-305B-4394-A018-C1A57D2D66B5}
2011-07-15 17:24:07 -------- d-----w- C:\Users\Mead\AppData\Local\PackageAware
2011-07-15 16:44:05 0 ----a-w- C:\Windows\SysWow64\sho6F55.tmp
2011-07-15 16:23:43 0 ----a-w- C:\Windows\SysWow64\shoF17D.tmp
2011-07-15 16:18:47 -------- d-----w- C:\Program Files\Common Files\CANON
2011-07-15 16:17:16 -------- d-----w- C:\Program Files\Canon
2011-07-15 16:13:45 82944 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPP9N.DLL
2011-07-15 16:13:44 28160 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPD9N.DLL
2011-07-15 16:13:00 92672 ----a-w- C:\Windows\System32\CNC860I.DLL
2011-07-15 16:13:00 299520 ----a-w- C:\Windows\System32\CNC860L.DLL
2011-07-15 16:13:00 235008 ----a-w- C:\Windows\System32\CNC860O.DLL
2011-07-15 16:13:00 17920 ----a-w- C:\Windows\System32\CNHMCA6.DLL
2011-07-15 16:12:59 1342976 ----a-w- C:\Windows\System32\CNC860C.DLL
2011-07-15 16:10:02 152064 ----a-w- C:\Windows\System32\CNMN6UI.DLL
2011-07-15 16:10:01 251904 ----a-w- C:\Windows\System32\CNMN6PPM.DLL
2011-07-15 16:08:08 -------- d-----w- C:\Program Files (x86)\Canon
2011-07-15 06:43:06 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{14399C09-CAD1-4571-B57A-ECEDA5933CEF}\mpengine.dll
2011-07-13 19:09:00 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-13 19:09:00 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-11 00:37:55 -------- d-----w- C:\Users\Mead\AppData\Roaming\Malwarebytes
2011-07-11 00:37:34 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-11 00:37:32 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-11 00:37:28 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-11 00:37:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-06-28 18:41:01 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-06-28 18:41:01 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-06-28 18:41:01 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-06-28 18:41:01 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-06-28 18:41:01 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-06-16 20:28:23 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-16 20:28:22 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-06-16 20:28:22 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-16 20:28:22 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-06-16 20:28:22 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-06-16 20:28:19 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-06-16 20:28:19 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-06-16 20:28:19 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-06-16 20:28:19 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-06-16 20:28:19 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-06-16 20:28:18 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-06-16 20:28:17 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
.
==================== Find3M ====================
.
2011-06-24 02:18:17 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-24 23:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-04-28 03:55:08 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2011-04-28 03:54:56 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS
2011-04-23 01:29:25 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-04-23 01:19:19 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-04-22 23:35:56 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-04-22 23:25:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-04-20 03:08:38 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-04-20 03:08:37 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-04-19 21:11:47 106224 ----a-w- C:\Windows\SysWow64\drivers\GRD.sys
2011-04-19 02:25:50 106224 ----a-w- C:\Windows\System32\drivers\GRD.sys
2011-04-19 02:03:48 40392 ----a-w- C:\Windows\System32\drivers\GDBehave.sys
2011-04-19 02:03:34 57288 ----a-w- C:\Windows\System32\drivers\PktIcpt.sys
2011-04-19 02:03:17 85960 ----a-w- C:\Windows\System32\drivers\MiniIcpt.sys
2011-04-19 02:03:17 49096 ----a-w- C:\Windows\System32\drivers\HookCentre.sys
2011-04-19 02:03:16 48584 ----a-w- C:\Windows\System32\drivers\gdwfpcd64.sys
2011-04-19 02:02:18 15880 ----a-w- C:\Windows\SysWow64\lsdelete.exe
2011-04-18 03:03:30 2560 ----a-w- C:\Windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2011-04-18 03:03:27 25600 ----a-w- C:\Windows\SysWow64\drivers\en-US\bfe.dll.mui
2011-04-18 03:03:27 15360 ----a-w- C:\Windows\SysWow64\drivers\en-US\pacer.sys.mui
2011-04-18 03:03:20 2560 ----a-w- C:\Windows\SysWow64\drivers\en-US\scfilter.sys.mui
2011-04-18 03:03:19 5632 ----a-w- C:\Windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2011-04-18 03:03:14 44032 ----a-w- C:\Windows\SysWow64\drivers\en-US\tcpip.sys.mui
2011-04-18 02:42:21 411368 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-04-18 02:40:25 455680 ----a-w- C:\Windows\System32\deployJava1.dll
.
============= FINISH: 15:15:53.16 ===============
mban-log:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7163
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
7/16/2011 3:04:21 PM
mbam-log-2011-07-16 (15-04-21).txt
Scan type: Quick scan
Objects scanned: 170077
Time elapsed: 5 minute(s), 27 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Any help would be much appreciated.
Thanks, Ian
-
Hello,
I have constant out going requests from my laptop to China as reported by a registered version of Malwarebytes. See below:
Infected but can't detect, please help!
in Resolved Malware Removal Logs
Posted
Thank you for your help, with the help of support, this has been resolved.
Thanks, Ian