ryanc
-
Posts
1 -
Joined
-
Last visited
This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.
Pop Up saying potentially malacious website stopped
in Resolved Malware Removal Logs
Posted
Hello there,
I'm a newbie to the forum but have a problem and am hoping someone can help. Basically I downloaded some plugins for Mixcraft 5 and scanned them with Kraspersky 2011. It said they were fine so I installed them only to find they weren't fine and I had Suspicious and infected files now on my laptop. Downloaded Malwarebytes because Kraspersky was frankly doing nothing, and it got rid of 4 of them. After that I kept getting messages saying that it had stopped a potentially malacious website from accessing my laptop - "website: 121.10.137.43 (also the same again except 44 at the end and 83.128.88.141), Type: Incoming, Port: 33193, Process: utorrent.exe" (I have also had processes from svchost.exe and others). I then followed your "im infected - what do i do now" page. Having done everything successfully the GMER Rootkit Scanner came back saying something along the lines of "could not find any changes". As you can tell I am not an expert but the pop ups are still happening, and I have no idea what to do. I shall post everything I can into this post as requested, (although I did not save the scan results because I was a bit shocked that it had said nothing had changed. Really hope someone can help!!
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Ryan at 21:20:19 on 2011-08-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8106.6076 [GMT 1:00]
.
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Hotkey\Hotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Windows\SysWOW64\DVAPTray.exe
C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
C:\Program Files (x86)\Creative\USB Sound Blaster HD\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtblfs.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bbc.co.uk/news/
uDefault_Page_URL = hxxp://www.pcspecialist.co.uk/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DVAPTray] C:\Windows\System32\DVAPTray.exe
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun: [updReg] C:\Windows\UpdReg.EXE
mRun: [VolPanel] "C:\Program Files (x86)\Creative\USB Sound Blaster HD\Volume Panel\VolPanlu.exe" /r
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Hotkey.lnk - C:\Program Files (x86)\Hotkey\Hotkey.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B2F92892-BFCC-40E3-AAB4-87F244B53445} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B2F92892-BFCC-40E3-AAB4-87F244B53445}\05F475F425B43584F405 : DhcpNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll, C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
BHO-X64: link filter bho - No File
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [DVAPTray] C:\Windows\System32\DVAPTray.exe
mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun-x64: [updReg] C:\Windows\UpdReg.EXE
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\USB Sound Blaster HD\Volume Panel\VolPanlu.exe" /r
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll, C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [2010-5-7 344736]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-8-2 366640]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-4-8 2005608]
R2 PowerBiosServer;PowerBiosServer;C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [2011-1-27 33792]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-8 2656280]
R3 FFUsbAudio;Focusrite USB Audio Driver;C:\Windows\system32\DRIVERS\ffusbaudio.sys --> C:\Windows\system32\DRIVERS\ffusbaudio.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\system32\DRIVERS\JME.sys --> C:\Windows\system32\DRIVERS\JME.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-6-19 79360]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2011-6-19 79360]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 ksaud;Creative USB Audio Driver;C:\Windows\system32\drivers\ksaud.sys --> C:\Windows\system32\drivers\ksaud.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2011-08-02 20:14:32 0 ----a-w- C:\Windows\SysWow64\sho48C4.tmp
2011-08-02 18:13:25 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Malwarebytes
2011-08-02 18:13:19 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-02 18:13:19 -------- d-----w- C:\ProgramData\Malwarebytes
2011-08-02 18:13:16 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-02 18:13:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-08-02 14:49:51 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-08-02 14:49:51 32768 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-08-02 14:49:51 225280 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-08-02 14:49:51 176128 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-08-02 14:49:50 610436 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-08-02 14:13:35 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Waves
2011-08-02 14:13:34 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Waves Preferences
2011-08-02 14:12:21 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Waves Audio
2011-08-02 14:11:08 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-08-02 14:11:08 1060864 ----a-w- C:\Windows\SysWow64\MFC71.dll
2011-08-02 14:11:07 -------- d-----w- C:\Program Files (x86)\Waves
2011-08-02 11:20:07 8578896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FE416E00-C118-46B1-9D57-67B0DBA000BC}\mpengine.dll
2011-08-01 18:17:21 692575 ----a-w- C:\Program Files (x86)\Uninstall Information\{ABAF1232-6213-4062-9D52-04E04A730CEA}\unins000.exe
2011-08-01 11:47:24 710976 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-08-01 11:23:42 19000 ----a-w- C:\Windows\System32\nvnusbaudio_coinst.dll
2011-08-01 11:23:42 -------- d-----w- C:\Program Files\Focusrite
2011-07-27 15:52:17 -------- d-----w- C:\Users\Ryan\AppData\Roaming\REAPER
2011-07-27 13:13:25 0 ----a-w- C:\Windows\SysWow64\sho3572.tmp
2011-07-26 12:34:06 -------- d-----w- C:\Users\Ryan\AppData\Local\Adobe
2011-07-26 12:33:35 -------- d-----w- C:\Users\Ryan\AppData\Local\Google
2011-07-26 12:20:58 -------- d-----w- C:\Program Files (x86)\Focusrite Saffire
2011-07-26 12:18:43 50232 ----a-w- C:\Windows\System32\drivers\ffusbaudio.sys
2011-07-26 10:46:36 -------- d-----w- C:\Program Files\iPod
2011-07-26 10:46:35 -------- d-----w- C:\Program Files\iTunes
2011-07-26 10:46:35 -------- d-----w- C:\Program Files (x86)\iTunes
2011-07-26 10:44:09 -------- d-----w- C:\Program Files\Bonjour
2011-07-26 10:44:09 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-07-25 17:20:59 -------- d-----w- C:\Program Files (x86)\Acoustica Shared Effects
2011-07-21 01:54:14 0 ----a-w- C:\Windows\SysWow64\sho22E9.tmp
2011-07-19 13:48:44 1146984 ----a-w- C:\Windows\System32\RTSnMg64.cpl
2011-07-19 13:47:57 1251944 ------r- C:\Windows\RtlExUpd.dll
2011-07-19 13:47:54 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2011-07-19 12:05:05 90112 ------w- C:\Windows\Updreg.EXE
2011-07-19 12:04:55 25600 ------w- C:\Windows\System32\THXCfg64.dll
2011-07-19 12:04:55 141312 ------w- C:\Windows\System32\THXCfg64.exe
2011-07-19 12:04:55 11264 ------w- C:\Windows\SysWow64\ResDefA.exe
2011-07-19 12:03:13 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2011-07-19 11:57:09 0 ----a-w- C:\Windows\SysWow64\sho2E02.tmp
2011-07-18 21:56:54 0 ----a-w- C:\Windows\SysWow64\sho4100.tmp
2011-07-14 01:16:49 0 ----a-w- C:\Windows\SysWow64\sho6AB8.tmp
2011-07-14 01:14:48 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-07-13 11:40:56 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-07-12 10:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-07-12 10:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-07-12 10:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-07-12 10:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-07-12 10:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-07-12 10:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-07-12 10:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-07-12 10:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-07-10 13:03:14 -------- d-----w- C:\Users\Ryan\AppData\Local\WinZip
2011-07-09 00:39:53 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-07-09 00:39:53 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-07-09 00:39:53 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-07-09 00:39:52 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-07-09 00:39:52 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-07-08 22:25:02 -------- d-----w- C:\Program Files (x86)\Acoustica Beatcraft
2011-07-08 15:04:38 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Applied Acoustics Systems
2011-07-08 14:48:06 -------- d-----w- C:\Program Files (x86)\Pianissimo
2011-07-08 00:35:05 0 ----a-w- C:\Windows\SysWow64\sho5269.tmp
2011-07-07 18:34:53 -------- d-----w- C:\Program Files (x86)\VST
2011-07-07 18:20:45 -------- d-----w- C:\Program Files (x86)\Acoustica Mixcraft 5
2011-07-07 18:20:38 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-07-07 13:24:22 2301208 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-07-07 13:24:08 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-07-06 17:30:18 -------- d-----w- C:\Users\Ryan\AppData\Roaming\SynthMaker
2011-07-06 17:29:51 57344 ----a-w- C:\Windows\SysWow64\Wnaspint.dll
2011-07-06 17:29:51 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Acoustica
2011-07-06 17:28:42 -------- d-----w- C:\ProgramData\Acoustica
2011-07-04 15:17:05 516096 ----a-w- C:\Windows\SysWow64\MP4Splitter.ax
2011-07-04 15:17:04 8209408 ----a-w- C:\Windows\SysWow64\DVAP_M.exe
2011-07-04 15:17:04 192512 ----a-w- C:\Windows\SysWow64\DVAPTray.exe
2011-07-04 15:17:04 155648 ----a-w- C:\Windows\SysWow64\DVAPfg.exe
.
==================== Find3M ====================
.
2011-07-01 15:23:39 0 ----a-w- C:\Windows\SysWow64\sho2980.tmp
2011-06-21 14:12:53 0 ----a-w- C:\Windows\SysWow64\shoE1AB.tmp
2011-06-19 14:57:28 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-06-19 14:57:28 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-06-19 14:57:28 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-06-19 14:57:28 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-06-18 17:02:18 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-28 03:30:09 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 02:53:58 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-24 18:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-10 07:06:08 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2011-05-10 07:06:08 4517664 ----a-w- C:\Windows\System32\usbaaplrc.dll
.
============= FINISH: 21:20:59.39 ===============
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7357
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
02/08/2011 19:23:39
mbam-log-2011-08-02 (19-23-39).txt
Scan type: Quick scan
Objects scanned: 182087
Time elapsed: 3 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Ryan\AppData\Local\Temp\euvlp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Ryan\AppData\Local\Temp\gmlo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Ryan\AppData\Local\Temp\icmlo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Ryan\AppData\Local\Temp\rvlos.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7357
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
02/08/2011 20:23:00
mbam-log-2011-08-02 (20-23-00).txt
Scan type: Full scan (C:\|D:\|Q:\|)
Objects scanned: 290342
Time elapsed: 55 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
19:14:05 Ryan MESSAGE Protection started successfully
19:14:09 Ryan MESSAGE IP Protection started successfully
19:22:11 Ryan IP-BLOCK 222.70.101.239 (Type: incoming, Port: 33193, Process: utorrent.exe)
19:26:09 Ryan MESSAGE Protection started successfully
19:26:13 Ryan MESSAGE IP Protection started successfully
19:26:47 Ryan IP-BLOCK 212.117.167.73 (Type: outgoing, Port: 33193, Process: utorrent.exe)
19:27:11 Ryan IP-BLOCK 222.68.167.75 (Type: incoming, Port: 33193, Process: utorrent.exe)
19:27:11 Ryan IP-BLOCK 222.68.167.75 (Type: incoming, Port: 33193, Process: svchost.exe)
19:31:13 Ryan IP-BLOCK 79.135.149.100 (Type: incoming, Port: 33193, Process: utorrent.exe)
19:58:03 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: utorrent.exe)
20:04:08 Ryan IP-BLOCK 121.10.137.44 (Type: incoming, Port: 33193, Process: utorrent.exe)
20:04:08 Ryan IP-BLOCK 121.10.137.44 (Type: incoming, Port: 33193, Process: svchost.exe)
20:04:08 Ryan IP-BLOCK 121.10.137.44 (Type: incoming, Port: 33193, Process: utorrent.exe)
20:04:08 Ryan IP-BLOCK 121.10.137.44 (Type: incoming, Port: 33193, Process: svchost.exe)
20:16:32 Ryan IP-BLOCK 121.10.137.43 (Type: incoming, Port: 33193, Process: utorrent.exe)
20:16:32 Ryan IP-BLOCK 121.10.137.43 (Type: incoming, Port: 33193, Process: svchost.exe)
20:21:31 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: utorrent.exe)
20:21:31 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: svchost.exe)
20:21:31 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: svchost.exe)
20:21:31 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: utorrent.exe)
20:21:31 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: svchost.exe)
20:21:31 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: svchost.exe)
20:21:47 Ryan IP-BLOCK 89.28.14.76 (Type: incoming, Port: 33193, Process: utorrent.exe)
20:21:47 Ryan IP-BLOCK 89.28.14.76 (Type: incoming, Port: 33193, Process: svchost.exe)
20:21:47 Ryan IP-BLOCK 89.28.14.76 (Type: incoming, Port: 33193, Process: svchost.exe)
20:23:47 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: utorrent.exe)
20:23:47 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: svchost.exe)
20:24:27 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: utorrent.exe)
20:24:27 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: svchost.exe)
20:24:27 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: utorrent.exe)
20:24:27 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: svchost.exe)
20:29:16 Ryan IP-BLOCK 89.28.118.206 (Type: outgoing, Port: 33193, Process: utorrent.exe)
20:29:56 Ryan IP-BLOCK 222.68.167.75 (Type: outgoing, Port: 33193, Process: utorrent.exe)
20:34:01 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: utorrent.exe)
20:34:01 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: svchost.exe)
20:34:01 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: utorrent.exe)
20:34:01 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: svchost.exe)
20:34:18 Ryan IP-BLOCK 121.10.137.44 (Type: incoming, Port: 33193, Process: utorrent.exe)
20:34:18 Ryan IP-BLOCK 121.10.137.44 (Type: incoming, Port: 33193, Process: svchost.exe)
20:34:18 Ryan IP-BLOCK 121.10.137.44 (Type: incoming, Port: 33193, Process: utorrent.exe)
20:34:18 Ryan IP-BLOCK 121.10.137.44 (Type: incoming, Port: 33193, Process: svchost.exe)
20:35:06 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: utorrent.exe)
20:35:06 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: svchost.exe)
20:35:06 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: svchost.exe)
20:35:14 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: utorrent.exe)
20:35:14 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: svchost.exe)
20:35:14 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: svchost.exe)
20:38:24 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: utorrent.exe)
20:38:24 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: svchost.exe)
20:38:24 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: utorrent.exe)
20:38:24 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: svchost.exe)
20:40:50 Ryan IP-BLOCK 222.68.167.75 (Type: incoming, Port: 33193, Process: utorrent.exe)
20:40:50 Ryan IP-BLOCK 222.68.167.75 (Type: incoming, Port: 33193, Process: svchost.exe)
20:41:38 Ryan IP-BLOCK 83.128.82.193 (Type: incoming, Port: 33193, Process: utorrent.exe)
20:41:38 Ryan IP-BLOCK 83.128.82.193 (Type: incoming, Port: 33193, Process: svchost.exe)
20:46:17 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: utorrent.exe)
20:46:17 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: svchost.exe)
20:46:57 Ryan IP-BLOCK 121.10.137.43 (Type: incoming, Port: 33193, Process: utorrent.exe)
20:46:58 Ryan IP-BLOCK 121.10.137.43 (Type: incoming, Port: 33193, Process: svchost.exe)
20:46:58 Ryan IP-BLOCK 121.10.137.43 (Type: incoming, Port: 33193, Process: utorrent.exe)
20:46:58 Ryan IP-BLOCK 121.10.137.43 (Type: incoming, Port: 33193, Process: svchost.exe)
20:47:06 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: utorrent.exe)
20:47:06 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: svchost.exe)
20:47:06 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: utorrent.exe)
20:47:06 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: svchost.exe)
20:50:10 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: svchost.exe)
20:50:10 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: svchost.exe)
20:50:52 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: svchost.exe)
20:50:52 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: svchost.exe)
20:50:52 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: svchost.exe)
20:50:52 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: svchost.exe)
20:53:06 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: svchost.exe)
20:53:06 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: svchost.exe)
21:04:28 Ryan IP-BLOCK 121.10.137.44 (Type: incoming, Port: 33193, Process: svchost.exe)
21:04:28 Ryan IP-BLOCK 121.10.137.44 (Type: incoming, Port: 33193, Process: svchost.exe)
21:04:28 Ryan IP-BLOCK 121.10.137.44 (Type: incoming, Port: 33193, Process: svchost.exe)
21:04:28 Ryan IP-BLOCK 121.10.137.44 (Type: incoming, Port: 33193, Process: svchost.exe)
21:05:17 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: svchost.exe)
21:05:17 Ryan IP-BLOCK 222.71.19.111 (Type: incoming, Port: 33193, Process: svchost.exe)
21:18:15 Ryan MESSAGE Protection started successfully
21:18:18 Ryan MESSAGE IP Protection started successfully
21:32:13 Ryan IP-BLOCK 58.241.55.100 (Type: outgoing, Port: 33193, Process: utorrent.exe)
21:32:30 Ryan IP-BLOCK 89.28.51.143 (Type: outgoing, Port: 33193, Process: utorrent.exe)
21:34:30 Ryan IP-BLOCK 121.10.137.44 (Type: incoming, Port: 33193, Process: utorrent.exe)
22:02:32 Ryan IP-BLOCK 222.68.167.75 (Type: outgoing, Port: 33193, Process: utorrent.exe)
22:04:00 Ryan IP-BLOCK 83.128.88.141 (Type: incoming, Port: 33193, Process: utorrent.exe)
22:04:00 Ryan IP-BLOCK 83.128.88.141 (Type: incoming, Port: 33193, Process: svchost.exe)
22:04:40 Ryan IP-BLOCK 121.10.137.44 (Type: incoming, Port: 33193, Process: utorrent.exe)
22:04:40 Ryan IP-BLOCK 121.10.137.44 (Type: incoming, Port: 33193, Process: svchost.exe)
22:04:40 Ryan IP-BLOCK 121.10.137.44 (Type: incoming, Port: 33193, Process: utorrent.exe)
22:04:40 Ryan IP-BLOCK 121.10.137.44 (Type: incoming, Port: 33193, Process: svchost.exe)
22:09:29 Ryan IP-BLOCK 91.188.57.67 (Type: incoming, Port: 33193, Process: utorrent.exe)