Jump to content

Search the Community

Showing results for tags 'outgoing'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. I'm getting this message every 2 minutes. I tried running a scan, but nothing comes up. What should my next steps be? Here's the log file information: -Log Details- Protection Event Date: 10/17/20 Protection Event Time: 9:01 AM Log File: d5719e54-1078-11eb-b9ec-b42e99a94455.json -Software Information- Version: 4.2.1.89 Components Version: 1.0.1061 Update Package Version: 1.0.31506 License: Premium -System Information- OS: Windows 10 (Build 18362.1139) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Trojan Domain: IP Address: 169.254.169.254 Port: 80 Type: Outbound File: C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe (end)
  2. Tonight, I started getting a constant (every few seconds) Malwarebytes pop-up telling me that Malwarebytes has blocked c7e935.netlify.com. I have cleared the cache and cookies, but that did not help at all. It is happening with Chrome. I have run the Farbar Recovery Scan Tool and have searched the computer as well as the registry, but Farbar has found nothing. In the time it has taken me to type these three sentences, I have had to close 7 pop-ups telling me that Malwarebytes has blocked this c7e935.netlify.com in Chrome. Has anyone else encountered this c7e935.netlify.com pop-up? Attached is a screenshot of the annoying pop-up. (Yes, I know I can exclude the annoying c7e935.netlify.com pop-up, but since I have no idea what this URL is attempting to do, I certainly do not want to allow it to connect.) Any help or advice would be greatly appreciated. Thank you.
  3. Since 9/28/17, I have periodically getting reports that MW has blocked a malicious outgoing website. FRST.txt Addition.txt MWB Rep 11262017_1.txt MWB Rep 11262017_2.txt MWB Rep 11262017_3.txt
  4. So, I recently updated my Malwarebytes to the newest version and it gave me another free trial. With the new trial, I immediately started getting notifications of a specific IP address and subnet of my ISP provider blocked. I tracked it to Boulder Colorado, if that helps. The reports an near constant, all outgoing, usually 8-reports a minute. Near every time, the svchost.exe is the executable at "fault". Only when I open up Chrome or Firefox do those come up. I went through every similar instance on the forums, and I've ran 90% of tools suggested and they always come up negative. Before I just create an exclusion for this possible false positive, I wanted to get a professional opinion Addition.txt FRST.txt Threat_Scan_Report.txt
  5. I'm have noticed in the last day or so that MB is blocking access to ipecho.net. The log follows: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 5/2/17 Protection Event Time: 2:18 PM Logfile: Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.103 Update Package Version: 1.0.1853 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Domain: ipecho.net IP Address: 5.12.153.81 Port: [64499] Type: Outbound File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (end) I've done some research on ipecho.net and cannot get a clear sense as to why it is being blocked.
  6. Hello, I'm not sure yet if this is anything to be concerned about. I've tried to write a full explanation, but I've put my main questions in bullets near the bottom. I'm running Windows 10, and I am very careful about what goes onto this machine, and what websites I visit. I'm running both Panda antivirus and Malwarebytes. Last night I shut down my machine. This morning I started it up again, and initiated Firefox. Firefox opened to the Google home page, and right away, I pressed CTRL+T to open up a new tab. I'm not sure exactly the timing here, but as I was opening up the two websites I normally start off running (Trello and LastPass, both reputable), a green message popped up, stating that an outgoing connection was blocked. Unfortunately, I closed down Firefox right away, without doing any further forensics. The reason why I say it is unfortunate is I'm not sure what other pages were loading at the time (for example, sometimes Firefox sometimes loads pages that you had open when you shut it down last time, if the shutdown wasn't perfect). Afterwards, I did check Firefox's history but didn't find any visits to any unexpected sites. I should note that while I was loading up my pages, Firefox itself was still loading (i.e., still in its "slow" stage). Also, I was opening up new tabs at the time, an action which previews a number of websites in the new tab (I'm not sure if it actually tries to contact them). I immediately checked the Malwarebytes logs, and found the related entry, which I've pasted below. There were actually three very similar entries (including this one) all with the same timestamp, to the minute. I then ran a full scan using both Panda and Malwarebytes, neither of which found any threats. I've also restarted the computer multiple times, and haven't been able to replicate the issue. I suppose the questions I have is: I know that the site that was blocked was not a false positive. I'm primarily concerned about why my computer tried to connect to it. Given the story I outlined above, is there any serious risk that I am infected with something? or is it possible, or more likely that this was some artifact of my restarting, or Firefox previewing a site? I'm not sure sure at all how common it is for occasional random outgoing connections to get blocked while surfing the web. It hasn't really happened to me. { "applicationVersion" : "3.0.6.1469", "clientID" : "", "clientType" : "other", "componentsUpdatePackageVersion" : "1.0.75", "cpu" : "x64", "dbSDKUpdatePackageVersion" : "1.0.1635", "detectionDateTime" : "2017-03-31T17:16:10Z", "fileSystem" : "NTFS", "id" : "[removed]", "isUserAdmin" : true, "licenseState" : "licensed", "linkagePhaseComplete" : false, "loggedOnUserName" : "System", "machineID" : "", "os" : "Windows 10", "schemaVersion" : 2, "sourceDetails" : { "type" : "mwac" }, "threats" : [ { "linkedTraces" : [ ], "mainTrace" : { "cleanAction" : "block", "cleanResult" : "successful", "cleanResultErrorCode" : 0, "cleanTime" : "", "generatedByPostCleanupAction" : false, "id" : "bc78a64b-1635-11e7-95f3-346895ee6e38", "linkType" : "none", "objectMD5" : "", "objectPath" : "", "objectSha256" : "", "objectType" : "website", "websiteData" : { "ip" : "104.28.16.78", "isInbound" : false, "port" : 50878, "processPath" : "C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe", "url" : "winwiki.org" } }, "ruleID" : -1, "rulesVersion" : "0.0.0", "threatID" : -1, "threatName" : "" } ], "threatsDetected" : 1 }
  7. Good evening everyone, I recently downloaded Malwarebytes after some suspicious activity was happening on my PC. I ran a scan, and found a keylogger and another piece of malicious software that was quickly removed. The scan report is titled FIRSTSCAN in the attached files. I am now getting consistent reports from Malwarebytes stating this: (file titled REPORT below.) These are popping up about every 30 seconds or so with no browser windows open, which leads me to believe that my system is still infected. I have also attached an FRST report and the ADDITION files to this post as well. Please let me know what steps I can take on my end to rectify this problem. Thanks! TheParagonian FIRSTSCAN.txt Report.txt FRST.txt Addition.txt
  8. Hi all, I'm currently using Malwarebytes 3.0 premium trial and for the past few days I've been getting a notification each time I boot up my PC and launch Chrome saying an outgoing connection (usually to bleutrack.com) was blocked. I've sent a support ticket and have been in contact with them for a few days and they told me to scan using FRST, adwcleaner, JRT, HitmanPro, adware removal tool by TSA, and several other programs, but I still haven't been able to find anything. What can I do now?
  9. As I was playing CS GO I got a pop up on my pc saying it blocked a malicious website. It was an outgoing IP address. Here is my report. Any reason why this happens, what does it mean? Malwarebytes Anti-Malwarewww.malwarebytes.org Detection, 12/26/2015 9:08 PM, SYSTEM, DESKTOP-PES0UHE, Protection, Malicious Website Protection, IP, 108.61.221.194, 57915, Outbound, C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe, Detection, 12/26/2015 9:08 PM, SYSTEM, DESKTOP-PES0UHE, Protection, Malicious Website Protection, IP, 108.61.221.194, 57915, Outbound, C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe, Detection, 12/26/2015 9:08 PM, SYSTEM, DESKTOP-PES0UHE, Protection, Malicious Website Protection, IP, 108.61.221.194, 57915, Outbound, C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe, Detection, 12/26/2015 9:08 PM, SYSTEM, DESKTOP-PES0UHE, Protection, Malicious Website Protection, IP, 108.61.221.194, 57915, Outbound, C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe, Scan, 12/26/2015 9:13 PM, SYSTEM, DESKTOP-PES0UHE, Manual, Start:12/26/2015 9:09 PM, Duration:4 min 35 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, (end)
  10. While simply using my computer like always, watching YouTube videos, Malwarebytes notified me that it blocked an outgoing IP from svchost.exe which seems to me only malware would cause that and the IP that it was attempting to contact was in the Netherlands and clearly marked as malicious by Malwarebytes, I've attached the photos of both Malwarebytes notifying me and of Rkill supposedly fixing something with svchost.exe as well as the malwarebytes hyperscan log, what are you guy's thoughts on this? Malware or no? Log: Malwarebytes Anti-Malwarewww.malwarebytes.org Detection, 11/8/2015 4:07 PM, SYSTEM, HEXXIUMYT-PC, Protection, Malicious Website Protection, IP, 94.102.52.166, 49489, Outbound, C:\Windows\System32\svchost.exe, Detection, 11/8/2015 4:07 PM, SYSTEM, HEXXIUMYT-PC, Protection, Malicious Website Protection, IP, 94.102.52.166, 49489, Outbound, C:\Windows\System32\svchost.exe, Update, 11/8/2015 4:07 PM, SYSTEM, HEXXIUMYT-PC, Manual, Remediation Database, 2015.11.4.1, 2015.11.8.2, Update, 11/8/2015 4:08 PM, SYSTEM, HEXXIUMYT-PC, Manual, Malware Database, 2015.11.7.6, 2015.11.8.5, Protection, 11/8/2015 4:08 PM, SYSTEM, HEXXIUMYT-PC, Protection, Refresh, Starting, Protection, 11/8/2015 4:08 PM, SYSTEM, HEXXIUMYT-PC, Protection, Malicious Website Protection, Stopping, Protection, 11/8/2015 4:08 PM, SYSTEM, HEXXIUMYT-PC, Protection, Malicious Website Protection, Stopped, Protection, 11/8/2015 4:08 PM, SYSTEM, HEXXIUMYT-PC, Protection, Refresh, Success, Protection, 11/8/2015 4:08 PM, SYSTEM, HEXXIUMYT-PC, Protection, Malicious Website Protection, Starting, Protection, 11/8/2015 4:08 PM, SYSTEM, HEXXIUMYT-PC, Protection, Malicious Website Protection, Started, Scan, 11/8/2015 4:10 PM, SYSTEM, HEXXIUMYT-PC, Manual, Start:11/8/2015 4:08 PM, Duration:2 min 12 sec, Hyper Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections
  11. Hello, I'm new to this forum so I hope posted this the right place. When I open Steam, MalwareBytes block the IP: 141.105.64.46 I've already scanned with Malwarebytes, Malwarebytes Anti-Rootkit. Hitman Pro, Avast, AVG, McAfee and Roguekiller. They all found nothing. Since it's Steam trying to connect, I guess it's just a false positive?
  12. Hello! I've gone and followed this guide here: https://forums.malwarebytes.org/index.php?/topic/119858-available-assistance-for-possibly-infected-computers/ Like the title says, i'm getting annoying pop-op messages about outgoing and ingoing IP's getting blocked. It's mostly the same IP's. I've tried to track down the location of the IP's, and i've tracked one down to Egypt in Africa.... I have no idea what info it wants to send over there. If someone could help me getting rid of these pop-ups or something, then i would be very thankful. OS: Windows 8.1 Addition.txt FRST.txt
  13. Hi All, I am having the exact same problem as reported by @aimbot https://forums.malwarebytes.org/index.php?/topic/152494-blocked-outgoing-malicious-website/. I also am have Malwarebyes Anti-Malware Premium. I have run the MBAM scan a couple time but I still have the blocked message coming up. I have downloaded and ran aswMBR. Here is the log file that it produced: aswMBR version 1.0.1.2041 Copyright© 2014 AVAST SoftwareRun date: 2014-07-15 20:31:13-----------------------------20:31:13.671 OS Version: Windows x64 6.1.7601 Service Pack 120:31:13.671 Number of processors: 2 586 0x2A0720:31:13.672 ComputerName: GW-LAPTOP UserName: Scott20:31:14.789 Initialize success20:31:14.857 VM: initialized successfully20:31:14.859 VM: Intel CPU virtualization not supported 20:44:25.275 AVAST engine defs: 1407150120:46:21.285 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-120:46:21.287 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 320:46:21.424 Disk 0 MBR read successfully20:46:21.426 Disk 0 MBR scan20:46:21.431 Disk 0 Windows 7 default MBR code20:46:21.447 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 18432 MB offset 204820:46:21.467 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 3775078420:46:21.470 Disk 0 Boot: NTFS code=120:46:21.479 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 286711 MB offset 3795558420:46:21.513 Disk 0 scanning C:\Windows\system32\drivers20:46:29.770 Service scanning20:46:56.577 Modules scanning20:46:56.585 Disk 0 trace - called modules:20:46:56.611 ntoskrnl.exe CLASSPNP.SYS disk.sys Sahdad64.sys iaStor.sys 20:46:56.615 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004f27060]20:46:56.619 3 CLASSPNP.SYS[fffff88001d1b43f] -> nt!IofCallDriver -> [0xfffffa8004f26720]20:46:56.623 5 Sahdad64.sys[fffff880019cdfca] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004ae3050]20:46:57.762 AVAST engine scan C:\Windows20:46:59.828 AVAST engine scan C:\Windows\system3220:49:57.658 AVAST engine scan C:\Windows\system32\drivers20:50:35.933 AVAST engine scan C:\Users\Scott20:57:49.558 AVAST engine scan C:\ProgramData21:00:47.598 Scan finished successfully21:01:13.116 Disk 0 MBR has been saved successfully to "C:\Users\Scott\Desktop\MBR.dat"21:01:13.120 The log file has been saved successfully to "C:\Users\Scott\Desktop\aswMBR.txt"
  14. I have not been able to remove a popup warning that continuously pops up intermittently every few minutes or so, and sometime more frequently, as a Malwarebytes Anti-Malware blocked access to a outgoing connection to the website < 217.23.3200 > attempt notification on the taskbar that only gives me the ability to quickly hover over view and/or close the notice which references svchost.exe as the process attempting to access an external website . . 217.23.3.200. So far every blocked attempt is made via a different seemingly random outgoing port in the 50000 to 53999 range. the actual Notice text is provided here below ! Malwarebytes Anti-Malware "Successfully blocked access to a potentially malicious" Website: 217.23.3200" Type: Outgoing "Port 50258 Process: svchost.exe" I have Malwarebytes Anti-Malware Pro and MS Security Essentials installed on my Desktop computer which is running Windows 7 Home Premium and my browser is Chrome I saw a similar post were your support team requested the DDS and Attach text files. So they are included and attached herewith. Your help in tackling this problem is requested and would be very much appreciated! Dave @ VTCMP 8/10/2014 01:05 AM attach.txt dds.txt
  15. I woke up at 3AM a few nights ago to my computer randomly playing various talking, music, ads... and no applications open. MWB had found 2 viruses and so I thought everything would be fixed. The next morning MWB I started outgoing IP-BLOCK on various ports for svchost.exe about every 2 minutes and the sounds were back. I followed several forums here and tried recommended RogueKillerX64. It found stopped 2 svchost.exe instances but the sounds and IP blocks came back again. I also tried MWAR because it was mentioned in one forum but it did not find anything. Any help / advise would be greatly appreciated.
  16. Hi team, I have posted previously and with your help successfully cleared my laptop of malware. Hoping we can do that again. I haven't downloaded anything new recently but suspect the issue may be related to a recent attempt at updating utorrent. Malwarebytes Anti-Malware sits in my notification center and constantly pops up. The website it blocks changes each time, one of them is 58.241.134.146. Type: outgoing. Port: 12527 (which is always the same). Process: utorrent.exe. I have follow this https://forums.malwarebytes.org/index.php?showtopic=9573 and here is dds.txt and attach.txt . Hope someone will be able to help me out.
  17. Hi, Since yesterday, I'm getting occasional messages from MBAM Pro about a blocked outgoing connection showing the same IP address 195.59.55.138 with different port numbers! I scanned my system by Avast Free and MBAM Pro but both of them said that my system is clean. I also used CCleaner to clean junk files. But tonight, I got the same message. Does anyone know what it is and why I get this message constantly? Here is the log: 2013/10/06 21:28:09 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 63554, Process: avastsvc.exe)2013/10/06 21:28:09 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 63555, Process: avastsvc.exe)2013/10/06 21:28:09 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 63559, Process: avastsvc.exe)2013/10/06 21:28:09 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 63560, Process: avastsvc.exe)2013/10/06 21:28:09 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 63562, Process: avastsvc.exe)2013/10/06 21:28:09 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 63563, Process: avastsvc.exe)2013/10/06 21:28:09 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 63565, Process: avastsvc.exe)2013/10/06 21:28:09 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 63566, Process: avastsvc.exe)2013/10/06 21:28:09 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 63568, Process: avastsvc.exe)2013/10/06 21:28:09 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 63569, Process: avastsvc.exe)2013/10/06 21:28:09 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 63571, Process: avastsvc.exe)2013/10/06 21:28:09 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 63572, Process: avastsvc.exe)2013/10/06 21:28:09 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 63576, Process: avastsvc.exe)2013/10/06 21:28:09 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 63577, Process: avastsvc.exe)2013/10/06 21:29:06 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64060, Process: avastsvc.exe)2013/10/06 21:29:06 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64063, Process: avastsvc.exe)2013/10/06 21:29:06 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64067, Process: avastsvc.exe)2013/10/06 21:29:06 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64068, Process: avastsvc.exe)2013/10/06 21:29:06 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64070, Process: avastsvc.exe)2013/10/06 21:29:06 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64071, Process: avastsvc.exe)2013/10/06 21:29:06 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64073, Process: avastsvc.exe)2013/10/06 21:29:06 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64074, Process: avastsvc.exe)2013/10/06 21:29:06 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64076, Process: avastsvc.exe)2013/10/06 21:29:06 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64077, Process: avastsvc.exe)2013/10/06 21:29:06 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64079, Process: avastsvc.exe)2013/10/06 21:29:06 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64080, Process: avastsvc.exe)2013/10/06 21:29:06 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64082, Process: avastsvc.exe)2013/10/06 21:29:06 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64083, Process: avastsvc.exe)2013/10/06 21:34:11 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64541, Process: avastsvc.exe)2013/10/06 21:34:11 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64542, Process: avastsvc.exe)2013/10/06 21:34:11 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64544, Process: avastsvc.exe)2013/10/06 21:34:11 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64545, Process: avastsvc.exe)2013/10/06 21:34:11 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64547, Process: avastsvc.exe)2013/10/06 21:34:11 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64548, Process: avastsvc.exe)2013/10/06 21:34:11 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64550, Process: avastsvc.exe)2013/10/06 21:34:11 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64551, Process: avastsvc.exe)2013/10/06 21:34:11 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64553, Process: avastsvc.exe)2013/10/06 21:34:11 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64554, Process: avastsvc.exe)2013/10/06 21:34:11 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64556, Process: avastsvc.exe)2013/10/06 21:34:11 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64557, Process: avastsvc.exe)2013/10/06 21:34:11 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64559, Process: avastsvc.exe)2013/10/06 21:34:11 IP-BLOCK 195.59.55.138 (Type: outgoing, Port: 64560, Process: avastsvc.exe)
  18. Hello MBAM keeps saying website block. website is:46.249.61.94 Type outgoing, Port=47000+. This keep going on every 3 mins . DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 1.6.0_39 Run by THMark at 21:01:33 on 2013-06-11 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8191.5609 [GMT -7:00] . AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\taskhost.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe C:\ASUS.SYS\config\DVMExportService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation E:\ARRRGHHH!!\HiPatchService.exe C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Steam 2\Steam.exe C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\sppsvc.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\wbem\wmiprvse.exe \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mWinlogon: Userinit = userinit.exe, BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\IPS\IPSBHO.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\THMark\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [steam] "C:\Program Files (x86)\Steam 2\Steam.exe" -silent uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [AdobeBridge] <no file> mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: Download all by FlashGet3 - C:\Users\THMark\AppData\Roaming\FlashGetBHO\GetAllUrl.htm IE: Download by FlashGet3 - C:\Users\THMark\AppData\Roaming\FlashGetBHO\GetUrl.htm IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.80.2.cab DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab TCP: NameServer = 192.168.0.1 TCP: Interfaces\{3FD03C73-2DA3-4BF2-BBC3-35FA76540AB3} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{6270270B-9F29-4756-B371-C7BDBA678C86} : DHCPNameServer = 192.168.1.133 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Notify: SEP - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\THMark\AppData\Roaming\Mozilla\Firefox\Profiles\0qllv7u0.default\ FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon) FF - prefs.js: browser.startup.homepage - google.com FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npdf.dll FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitroie.dll FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - plugin: G:\New folder\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113933&tt=120812_bandext_3212_1 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q= FF - user.js: extensions.BabylonToolbar.id - 1e666e7c00000000000002004c4f4f50 FF - user.js: extensions.BabylonToolbar.instlDay - 15564 FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6 FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.615:48:43 FF - user.js: extensions.BabylonToolbar.prtnrId - babylon FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar.tlbrId - base FF - user.js: extensions.BabylonToolbar.instlRef - sst FF - user.js: extensions.BabylonToolbar.dfltLng - en FF - user.js: extensions.BabylonToolbar.excTlbr - false FF - user.js: extensions.BabylonToolbar.admin - false . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\SymDS64.sys [2011-7-16 451192] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\SymEFA64.sys [2011-8-27 931448] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20130521.011\BHDrvx64.sys [2013-5-28 1390680] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-2-13 283200] R1 IDSVia64;IDSVia64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20130611.001\IDSviA64.sys [2013-6-11 513184] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\Ironx64.sys [2011-9-13 171128] R1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\symnets.sys [2011-9-8 386168] R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-7-10 75144] R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-7-10 385416] R2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-10-16 319488] R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;E:\ARRRGHHH!!\HiPatchService.exe [2013-4-4 9216] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-23 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-23 701512] R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2012-10-30 230416] R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE XE [?] R2 OracleXETNSListener;OracleXETNSListener;C:\oraclexe\app\oracle\product\11.2.0\server\bin\TNSLSNR.EXE [2011-8-27 512000] R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-8-12 87040] R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [2011-9-20 137224] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-5-14 3289208] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264] R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-4-10 3560288] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-15 138912] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-7-24 25928] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-4-27 83080] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-4-27 184968] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2012-7-10 397704] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168] S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736] S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928] S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-11 19456] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-11 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-3-11 30208] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-25 1255736] S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe XE --> c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe XE [?] . =============== Created Last 30 ================ . 2013-06-12 03:57:11 -------- d-----w- C:\Users\THMark\AppData\Local\{358D293F-3171-4A14-B3B9-D42F32B68222} 2013-06-11 16:31:01 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BE81F950-7FAF-4341-A8D7-685562AEAE08}\mpengine.dll 2013-06-10 03:43:14 -------- d-----w- C:\Users\THMark\AppData\Local\Warframe 2013-06-09 03:39:35 -------- d-----w- C:\Users\THMark\AppData\Local\FreeOCR 2013-06-09 03:35:03 -------- d-----w- C:\Users\THMark\AppData\Local\assembly 2013-06-09 03:34:45 2680320 ----a-w- C:\Windows\SysWow64\ImageEnXLibrary.ocx 2013-06-09 03:34:43 -------- d-----w- C:\FreeOCR 2013-06-09 03:32:52 -------- d-----w- C:\Program Files (x86)\Temp 2013-06-05 15:42:55 -------- d-----w- C:\Users\THMark\AppData\Local\{19AE5637-162C-43D7-AF94-C748693EB32F} 2013-06-05 10:01:47 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-06-05 01:20:51 262552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\browser\components\browsercomps.dll 2013-06-03 03:04:52 -------- d-----w- C:\Users\THMark\AppData\Local\{9AD8D4DB-F944-4F62-9B43-2EC362AD5D4D} 2013-05-17 18:21:04 -------- d-----w- C:\ProgramData\boost_interprocess 2013-05-16 14:49:42 -------- d-----w- C:\Users\THMark\AppData\Local\{BA883505-911C-4F42-9431-2A3785952414} 2013-05-15 22:59:18 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-05-15 22:59:18 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-05-15 22:59:18 144384 ----a-w- C:\Windows\System32\cdd.dll 2013-05-15 22:59:06 1930752 ----a-w- C:\Windows\System32\authui.dll 2013-05-15 22:59:05 70144 ----a-w- C:\Windows\System32\appinfo.dll 2013-05-15 22:59:05 1796096 ----a-w- C:\Windows\SysWow64\authui.dll 2013-05-15 22:59:05 111448 ----a-w- C:\Windows\System32\consent.exe 2013-05-15 22:58:53 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll 2013-05-15 22:58:53 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-05-15 22:58:53 230400 ----a-w- C:\Windows\System32\wwansvc.dll 2013-05-14 20:31:10 6128760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll 2013-05-14 20:31:10 6128760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll . ==================== Find3M ==================== . 2013-06-05 10:01:47 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-05-14 19:07:11 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-14 19:07:11 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-05-02 09:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-04-24 07:26:43 281120 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2013-04-24 07:26:43 281120 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2013-04-24 06:55:12 281120 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-07 16:02:04 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2013-04-04 21:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll 2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe . ============= FINISH: 21:03:11.27 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 7/24/2011 11:37:40 PM System Uptime: 6/11/2013 8:53:49 PM (1 hours ago) . Motherboard: ASUSTeK Computer INC. | | M4A88TD-M/USB3 Processor: AMD Phenom II X6 1090T Processor | AM3 | 3200/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 131 GiB total, 32.867 GiB free. D: is FIXED (NTFS) - 50 GiB total, 8.669 GiB free. E: is FIXED (NTFS) - 200 GiB total, 46.234 GiB free. G: is FIXED (NTFS) - 150 GiB total, 76.511 GiB free. H: is FIXED (NTFS) - 100 GiB total, 24.039 GiB free. I: is CDROM () J: is CDROM (CDFS) Z: is FIXED (NTFS) - 600 GiB total, 254.088 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Acronis Disk Director Suite Adobe AIR Adobe Download Assistant Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop CS6 Adobe Reader X (10.1.7) Adobe Shockwave Player 11.6 AhnLab Online Security Amazon Kindle Apple Application Support Apple Mobile Device Support Apple Software Update ArtMoney SE v7.37.2 ASPCA Reminder by We-Care.com v4.0.19.1 Audacity 2.0 AVS Document Converter 2.0.1 AVS Ringtone Maker version 1.6 AVS Update Manager 1.0 AVS4YOU Software Navigator 1.4 black-ops.themepack BlueStacks Bonjour Champions Online: Free For All Cheat Engine 6.1 Core Temp version 0.99.8 D3DX10 DAEMON Tools Lite Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition Express Gate FIFA 12 © EA version 1 FlashGet 3.7 Galactic Magnate v1.2 GameMaker 8.1 Ghost Recon Online (NCSA-Live) Google Talk Plugin Google Toolbar for Internet Explorer Google Update Helper Guild Wars 2 Happy Cloud Client Heroes of Newerth Hex Workshop v6.6 Hi-Rez Studios Authenticate and Update Service Homefront HTC BMP USB Driver HTC Driver Installer HTC Sync HydraIRC iCloud InstaCodecs iTunes J2SE Runtime Environment 5.0 Update 17 Java Auto Updater Java 6 Update 39 K-Lite Codec Pack 7.8.0 (Full) Kabod League of Legends MahjongWorld (uninstall only) Major League Baseball 2K12 Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 1.1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Application Error Reporting Microsoft Expression Blend 3 SDK Microsoft Expression Blend 4 Microsoft Expression Blend SDK for .NET 4 Microsoft Expression Blend SDK for Silverlight 4 Microsoft Expression Design 4 Microsoft Expression Encoder 4 Microsoft Expression Encoder 4 Screen Capture Codec Microsoft Expression Studio 4 Microsoft Expression Web 4 Microsoft Expression Web 4 Service Pack 2 Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Office 2010 Language Pack Service Pack 1 (SP1) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 32-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Project MUI (English) 2010 Microsoft Office Project Professional 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 32-bit MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Visio 2010 Microsoft Office Visio MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Project 2010 Service Pack 1 (SP1) Microsoft Project Professional 2010 Microsoft Silverlight Microsoft Silverlight 3 SDK Microsoft Silverlight 4 SDK Microsoft Visio 2010 Service Pack 1 (SP1) Microsoft Visio Premium 2010 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Xbox 360 Accessories 1.2 Microsoft_VC80_CRT_x86 Microsoft_VC90_CRT_x86 mIRC Mozilla Firefox 20.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB2758694) MSXML 4.0 SP3 Parser (KB973685) NBA 2K12 NBA 2K13 Nexon Game Manager Nitro Reader 3 NVIDIA 3D Vision Controller Driver 306.97 NVIDIA 3D Vision Driver 311.06 NVIDIA Control Panel 311.06 NVIDIA Graphics Driver 311.06 NVIDIA HD Audio Driver 1.3.18.0 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.12.0604 NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.11.3 NVIDIA Update Components Oracle Database 11g Express Edition Origin Pando Media Booster PC Probe II PCSX2 - Playstation 2 Emulator PDF Settings CS6 PeerBlock 1.1 (r518) Pirates of the Burning Sea Port Royale 3 PrimoPDF -- brought to you by Nitro PDF Software PunkBuster Services Ragnarok Online2 Realtek Ethernet Controller Driver For Windows 7 Renesas Electronics USB 3.0 Host Controller Driver Saints Row. The Third 1.0 Secure Download Manager Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition Security Update for Microsoft Expression Design 4 (KB2667730) Security Update for Microsoft Filter Pack 2.0 (KB2553501) 64-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687422) 64-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition Security Update for Microsoft Publisher 2010 (KB2553147) 64-Bit Edition Security Update for Microsoft Visio 2010 (KB2810068) 64-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2687505) 64-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition Sins of a Solar Empire Rebellion © Stardock version 1 Skype Click to Call Skype™ 5.10 Spiral Knights Star Wars: The Old Republic Steam Symantec Endpoint Protection System Requirements Lab CYRI TeamSpeak 3 Client TeamViewer 8 The Lord of the Rings Online Tom Clancy's Ghost Recon Future Soldier Tom Clancys Ghost Recon Future Soldier version 1.02 Tribes Ascend Ubisoft Game Launcher Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition Ventrilo Client for Windows x64 VLC media player 1.1.11 Warframe Windows 7 Upgrade Advisor Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Messenger Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack WinRAR 4.01 (64-bit) World of Tanks v.0.6.3.11 WPF Toolkit February 2010 (Version 3.5.50211.1) XChat 2 (remove only) . ==== Event Viewer Messages From Past Week ======== . 6/11/2013 8:59:48 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 6/11/2013 8:59:48 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure. 6/11/2013 5:59:07 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800032aed35). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 061113-40716-01. 6/11/2013 5:51:17 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Base Filtering Engine service, but this action failed with the following error: An instance of the service is already running. 6/11/2013 5:50:45 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 6/11/2013 5:50:45 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running. 6/11/2013 5:50:45 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running. 6/11/2013 5:50:27 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143. 6/11/2013 5:49:45 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running. 6/11/2013 5:49:27 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/11/2013 5:49:27 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/11/2013 5:49:27 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/11/2013 5:49:27 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 6/11/2013 5:49:27 PM, Error: Service Control Manager [7031] - The HomeGroup Listener service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/11/2013 5:49:17 PM, Error: Service Control Manager [7031] - The Windows Firewall service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/11/2013 5:49:17 PM, Error: Service Control Manager [7031] - The Diagnostic Policy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/11/2013 5:49:17 PM, Error: Service Control Manager [7031] - The Base Filtering Engine service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/11/2013 5:48:51 PM, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/11/2013 5:48:45 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/11/2013 5:48:45 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/11/2013 5:48:45 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/11/2013 5:48:45 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/11/2013 5:48:45 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/11/2013 5:48:45 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/11/2013 5:48:45 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/11/2013 5:48:45 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/11/2013 5:48:45 PM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/11/2013 5:48:45 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/11/2013 5:48:45 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/11/2013 5:48:45 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/11/2013 5:48:45 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/11/2013 5:48:45 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/11/2013 5:48:45 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/11/2013 5:48:11 PM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s). 6/11/2013 5:48:11 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/11/2013 5:48:11 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/11/2013 5:48:11 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/11/2013 5:48:11 PM, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/11/2013 5:48:11 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 6/11/2013 5:48:11 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/11/2013 5:48:11 PM, Error: Service Control Manager [7031] - The HomeGroup Listener service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/11/2013 5:48:11 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/11/2013 5:48:11 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/11/2013 5:21:58 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Server service to connect. 6/11/2013 5:21:58 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Secondary Logon service to connect. 6/11/2013 5:21:58 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Multimedia Class Scheduler service to connect. 6/11/2013 5:21:58 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IKE and AuthIP IPsec Keying Modules service to connect. 6/11/2013 5:21:58 PM, Error: Service Control Manager [7001] - The User Profile Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start. 6/11/2013 5:21:58 PM, Error: Service Control Manager [7001] - The Remote Procedure Call (RPC) service depends on the RPC Endpoint Mapper service which failed to start because of the following error: The service has not been started. 6/11/2013 5:21:58 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start. 6/11/2013 5:21:58 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion. 6/11/2013 5:21:58 PM, Error: Service Control Manager [7000] - The Server service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/11/2013 5:21:58 PM, Error: Service Control Manager [7000] - The Secondary Logon service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/11/2013 5:21:58 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/11/2013 5:21:58 PM, Error: Service Control Manager [7000] - The IKE and AuthIP IPsec Keying Modules service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/11/2013 5:21:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the System Event Notification Service service to connect. 6/11/2013 5:21:57 PM, Error: Service Control Manager [7000] - The System Event Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/11/2013 5:21:53 PM, Error: Service Control Manager [7001] - The Group Policy Client service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start. 6/11/2013 5:21:49 PM, Error: Service Control Manager [7001] - The Function Discovery Resource Publication service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start. 6/11/2013 5:21:47 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the RPC Endpoint Mapper service, but this action failed with the following error: An instance of the service is already running. 6/11/2013 5:20:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Themes service to connect. 6/11/2013 5:20:57 PM, Error: Service Control Manager [7001] - The Windows Update service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start. 6/11/2013 5:20:57 PM, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start. 6/11/2013 5:20:57 PM, Error: Service Control Manager [7001] - The Background Intelligent Transfer Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start. 6/11/2013 5:20:57 PM, Error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/11/2013 5:19:59 PM, Error: Service Control Manager [7001] - The Remote Procedure Call (RPC) service depends on the RPC Endpoint Mapper service which failed to start because of the following error: The service has returned a service-specific error code. 6/11/2013 5:19:53 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/11/2013 5:19:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SSDP Discovery service to connect. 6/11/2013 5:19:50 PM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion. 6/11/2013 5:19:50 PM, Error: Service Control Manager [7000] - The SSDP Discovery service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/11/2013 5:19:49 PM, Error: Service Control Manager [7031] - The UPnP Device Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 6/11/2013 5:19:49 PM, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 6/11/2013 5:19:49 PM, Error: Service Control Manager [7031] - The Function Discovery Resource Publication service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/11/2013 5:19:47 PM, Error: Service Control Manager [7031] - The RPC Endpoint Mapper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/11/2013 5:19:47 PM, Error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine. 6/11/2013 5:01:53 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Peer Networking Identity Manager service, but this action failed with the following error: An instance of the service is already running. 6/11/2013 5:01:53 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Peer Name Resolution Protocol service, but this action failed with the following error: An instance of the service is already running. 6/11/2013 4:56:52 PM, Error: Service Control Manager [7031] - The Peer Networking Identity Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 6/11/2013 4:56:52 PM, Error: Service Control Manager [7031] - The Peer Networking Grouping service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 6/11/2013 4:56:52 PM, Error: Service Control Manager [7031] - The Peer Name Resolution Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. . ==== End Of File ===========================
  19. Malwarebytes is blocking me ([x] Enable malicious website blocking) from accessing 212.117.183.19:9918. It's a legitimate company. I pay a monthly hosting fee, and I use this address for a web-based user unterface. -Steve
  20. I keep getting notice: Successfully blocked access to a potentially malicious website 46.183.217.245 Type: outgoing Process: rundl1132.exe What is this? protection-log-2013-03-07.txt
  21. I keep getting notice: Successfully blocked access to a potentially malicious website 46.183.217.245 Type: outgoing Process: rundl1132.exe What is this?
  22. Hi all, few weeks ago I noticed that malawarebytes stop my internet connection, do not allowed the connection to any internet site because he discovered an attempt to connect to a malicius IP by the service "svchost.exe", address's are listed below: 212.117.175.185 78.46.86.74 If I disable the option to "stop the web site" in the Malawarebytes programs, I can browse on the web without problems, but I think I'm infected with a strong trojan/malaware. I have try any possible solution on the web and on this forum but seems than any program I run found nothing on my PC. My PC were formatted by a PC dealer, scanned by a "professional tecnician" but he bring me the computer still infected. So I decide to write this tread, because I think I need a step by steps instruction to remove the infection. Below I copy the link to the logs I did today like suggested in the pinned and other treads. http://pastebin.com/e22pWkx3 Here the programs I ran today and their logs: Avast Free antivirus MALAWAREBYTES free version COMBOFIX OTL aswMBR tdssKILLER dds adwCleaner RogueKiller Hijackthis I'll remark than NO one of the above mentioned programs found nothing. I hope someone can help and sorry for my bad english. Thanks in advance Andrea
  23. Merged 3 post I have attached the two files that I was told to attach. Thanks in advance for your help! This is urgent, so I'm hoping someone can help me get rid of this virus. Thanks! Trying to bring this to the top of the list. dds.txt attach.txt
  24. First off, I really appreciate the help, don't think (know) this would be a big problem but I don't feel confident with this malware on my PC. I started getting these annoying pop up ads for some Chinese role-playing game at the lower bottom right corner of my screen when i try to connect to websites (not just Chinese ones, so I realized that there was something on my PC). The pop ups come with sound (how nice). I installed Malwarebytes Anti Malware and activated the full version trial then ran a scan. Found and quarantined "PUP.TollbarDownloader" in an exe file I had downloaded (and I guess executed) at some point. But I still get these messages that it blocked outgoing traffic every so often: 2012/04/24 10:55:06 +0800 IP-BLOCK 218.8.51.248 (Type: outgoing, Port: 57038, Process: firefox.exe) 2012/04/24 10:58:20 +0800 IP-BLOCK 218.8.51.248 (Type: outgoing, Port: 57187, Process: firefox.exe) 2012/04/24 10:58:53 +0800 IP-BLOCK 218.8.51.248 (Type: outgoing, Port: 57212, Process: firefox.exe) 2012/04/24 19:37:57 +0800 IP-BLOCK 122.70.138.185 (Type: outgoing, Port: 52592, Process: chrome.exe) 2012/04/24 19:37:57 +0800 IP-BLOCK 122.70.138.185 (Type: outgoing, Port: 52593, Process: chrome.exe) 2012/04/24 19:37:57 +0800 IP-BLOCK 122.70.138.185 (Type: outgoing, Port: 52594, Process: chrome.exe) 2012/04/24 19:37:57 +0800 IP-BLOCK 122.70.138.185 (Type: outgoing, Port: 52595, Process: chrome.exe) 2012/04/24 19:37:57 +0800 IP-BLOCK 122.70.138.185 (Type: outgoing, Port: 52596, Process: chrome.exe) I ran a scan according to the forum guidelines and get these logs: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29 Run by Arne at 11:08:28 on 2012-04-24 Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1033.18.1013.220 [GMT 8:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\windows\SYSTEM32\Rezip.exe C:\windows\system32\svchost.exe -k imgsvc c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\windows\system32\taskeng.exe C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\System32\igfxtray.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\windows\system32\igfxsrvc.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Google\Google Pinyin 3\GooglePinyinDaemon.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe C:\Program Files\Google\Google Pinyin 3\GooglePinyinService.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Sticky Notes\StickyNotes.exe C:\windows\system32\SearchIndexer.exe C:\windows\system32\igfxext.exe C:\windows\system32\igfxsrvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\OpenOffice.org 3\program\scalc.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\igowin\igowin.exe C:\windows\system32\taskhost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\windows\system32\conhost.exe C:\windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File uRun: [Google Update] "c:\users\arne\appdata\local\google\update\GoogleUpdate.exe" /c uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11f_Plugin.exe -update plugin mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s mRun: [Google Pinyin 3 Autoupdater] "c:\program files\google\google pinyin 3\GooglePinyinDaemon.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\users\arne\appdata\roaming\micros~1\windows\startm~1\programs\startup\sticky~1.lnk - c:\program files\sticky notes\StickyNotes.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: Free YouTube to Mp3 Converter - c:\users\arne\appdata\roaming\dvdvideosoftiehelpers\youtubetomp3.htm IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: DhcpNameServer = 10.0.0.1 TCP: Interfaces\{24FDB2AB-187E-413F-BAF1-7D983CBF9F6D} : DhcpNameServer = 10.0.0.1 TCP: Interfaces\{24FDB2AB-187E-413F-BAF1-7D983CBF9F6D}\0516E696E6F60245563616 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{24FDB2AB-187E-413F-BAF1-7D983CBF9F6D}\24F6F6B677F627D6 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{24FDB2AB-187E-413F-BAF1-7D983CBF9F6D}\348696E616E45647D235471627265736B637 : DhcpNameServer = 172.13.0.1 TCP: Interfaces\{24FDB2AB-187E-413F-BAF1-7D983CBF9F6D}\348696E616E45647D244B65557 : DhcpNameServer = 192.168.1.1 192.168.1.1 TCP: Interfaces\{24FDB2AB-187E-413F-BAF1-7D983CBF9F6D}\7756E67756E6132333 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{24FDB2AB-187E-413F-BAF1-7D983CBF9F6D}\D43644F6E616C6467237 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{581B304F-E7EA-4D69-8E16-B3D564BACED7} : DhcpNameServer = 192.168.1.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\arne\appdata\roaming\mozilla\firefox\profiles\6pojc2zr.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://www.google.com/search?hl=en-GB&q= FF - prefs.js: network.proxy.http - http://proxy.io8.org/autoproxy/e1.pac FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\users\arne\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-26 165648] R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2009-12-10 10752] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-18 654408] R2 Rezip;Rezip;c:\windows\system32\Rezip.exe [2009-12-10 311296] R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2011-8-4 645048] R3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\drivers\CryptOSD.sys [2009-5-1 384896] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-18 22344] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-26 43392] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024] R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-30 135664] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-11 43944] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-6-29 29472] S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-30 135664] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-2 52224] . =============== Created Last 30 ================ . 2012-04-24 02:34:06 6734704 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9984dc56-d0f1-4566-8554-6b0a4947e2e8}\mpengine.dll 2012-04-23 07:43:51 -------- d-----w- c:\program files\igowin 2012-04-18 15:22:55 -------- d-----w- c:\program files\Anvisoft 2012-04-18 11:43:48 -------- d-----w- c:\users\arne\appdata\roaming\Malwarebytes 2012-04-18 11:42:55 -------- d-----w- c:\programdata\Malwarebytes 2012-04-18 11:42:48 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-18 11:42:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-18 07:14:04 -------- d-----w- c:\users\arne\.FBReader 2012-04-18 07:09:34 -------- d-----w- c:\program files\FBReader 2012-04-18 06:52:12 -------- d-----w- c:\users\arne\appdata\roaming\calibre 2012-04-17 16:22:04 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-17 16:22:04 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-17 16:22:04 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-04-17 16:22:03 159232 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-17 16:21:15 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-17 16:21:14 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-17 16:18:00 826880 ----a-w- c:\windows\system32\rdpcore.dll 2012-04-09 16:20:44 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll 2012-04-09 16:20:44 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll 2012-03-26 15:41:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll 2012-03-26 15:41:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll . ==================== Find3M ==================== . 2012-02-28 05:38:52 981504 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 03:52:27 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-25 08:00:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-02-03 03:54:27 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-01-25 05:32:35 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-01-25 05:32:34 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-01-25 05:27:51 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe . ============= FINISH: 11:16:18,57 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Starter Boot Device: \Device\HarddiskVolume2 Install Date: 29.06.2010 21:58:46 System Uptime: 24.04.2012 01:25:06 (10 hours ago) . Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | N150/N210/N220 Processor: Intel® Atom CPU N450 @ 1.66GHz | CPU 1 | 1667/mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 150 GiB total, 87,251 GiB free. D: is FIXED (NTFS) - 68 GiB total, 66,425 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Description: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device Device ID: USB\VID_0A5C&PID_219B\506313BBB795 Manufacturer: Broadcom Name: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device PNP Device ID: USB\VID_0A5C&PID_219B\506313BBB795 Service: BTHUSB . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows PNP Device ID: ROOT\NET\0000 Service: vpnva . ==== System Restore Points =================== . RP369: 25.03.2012 18:03:15 - Windows Update RP370: 28.03.2012 20:49:26 - Windows Update RP371: 01.04.2012 22:45:16 - Windows Update RP372: 05.04.2012 12:38:43 - Windows Update RP373: 09.04.2012 12:25:04 - Windows Update RP374: 12.04.2012 23:51:23 - Windows Update RP375: 16.04.2012 12:32:00 - Windows Update RP376: 18.04.2012 00:19:23 - Windows Update RP378: 18.04.2012 14:49:07 - Installed calibre RP380: 18.04.2012 15:30:49 - Removed calibre RP381: 21.04.2012 12:56:53 - Windows Update . ==== Installed Programs ====================== . ??????? 3.0 7-Zip 4.65 Adobe Flash Player 11 Plugin Adobe Flash Player ActiveX Adobe Reader 9.5.1 Adobe Shockwave Player 11.6 Anki Apple Application Support Apple Software Update Atheros Client Installation Program BatteryLifeExtender ChargeableUSB Cisco AnyConnect VPN Client Compatibility Pack for the 2007 Office system ContentSAFER for Wizmax CyberLink YouCam Easy Display Manager Easy Network Manager Easy Resolution Manager Easy SpeedUp Manager EasyBatteryManager FBReader for Windows Free Audio CD Burner version 1.4 Free YouTube to MP3 Converter version 3.8 Full Tilt Poker Google Chrome Google Earth Plug-in Google Update Helper Intel® Graphics Media Accelerator Driver Intel® Matrix Storage Manager Java Auto Updater Java 6 Update 22 Java 6 Update 29 Malwarebytes Anti-Malware version 1.61.0.1400 Marvell Miniport Driver Microsoft .NET Framework 4 Client Profile Microsoft Antimalware Microsoft Office Word Viewer 2003 Microsoft PowerPoint Viewer Microsoft Security Client Microsoft Security Essentials Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Mozilla Firefox 11.0 (x86 en-US) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) OpenOffice.org 3.3 Paint.NET v3.5.8 PokerStars PokerStove version 1.23 PreSetup HyperSpace QuickTime Realtek High Definition Audio Driver REALTEK Wireless LAN Software Samsung Recovery Solution 4 Samsung Support Center Samsung Update Plus Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Skype™ 4.2 swMSM Synaptics Pointing Device Driver TIPP10 Version 2.0.3 Uninstall 1.0.0.1 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) User Guide VirtualCloneDrive VLC media player 1.1.5 Vuze WIDCOMM Bluetooth Software Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) Xtra Controller Pro YouTube Downloader 2.6.2 . ==== Event Viewer Messages From Past Week ======== . 22.04.2012 23:44:32, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.209.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 22.04.2012 22:55:15, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.209.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 22.04.2012 13:24:51, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. 20.04.2012 18:38:06, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 19.04.2012 16:08:41, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1963.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 19.04.2012 16:08:41, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1963.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 19.04.2012 12:23:24, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1963.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 19.04.2012 12:23:24, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1963.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 18.04.2012 19:53:25, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 7 time(s). 18.04.2012 19:53:25, Error: Service Control Manager [7034] - The Network List Service service terminated unexpectedly. It has done this 7 time(s). 18.04.2012 19:53:25, Error: Service Control Manager [7034] - The Function Discovery Provider Host service terminated unexpectedly. It has done this 1 time(s). 18.04.2012 19:53:25, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 7 time(s). 18.04.2012 19:53:25, Error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 5 time(s). 18.04.2012 17:40:04, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 3 time(s). 18.04.2012 17:40:04, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 6 time(s). 18.04.2012 17:40:04, Error: Service Control Manager [7034] - The Network List Service service terminated unexpectedly. It has done this 6 time(s). 18.04.2012 17:40:04, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 6 time(s). 18.04.2012 17:39:59, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 5 time(s). 18.04.2012 17:39:59, Error: Service Control Manager [7034] - The Network List Service service terminated unexpectedly. It has done this 5 time(s). 18.04.2012 17:39:59, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 5 time(s). 18.04.2012 17:39:59, Error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 4 time(s). 18.04.2012 17:39:43, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service. 18.04.2012 15:43:45, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 4 time(s). 18.04.2012 15:43:45, Error: Service Control Manager [7034] - The Network List Service service terminated unexpectedly. It has done this 4 time(s). 18.04.2012 15:43:45, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 4 time(s). 18.04.2012 15:43:45, Error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 3 time(s). 18.04.2012 14:53:56, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Store Interface Service service, but this action failed with the following error: An instance of the service is already running. 18.04.2012 14:48:59, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 2 time(s). 18.04.2012 14:48:59, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 3 time(s). 18.04.2012 14:48:59, Error: Service Control Manager [7034] - The Network List Service service terminated unexpectedly. It has done this 3 time(s). 18.04.2012 14:48:59, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 3 time(s). 18.04.2012 14:48:56, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 2 time(s). 18.04.2012 14:48:56, Error: Service Control Manager [7031] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 18.04.2012 14:48:56, Error: Service Control Manager [7031] - The Network Store Interface Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 18.04.2012 14:48:56, Error: Service Control Manager [7031] - The Network List Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 18.04.2012 14:48:56, Error: Service Control Manager [7031] - The COM+ Event System service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 18.04.2012 14:48:52, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 1 time(s). 18.04.2012 14:48:52, Error: Service Control Manager [7031] - The Network Store Interface Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 18.04.2012 14:48:52, Error: Service Control Manager [7031] - The Network List Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 18.04.2012 14:48:52, Error: Service Control Manager [7031] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 18.04.2012 00:07:20, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. . ==== End Of File ===========================
  25. Hey, and thanks in advance for any help. So I installed MBAM recently, and it's been blocking outgoing connections to IP addresses really frequently lately. I'm not sure what could be causing these potentially malicious connections...my antivirus protection (Symantec) as well as MBAM consistently give me clean scan results (from quick scans, flash scans, and full scans). I'd really appreciate some help with figuring out what is going on and if I need to do anything about it. Also, I was wondering if I could PM the logs to you in some way? I'd rather not post them publicly unless it's totally necessary. Thank you!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.