Jump to content

IP-blocks from svchost.exe


Recommended Posts

Hello. Malwarebytes has blocked multiple incoming IPs with similar addresses and some outgoing IPs from svchost.exe since I downloaded the trial 10 days ago. Scans from my antivirus and Malwarebytes have turned up nothing.  I am worried it might be a sign of infection. Could you please take a look at the logs?

 

DDS.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 10.21.2
Run by Dummy at 15:43:33 on 2013-09-20
Microsoft Windows 7 家用進階版   6.1.7601.1.950.852.3076.18.3959.528 [GMT 8:00]
.
AV: BullGuard Antivirus *Enabled/Updated* {504FFF66-3028-EB7E-2E60-62B19ADD791C}
SP: BullGuard Antispyware *Enabled/Updated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\System32\SvcHost.exe -k BullGuard_LowPriv
C:\Windows\System32\SvcHost.exe -k BullGuard
C:\Windows\System32\SvcHost.exe -k BullGuard_Main
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Users\gfdghhshdhfg\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Users\gfdghhshdhfg\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\BullGuard Ltd\BullGuard Antivirus\BullGuardUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Users\gfdghhshdhfg\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\BullGuard Ltd\BullGuard Antivirus\BullGuardScanner.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\BullGuard Ltd\BullGuard Antivirus\BullGuard.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\gfdghhshdhfg\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Users\gfdghhshdhfg\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Windows\system32\taskmgr.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: BGAntiphishingBHO Class: {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard Antivirus\Files32\Antiphishing\IE\BGAntiphishingIEBHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [MsgCenterExe] "c:\program files (x86)\real\realplayer\update\RealOneMessageCenter.exe"  -osboot
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
mRun: [bATINDICATORHL] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [iME14 CHT Setup] C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Users\gfdghhshdhfg\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard Antivirus\Files32\Antiphishing\IE\BGAntiphishingIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Windows\System32\BGLsp.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.8.1
TCP: Interfaces\{2366C26E-B6ED-4F6C-B00D-8F3E71CF3A8E} : NameServer = 203.198.23.208 218.102.32.208
TCP: Interfaces\{2FC9F5EA-3143-44E7-AC3A-069298D7F349} : NameServer = 203.198.23.208 218.102.32.208
TCP: Interfaces\{A30A7FB0-4481-4DE3-89A5-52BB9855B80C} : DHCPNameServer = 192.168.8.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: BGAntiphishingBHO Class: {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard Antivirus\Antiphishing\IE\BGAntiphishingIEBHO.dll
x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [bullGuard] "C:\Program Files\BullGuard Ltd\BullGuard Antivirus\bullguard.exe" -boot
x64-Run: [iME14 CHT Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard Antivirus\Antiphishing\IE\BGAntiphishingIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dummy\AppData\Roaming\Mozilla\Firefox\Profiles\dt45wiuz.default\
.
============= SERVICES / DRIVERS ===============
.
R1 BdSpy;BdSpy;C:\Windows\System32\drivers\BdSpy.sys [2010-3-12 63712]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-5-27 56344]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-5-27 172632]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-9-11 25928]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-5-27 1002848]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-5-27 408680]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
S3 clwvd;HP Webcam Splitter;C:\Windows\System32\drivers\clwvd.sys [2010-9-4 31088]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-10-9 59392]
.
=============== Created Last 30 ================
.
2013-09-19 12:18:12 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1C9F920F-15EF-416F-997E-66969C167C17}\offreg.dll
2013-09-18 14:05:44 -------- d-sh--w- C:\$RECYCLE.BIN
2013-09-18 12:59:32 -------- d-----w- C:\Program Files (x86)\ESET
2013-09-18 11:09:11 -------- d-----w- C:\Users\Dummy\AppData\Local\temp
2013-09-17 15:03:56 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1C9F920F-15EF-416F-997E-66969C167C17}\mpengine.dll
2013-09-14 11:50:51 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-11 14:50:20 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-09-03 13:53:52 187248 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-08-31 06:47:36 -------- d-----w- C:\Users\Dummy\AppData\Local\SCE
2013-08-25 13:34:12 -------- d-----w- C:\Users\Dummy\AppData\Roaming\RealNetworks
2013-08-25 13:33:16 -------- d-----w- C:\Program Files (x86)\RealNetworks
2013-08-25 13:33:08 -------- d-----w- C:\ProgramData\RealNetworks
2013-08-23 15:14:49 91544 ----a-w- C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
2013-08-22 05:54:57 -------- d-----w- C:\Program Files\HitmanPro
2013-08-22 05:40:23 -------- d-----w- C:\ProgramData\HitmanPro
2013-08-22 05:34:02 -------- d--h--w- C:\ProgramData\Common Files
2013-08-22 05:34:02 -------- d-----w- C:\Users\Dummy\AppData\Local\MFAData
2013-08-22 05:34:02 -------- d-----w- C:\Users\Dummy\AppData\Local\Avg2013
2013-08-22 05:34:02 -------- d-----w- C:\ProgramData\MFAData
2013-08-21 11:28:23 -------- d-----w- C:\Users\Dummy\AppData\Local\ApplicationHistory
.
==================== Find3M  ====================
.
2013-09-19 20:14:45 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-19 20:14:45 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-25 13:30:32 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2013-08-25 13:30:32 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-08-06 20:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-29 19:40:55 0 ----a-w- C:\Windows\SysWow64\sho650B.tmp
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-18 17:16:44 0 ----a-w- C:\Windows\SysWow64\sho8616.tmp
2013-07-17 19:01:44 0 ----a-w- C:\Windows\SysWow64\sho66EA.tmp
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-07-05 18:53:29 0 ----a-w- C:\Windows\SysWow64\sho702A.tmp
2013-07-04 23:32:26 0 ----a-w- C:\Windows\SysWow64\sho11DE.tmp
2013-06-30 01:46:01 0 ----a-w- C:\Windows\SysWow64\shoB46F.tmp
2013-06-26 11:21:50 23208 ----a-w- C:\Windows\System32\drivers\Sftvollh.sys
2013-06-26 11:21:48 28840 ----a-w- C:\Windows\System32\drivers\Sftredirlh.sys
2013-06-26 11:21:46 273576 ----a-w- C:\Windows\System32\drivers\Sftplaylh.sys
2013-06-26 11:21:46 1777320 ----a-w- C:\Windows\System32\sftldr.dll
2013-06-26 11:21:46 1130664 ----a-w- C:\Windows\SysWow64\sftldr_wow64.dll
2013-06-26 11:21:44 767144 ----a-w- C:\Windows\System32\drivers\Sftfslh.sys
2013-06-24 23:17:55 0 ----a-w- C:\Windows\SysWow64\sho88E6.tmp
2013-06-23 16:26:23 0 ----a-w- C:\Windows\SysWow64\sho9F5F.tmp
2013-06-22 20:00:41 0 ----a-w- C:\Windows\SysWow64\shoB822.tmp
.
============= FINISH: 15:44:49.78 ===============
 
Attached.txt
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 家用進階版 
Boot Device: \Device\HarddiskVolume1
Install Date: 4/8/2011 16:41:08
System Uptime: 20/9/2013 6:41:18 (9 hours ago)
.
Motherboard: Hewlett-Packard |  | 2AA6
Processor: Intel® Core i3 CPU         560  @ 3.33GHz | CPU 1 | 2266/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 916 GiB total, 705.631 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 1.89 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: USB 視訊裝置
Device ID: USB\VID_04F2&PID_B2B2&MI_00\7&2BE61223&0&0000
Manufacturer: Microsoft
Name: USB Webcam
PNP Device ID: USB\VID_04F2&PID_B2B2&MI_00\7&2BE61223&0&0000
Service: usbvideo
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: HP Webcam Splitter
Device ID: ROOT\MEDIA\0000
Manufacturer: CyberLink
Name: HP Webcam Splitter
PNP Device ID: ROOT\MEDIA\0000
Service: clwvd
.
==== System Restore Points ===================
.
RP260: 18/9/2013 20:55:32 - ComboFix created restore point
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
ABBYY FineReader 9.0 Sprint
ActiveCheck component for HP Active Support Library
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
Agatha Christie - Peril at End House
Akamai NetSession Interface
Alien Swarm
Bejeweled 2 Deluxe
Bing Bar
Bing Rewards Client Installer
Blackhawk Striker 2
Blasterball 3
Bounce Symphony
Build Your Own Net Dream (remove only)
BullGuard Antivirus 9.0
BYOND
Cake Mania
Champions Online: Free For All
Chuzzle Deluxe
Counter-Strike Online 客戶端
CyberLink DVD Suite Deluxe
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dora's World Adventure
Dragons Prophet
DVD Menu Pack for HP MediaSmart Video
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
Epson Event Manager
EPSON ME 330 Series 用?指南
EPSON Scan
ESET Online Scanner v3

 

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Combofix should only be used when adviced by a trained specialist! :-/

 

Please post up C:\combofix.txt

Link to post
Share on other sites

ComboFix 13-09-17.01 - Dummy 09/2013 週三  18:56:16.1.4 - x64

Microsoft Windows 7 家用進階版   6.1.7601.1.950.852.3076.18.3959.642 [GMT 8:00]

執行位置: c:\users\gfdghhshdhfg\Downloads\ComboFix.exe

AV: BullGuard Antivirus *Disabled/Outdated* {504FFF66-3028-EB7E-2E60-62B19ADD791C}

SP: BullGuard Antispyware *Disabled/Outdated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   被刪除的檔案   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\-\AppData\Local\Google\Chrome\User Data\Default\Preferences

c:\users\gfdghhshdhfg\AppData\Local\assembly\tmp

c:\users\gfdghhshdhfg\AppData\Local\Google\Chrome\User Data\Default\Preferences

c:\users\gfdghhshdhfg\Documents\~WRL4101.tmp

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Preferences

c:\windows\apppatch\AppLoc.exe

.

.

(((((((((((((((((((((((((  2013-08-18 至 2013-09-18 的新的檔案  )))))))))))))))))))))))))))))))

.

.

2013-09-18 11:06 . 2013-09-18 11:06 -------- d-----w- c:\users\hedev\AppData\Local\temp

2013-09-18 11:06 . 2013-09-18 11:06 -------- d-----w- c:\users\Dummy\AppData\Local\temp

2013-09-18 11:06 . 2013-09-18 11:06 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-09-18 11:06 . 2013-09-18 11:06 -------- d-----w- c:\users\hp.hp-HP\AppData\Local\temp

2013-09-17 15:03 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C9F920F-15EF-416F-997E-66969C167C17}\mpengine.dll

2013-09-14 11:50 . 2013-09-17 11:01 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-09-11 14:50 . 2013-04-04 06:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-08-31 06:55 . 2013-08-31 06:59 -------- d-----w- c:\users\gfdghhshdhfg\AppData\Roaming\Natural Selection 2

2013-08-31 06:47 . 2013-08-31 06:47 -------- d-----w- c:\users\Dummy\AppData\Local\SCE

2013-08-25 13:34 . 2013-08-25 13:34 -------- d-----w- c:\users\Dummy\AppData\Roaming\RealNetworks

2013-08-25 13:33 . 2013-08-25 13:33 -------- d-----w- c:\program files (x86)\RealNetworks

2013-08-25 13:33 . 2013-08-25 13:33 -------- d-----w- c:\programdata\RealNetworks

2013-08-22 05:54 . 2013-08-22 05:55 -------- d-----w- c:\program files\HitmanPro

2013-08-22 05:40 . 2013-08-22 06:05 -------- d-----w- c:\programdata\HitmanPro

2013-08-22 05:34 . 2013-08-22 05:35 -------- d-----w- c:\programdata\MFAData

2013-08-22 05:34 . 2013-08-22 05:34 -------- d--h--w- c:\programdata\Common Files

2013-08-22 05:34 . 2013-08-22 05:34 -------- d-----w- c:\users\Dummy\AppData\Local\MFAData

2013-08-22 05:34 . 2013-08-22 05:34 -------- d-----w- c:\users\Dummy\AppData\Local\Avg2013

2013-08-21 11:28 . 2013-08-21 11:28 -------- d-----w- c:\users\Dummy\AppData\Local\ApplicationHistory

.

.

.

((((((((((((((((((((((((((((((((((((((((   在三個月內被修改的檔案   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-09-11 19:16 . 2011-11-27 01:53 79143768 ----a-w- c:\windows\system32\MRT.exe

2013-08-25 13:30 . 2012-06-30 13:35 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2013-08-25 13:30 . 2012-06-30 13:35 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2013-08-06 20:22 . 2011-10-08 06:52 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-08-02 01:48 . 2013-09-11 10:45 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-07-29 19:40 . 2013-07-29 19:40 0 ----a-w- c:\windows\SysWow64\sho650B.tmp

2013-07-28 02:40 . 2012-04-12 02:50 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-07-28 02:40 . 2011-09-27 14:22 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-07-25 09:25 . 2013-08-14 14:45 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-07-25 08:57 . 2013-08-14 14:45 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL

2013-07-20 10:55 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-07-19 01:58 . 2013-08-14 14:46 2048 ----a-w- c:\windows\system32\tzres.dll

2013-07-19 01:41 . 2013-08-14 14:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2013-07-18 17:16 . 2013-07-18 17:16 0 ----a-w- c:\windows\SysWow64\sho8616.tmp

2013-07-17 19:01 . 2013-07-17 19:01 0 ----a-w- c:\windows\SysWow64\sho66EA.tmp

2013-07-09 05:52 . 2013-08-14 14:47 224256 ----a-w- c:\windows\system32\wintrust.dll

2013-07-09 05:51 . 2013-08-14 14:45 1217024 ----a-w- c:\windows\system32\rpcrt4.dll

2013-07-09 05:46 . 2013-08-14 14:47 1472512 ----a-w- c:\windows\system32\crypt32.dll

2013-07-09 05:46 . 2013-08-14 14:47 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2013-07-09 05:46 . 2013-08-14 14:47 139776 ----a-w- c:\windows\system32\cryptnet.dll

2013-07-09 04:52 . 2013-08-14 14:45 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll

2013-07-09 04:52 . 2013-08-14 14:47 175104 ----a-w- c:\windows\SysWow64\wintrust.dll

2013-07-09 04:46 . 2013-08-14 14:47 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll

2013-07-09 04:46 . 2013-08-14 14:47 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2013-07-09 04:46 . 2013-08-14 14:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2013-07-06 06:03 . 2013-08-14 14:44 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-07-05 18:53 . 2013-07-05 18:53 0 ----a-w- c:\windows\SysWow64\sho702A.tmp

2013-07-04 23:32 . 2013-07-04 23:32 0 ----a-w- c:\windows\SysWow64\sho11DE.tmp

2013-06-30 01:46 . 2013-06-30 01:46 0 ----a-w- c:\windows\SysWow64\shoB46F.tmp

2013-06-26 11:21 . 2013-06-26 11:21 23208 ----a-w- c:\windows\system32\drivers\Sftvollh.sys

2013-06-26 11:21 . 2013-06-26 11:21 28840 ----a-w- c:\windows\system32\drivers\Sftredirlh.sys

2013-06-26 11:21 . 2013-06-26 11:21 273576 ----a-w- c:\windows\system32\drivers\Sftplaylh.sys

2013-06-26 11:21 . 2013-06-26 11:21 1777320 ----a-w- c:\windows\system32\sftldr.dll

2013-06-26 11:21 . 2013-06-26 11:21 1130664 ----a-w- c:\windows\SysWow64\sftldr_wow64.dll

2013-06-26 11:21 . 2013-06-26 11:21 767144 ----a-w- c:\windows\system32\drivers\Sftfslh.sys

2013-06-24 23:17 . 2013-06-24 23:17 0 ----a-w- c:\windows\SysWow64\sho88E6.tmp

2013-06-23 16:26 . 2013-06-23 16:26 0 ----a-w- c:\windows\SysWow64\sho9F5F.tmp

2013-06-22 20:00 . 2013-06-22 20:00 0 ----a-w- c:\windows\SysWow64\shoB822.tmp

.

.

(((((((((((((((((((((((((((((((((((((   重要登入點   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*注意* 空白與合法缺省登錄將不會被顯示 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"MsgCenterExe"="c:\program files (x86)\real\realplayer\update\RealOneMessageCenter.exe" [2013-08-25 83072]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe" [2010-07-21 2095616]

"BATINDICATORHL"="c:\program files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe" [2010-07-23 557056]

"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-10-22 895512]

"IME14 CHT Setup"="c:\progra~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2012-03-13 81200]

"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]

"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-08-25 295512]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware"="c:\users\gfdghhshdhfg\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]

"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2013-04-04 1127496]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e00d0404]

   IME File REG_SZ         IMTCC14.IME

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e00e0404]

   IME File REG_SZ         IMTCQ14.IME

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e00f0404]

   IME File REG_SZ         IMTCJ14.IME

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 BgRaSvc;BgRaSvc;c:\program files\BullGuard Ltd\BullGuard Antivirus\Support\BgRaSvc.exe;c:\program files\BullGuard Ltd\BullGuard Antivirus\Support\BgRaSvc.exe [x]

R3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows 啟用技術服務;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S1 BdSpy;BdSpy;c:\windows\system32\DRIVERS\BdSpy.sys;c:\windows\SYSNATIVE\DRIVERS\BdSpy.sys [x]

S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [x]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]

S2 BsBrowser;BullGuard antiphishing service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x]

S2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x]

S2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x]

S2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x]

S2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard Antivirus\BullGuardUpdate.exe;c:\program files\BullGuard Ltd\BullGuard Antivirus\BullGuardUpdate.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]

S2 ImeDictUpdateService;Microsoft IME Dictionary Update;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [x]

S2 MBAMScheduler;MBAMScheduler;c:\users\gfdghhshdhfg\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\users\gfdghhshdhfg\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\users\gfdghhshdhfg\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe;c:\users\gfdghhshdhfg\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]

S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]

S3 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard Antivirus\BullGuardScanner.exe;c:\program files\BullGuard Ltd\BullGuard Antivirus\BullGuardScanner.exe [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ   Akamai

.

 ‘計劃任務’ 文件夾 裡的內容

.

2013-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-05 10:53]

.

2013-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-05 10:53]

.

2013-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-423791886-1600473386-2339945710-1001Core.job

- c:\users\gfdghhshdhfg\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-05 10:51]

.

2013-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-423791886-1600473386-2339945710-1001UA.job

- c:\users\gfdghhshdhfg\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-05 10:51]

.

2013-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-423791886-1600473386-2339945710-1008Core.job

- c:\users\-\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-10 16:58]

.

2013-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-423791886-1600473386-2339945710-1008UA.job

- c:\users\-\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-10 16:58]

.

2013-08-20 c:\windows\Tasks\HPCeeScheduleForgfdghhshdhfg.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

2013-08-27 c:\windows\Tasks\HPCeeScheduleForHP-HP$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-13 11046504]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]

"BullGuard"="c:\program files\BullGuard Ltd\BullGuard Antivirus\bullguard.exe" [2011-10-04 2148664]

"IME14 CHT Setup"="c:\progra~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2012-03-13 110896]

.

------- 而外的掃描 -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

LSP: c:\windows\system32\BGLsp.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.8.1

TCP: Interfaces\{2366C26E-B6ED-4F6C-B00D-8F3E71CF3A8E}: NameServer = 203.198.23.208 218.102.32.208

TCP: Interfaces\{2FC9F5EA-3143-44E7-AC3A-069298D7F349}: NameServer = 203.198.23.208 218.102.32.208

FF - ProfilePath - c:\users\Dummy\AppData\Roaming\Mozilla\Firefox\Profiles\dt45wiuz.default\

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

AddRemove-Katawa Shoujo - c:\users\gfdghhshdhfg\Desktop\Katawa Shoujo\Uninstall Katawa Shoujo.exe

AddRemove-Strange Adventures in Infinite Space - c:\users\gfdghhshdhfg\Desktop\uninstall.exe

AddRemove-{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8} - c:\program files (x86)\InstallShield Installation Information\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

完成時間: 2013-09-18  19:09:09

ComboFix-quarantined-files.txt  2013-09-18 11:09

.

Pre-Run: 745,043,304,448 bytes free

Post-Run: 749,323,616,256 bytes free

.

- - End Of File - - 419ADF378BC2ECA850F5AA4694296E93
Link to post
Share on other sites

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Thanks for the replies. The scans didn't find anything obvious, but I see something called ALWIL when I'm scanning with the ESET Online Scanner. I'm not sure if this affected the scanner's performance, but I can't find this ALWIL thing so I can't disable it. Anyway, here is the log from Malwarebytes:

 

www.malwarebytes.org
 
Database version: v2013.09.20.02
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Dummy :: HP-HP [administrator]
 
Protection: Enabled
 
20/9/2013 17:28:13
mbam-log-2013-09-20 (17-28-13).txt
 
Scan type: Full scan (C:\|D:\|E:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 735606
Time elapsed: 2 hour(s), 13 minute(s), 24 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites

No, that´s ok.

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe.
  • Hit delete.
  • When the run is finished, it will open up a text file.
  • Please post its contents within your next reply.
  • You´ll find the log file at C:\AdwCleaner[s1].txt also.


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

Thanks for the advice. Here are the logs:

 

AdwCleaner

 

# AdwCleaner v3.004 - Report created 21/09/2013 at 18:28:04
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dummy - HP-HP
# Running from : C:\Users\gfdghhshdhfg\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : \END

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v23.0.1 (zh-TW)

[ File : C:\Users\gfdghhshdhfg\AppData\Roaming\Mozilla\Firefox\Profiles\w2txq83z.default\prefs.js ]



[ File : C:\Users\Trololololololololol\AppData\Roaming\Mozilla\Firefox\Profiles\1xst0whj.default\prefs.js ]


[ File : C:\Users\Dummy\AppData\Roaming\Mozilla\Firefox\Profiles\dt45wiuz.default\prefs.js ]


[ File : C:\Users\Doppel\AppData\Roaming\Mozilla\Firefox\Profiles\n2kiayro.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2104 octets] - [21/09/2013 18:22:28]
AdwCleaner[s0].txt - [2033 octets] - [21/09/2013 18:28:04]

########## EOF - \AdwCleaner\AdwCleaner[s0].txt - [2093 octets] ##########
 

SecurityCheck

 

 Results of screen317's Security Check version 0.99.73  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
BullGuard Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 6 Update 29  
 Java 7 Update 21  
 Java version out of Date!
 Adobe Flash Player 11.8.800.168  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox (23.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 BullGuard Ltd BullGuard Antivirus BullGuardUpdate.exe  
 BullGuard Ltd BullGuard Antivirus BullGuardScanner.exe  
 BullGuard Ltd BullGuard Antivirus BullGuard.exe  
 gfdghhshdhfg Desktop Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Your system is clean! :)

 

Adobe Reader out of date

Your Adobe Reader is outdated. We will fix this.


  • Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Run setup and follow the instructions.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

Java runtime Environment out of date

Your Java runtime environment is outdated. We will fix this.

  • Get the actual JRE from here
  • Save jxpiinstall.exe to your desktop
  • Close all running programs, especially your browser(s)
  • Run jxpiinstall.exe. This will download the newest JRE installer ( Java 7 Update 4 ) and install the software
  • when finished, go to
    Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
  • When finished, reboot your computer.


After the reboot

  • Open control panel again and click the java symbol.
  • Click Settings under Temporary Internet Files.
    The Temporary Files Settings dialog box appears.
  • Click Delete Files.
    The Delete Temporary Files dialog box appears
  • Click OK on Delete Temporary Files window.
  • Click OK again.

 

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  3. In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process

[*] If there is still something left please delete it manualy.

 

 

 

How to protect yourself

  • System Updates
    Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
    Windows XP | Windows Vista |
    Windows 7 | windows 8
  • Protection
    What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
    Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
  • Up to date Software
    Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:

    [*] Backups
    There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice. [*] Brains
    It's no joke! You really need one of those things. :) It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.

Link to post
Share on other sites

These are the logs from the last three days.

 

23/9/2013

 

2013/09/23 00:08:44 +0800 HP-HP gfdghhshdhfg IP-BLOCK 210.205.6.66 (Type: incoming, Port: 5994, Process: svchost.exe)
2013/09/23 00:12:45 +0800 HP-HP gfdghhshdhfg IP-BLOCK 89.248.168.224 (Type: incoming, Port: 123, Process: svchost.exe)
2013/09/23 00:12:45 +0800 HP-HP gfdghhshdhfg IP-BLOCK 89.248.168.224 (Type: incoming, Port: 123, Process: svchost.exe)
2013/09/23 00:12:45 +0800 HP-HP gfdghhshdhfg IP-BLOCK 89.248.168.224 (Type: incoming, Port: 123, Process: svchost.exe)
2013/09/23 01:06:51 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.246 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/23 08:17:00 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 1998, Process: svchost.exe)
2013/09/23 08:17:00 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 1998, Process: svchost.exe)
2013/09/23 08:28:35 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/23 08:48:35 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.88 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/23 09:38:54 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/23 09:38:54 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/23 10:02:44 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/23 10:47:31 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.69 (Type: incoming, Port: 1998, Process: svchost.exe)
2013/09/23 10:47:32 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.69 (Type: incoming, Port: 1174, Process: svchost.exe)
2013/09/23 11:02:51 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.233 (Type: incoming, Port: 1998, Process: svchost.exe)
2013/09/23 11:26:47 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 1998, Process: svchost.exe)
2013/09/23 11:38:43 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/23 11:38:43 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/23 12:14:31 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 1998, Process: svchost.exe)
2013/09/23 12:14:33 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 1998, Process: svchost.exe)
2013/09/23 13:01:45 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 1998, Process: svchost.exe)
2013/09/23 14:00:16 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/23 14:36:08 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.233 (Type: incoming, Port: 1998, Process: svchost.exe)
2013/09/23 15:11:30 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/23 15:58:15 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/23 16:33:31 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 1998, Process: svchost.exe)
2013/09/23 18:32:33 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 1998, Process: svchost.exe)
2013/09/23 18:44:41 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/23 18:45:45 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.57 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/23 18:45:45 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.57 (Type: incoming, Port: 1998, Process: svchost.exe)
2013/09/23 19:49:07 +0800 HP-HP gfdghhshdhfg IP-BLOCK 94.102.51.196 (Type: incoming, Port: 19, Process: svchost.exe)
2013/09/23 20:01:12 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/23 20:01:12 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/23 20:14:30 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 1998, Process: svchost.exe)
2013/09/23 20:22:15 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.11.211 (Type: incoming, Port: 1433, Process: svchost.exe)
2013/09/23 20:22:16 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.11.211 (Type: incoming, Port: 1433, Process: svchost.exe)
2013/09/23 20:30:19 +0800 HP-HP gfdghhshdhfg IP-BLOCK 42.2.151.79 (Type: incoming, Port: 7466, Process: svchost.exe)
2013/09/23 20:30:19 +0800 HP-HP gfdghhshdhfg IP-BLOCK 42.2.151.79 (Type: incoming, Port: 7466, Process: svchost.exe)
2013/09/23 20:30:27 +0800 HP-HP gfdghhshdhfg IP-BLOCK 42.2.151.79 (Type: incoming, Port: 7466, Process: svchost.exe)
2013/09/23 22:40:57 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.88 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/23 22:48:03 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.233 (Type: incoming, Port: 1998, Process: svchost.exe)
2013/09/23 23:03:51 +0800 HP-HP gfdghhshdhfg IP-BLOCK 46.166.168.105 (Type: incoming, Port: 3389, Process: svchost.exe)
2013/09/23 23:47:29 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/23 23:59:14 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 1998, Process: svchost.exe)
 
 
22/9/2013
 
2013/09/22 08:55:25 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/22 09:07:06 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 1998, Process: svchost.exe)
2013/09/22 09:18:36 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/22 09:30:15 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 1998, Process: svchost.exe)
2013/09/22 10:16:57 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.233 (Type: incoming, Port: 1998, Process: svchost.exe)
2013/09/22 10:52:24 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.233 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/22 11:18:21 +0800 HP-HP gfdghhshdhfg IP-BLOCK 218.8.55.109 (Type: outgoing, Port: 57345, Process: chrome.exe)
2013/09/22 11:18:21 +0800 HP-HP gfdghhshdhfg IP-BLOCK 218.8.55.109 (Type: outgoing, Port: 57346, Process: chrome.exe)
2013/09/22 11:18:21 +0800 HP-HP gfdghhshdhfg IP-BLOCK 218.8.55.109 (Type: outgoing, Port: 57347, Process: chrome.exe)
2013/09/22 11:18:21 +0800 HP-HP gfdghhshdhfg IP-BLOCK 218.8.55.109 (Type: outgoing, Port: 57354, Process: chrome.exe)
2013/09/22 14:01:29 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/22 15:25:23 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 1998, Process: svchost.exe)
2013/09/22 17:00:57 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.233 (Type: incoming, Port: 1998, Process: svchost.exe)
2013/09/22 17:12:47 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/22 17:13:11 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.88 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/22 17:24:45 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 1998, Process: svchost.exe)
2013/09/22 17:36:46 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/22 17:48:41 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 1998, Process: svchost.exe)
2013/09/22 18:00:45 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/22 19:10:23 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.69 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/22 19:12:49 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/22 19:36:50 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.246 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/22 21:22:27 +0800 HP-HP gfdghhshdhfg IP-BLOCK 61.160.250.96 (Type: incoming, Port: 1433, Process: svchost.exe)
2013/09/22 22:04:04 +0800 HP-HP gfdghhshdhfg IP-BLOCK 37.221.170.17 (Type: outgoing, Port: 57644, Process: chrome.exe)
2013/09/22 23:44:27 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 1998, Process: svchost.exe)
2013/09/22 23:56:01 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/22 23:56:01 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)
 
 
21/9/2013
 
2013/09/21 00:00:22 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 1998, Process: svchost.exe)
2013/09/21 00:00:22 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 1998, Process: svchost.exe)
2013/09/21 00:35:58 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/21 01:23:06 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.233 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/21 02:33:42 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/21 06:00:53 +0800 HP-HP (null) MESSAGE Starting protection
2013/09/21 06:00:53 +0800 HP-HP (null) MESSAGE Protection started successfully
2013/09/21 06:00:53 +0800 HP-HP (null) MESSAGE Starting IP protection
2013/09/21 06:00:55 +0800 HP-HP (null) MESSAGE IP Protection started successfully
2013/09/21 06:13:04 +0800 HP-HP gfdghhshdhfg MESSAGE Executing scheduled update:  Daily
2013/09/21 06:13:09 +0800 HP-HP gfdghhshdhfg MESSAGE Starting database refresh
2013/09/21 06:13:09 +0800 HP-HP gfdghhshdhfg MESSAGE Stopping IP protection
2013/09/21 06:13:09 +0800 HP-HP gfdghhshdhfg MESSAGE Scheduled update executed successfully:  database updated from version v2013.09.20.02 to version v2013.09.20.10
2013/09/21 06:13:10 +0800 HP-HP gfdghhshdhfg MESSAGE IP Protection stopped successfully
2013/09/21 06:13:42 +0800 HP-HP gfdghhshdhfg MESSAGE Database refreshed successfully
2013/09/21 06:13:42 +0800 HP-HP gfdghhshdhfg MESSAGE Starting IP protection
2013/09/21 06:13:44 +0800 HP-HP gfdghhshdhfg MESSAGE IP Protection started successfully
2013/09/21 06:39:46 +0800 HP-HP gfdghhshdhfg IP-BLOCK 37.221.160.203 (Type: incoming, Port: 443, Process: pmb.exe)
2013/09/21 06:39:46 +0800 HP-HP gfdghhshdhfg IP-BLOCK 37.221.160.203 (Type: incoming, Port: 443, Process: pmb.exe)
2013/09/21 06:39:46 +0800 HP-HP gfdghhshdhfg IP-BLOCK 37.221.160.203 (Type: incoming, Port: 443, Process: pmb.exe)
2013/09/21 07:20:57 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 1998, Process: svchost.exe)
2013/09/21 07:32:31 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/21 07:55:38 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/21 07:55:38 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/21 08:41:58 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.246 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/21 09:05:16 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/21 09:05:16 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/21 09:05:48 +0800 HP-HP gfdghhshdhfg IP-BLOCK 93.174.93.176 (Type: incoming, Port: 53, Process: svchost.exe)
2013/09/21 09:16:57 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 1998, Process: svchost.exe)
2013/09/21 09:28:13 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.25.44 (Type: incoming, Port: 8088, Process: svchost.exe)
2013/09/21 09:28:46 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/21 09:36:57 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.58 (Type: incoming, Port: 1174, Process: svchost.exe)
2013/09/21 09:36:57 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.58 (Type: incoming, Port: 1998, Process: svchost.exe)
2013/09/21 09:36:57 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.58 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/21 09:40:19 +0800 HP-HP gfdghhshdhfg IP-BLOCK 94.102.59.185 (Type: incoming, Port: 19, Process: svchost.exe)
2013/09/21 09:44:05 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.10.7 (Type: incoming, Port: 1998, Process: svchost.exe)
2013/09/21 09:52:08 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/21 09:55:29 +0800 HP-HP gfdghhshdhfg IP-BLOCK 94.102.59.185 (Type: incoming, Port: 19, Process: svchost.exe)
2013/09/21 10:15:29 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.246 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/21 10:17:22 +0800 HP-HP gfdghhshdhfg IP-BLOCK 94.102.59.185 (Type: incoming, Port: 19, Process: svchost.exe)
2013/09/21 10:38:42 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/21 10:43:32 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.25.44 (Type: incoming, Port: 8088, Process: svchost.exe)
2013/09/21 10:50:22 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.233 (Type: incoming, Port: 1998, Process: svchost.exe)
2013/09/21 11:25:48 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/21 11:35:43 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.57 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/21 11:35:43 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.57 (Type: incoming, Port: 1998, Process: svchost.exe)
2013/09/21 12:01:23 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 1998, Process: svchost.exe)
2013/09/21 12:13:12 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/21 12:13:12 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/21 12:25:00 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 1998, Process: svchost.exe)
2013/09/21 12:36:49 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/21 12:43:15 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.25.44 (Type: incoming, Port: 8088, Process: svchost.exe)
2013/09/21 13:12:26 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.233 (Type: incoming, Port: 1998, Process: svchost.exe)
2013/09/21 14:11:31 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/21 16:54:56 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.25.44 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/21 16:56:16 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.246 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/21 17:29:57 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.88 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/21 18:18:31 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 1998, Process: svchost.exe)
2013/09/21 18:30:24 +0800 HP-HP (null) MESSAGE Starting protection
2013/09/21 18:30:25 +0800 HP-HP (null) MESSAGE Protection started successfully
2013/09/21 18:30:25 +0800 HP-HP (null) MESSAGE Starting IP protection
2013/09/21 18:30:27 +0800 HP-HP (null) MESSAGE IP Protection started successfully
2013/09/21 19:19:42 +0800 HP-HP gfdghhshdhfg IP-BLOCK 218.8.51.108 (Type: outgoing, Port: 54232, Process: svchost.exe)
2013/09/21 19:19:43 +0800 HP-HP gfdghhshdhfg IP-BLOCK 218.8.51.108 (Type: outgoing, Port: 54235, Process: svchost.exe)
2013/09/21 21:17:53 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/21 21:38:22 +0800 HP-HP gfdghhshdhfg IP-BLOCK 93.174.93.176 (Type: incoming, Port: 53, Process: svchost.exe)
2013/09/21 21:53:21 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 1998, Process: svchost.exe)
2013/09/21 22:17:03 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.246 (Type: incoming, Port: 1998, Process: svchost.exe)
2013/09/21 22:28:50 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/21 22:28:50 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/21 22:52:24 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/21 23:15:51 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/21 23:37:49 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.58 (Type: incoming, Port: 1174, Process: svchost.exe)
2013/09/21 23:37:49 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.58 (Type: incoming, Port: 1174, Process: svchost.exe)
2013/09/21 23:37:49 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.58 (Type: incoming, Port: 1998, Process: svchost.exe)
2013/09/21 23:37:49 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.58 (Type: incoming, Port: 1998, Process: svchost.exe)
2013/09/21 23:37:49 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.58 (Type: incoming, Port: 18186, Process: svchost.exe)
2013/09/21 23:37:49 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.58 (Type: incoming, Port: 18186, Process: svchost.exe)
 

 

Link to post
Share on other sites

All of these adresses are located in China.

This seems to be normal internet traffic with the problem that some of these adresses have been potentially abused in the past to do criminal activity around the world and now are blacklisted and therefor be blocked.

I don´t see any suspicious activity on your computer.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.