Whitespace Posted September 20, 2013 ID:732397 Share Posted September 20, 2013 Hello. Malwarebytes has blocked multiple incoming IPs with similar addresses and some outgoing IPs from svchost.exe since I downloaded the trial 10 days ago. Scans from my antivirus and Malwarebytes have turned up nothing. I am worried it might be a sign of infection. Could you please take a look at the logs? DDS.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16686 BrowserJavaVersion: 10.21.2Run by Dummy at 15:43:33 on 2013-09-20Microsoft Windows 7 家用進階版 6.1.7601.1.950.852.3076.18.3959.528 [GMT 8:00].AV: BullGuard Antivirus *Enabled/Updated* {504FFF66-3028-EB7E-2E60-62B19ADD791C}SP: BullGuard Antispyware *Enabled/Updated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files\HitmanPro\hmpsched.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\nvvsvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Realtek\Audio\HDA\AERTSr64.EXEC:\Windows\SysWOW64\svchost.exe -k AkamaiC:\Windows\System32\SvcHost.exe -k BullGuard_LowPrivC:\Windows\System32\SvcHost.exe -k BullGuardC:\Windows\System32\SvcHost.exe -k BullGuard_MainC:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exeC:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exeC:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXEc:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Users\gfdghhshdhfg\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Users\gfdghhshdhfg\Desktop\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\PDF Complete\pdfsvc.exeC:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\BullGuard Ltd\BullGuard Antivirus\BullGuardUpdate.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exeC:\Users\gfdghhshdhfg\Desktop\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXEC:\Windows\system32\taskeng.exeC:\Program Files\BullGuard Ltd\BullGuard Antivirus\BullGuardScanner.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exeC:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exeC:\Program Files\BullGuard Ltd\BullGuard Antivirus\BullGuard.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Users\gfdghhshdhfg\AppData\Local\Akamai\netsession_win.exeC:\Program Files (x86)\Pando Networks\Media Booster\PMB.exeC:\Users\gfdghhshdhfg\AppData\Local\Akamai\netsession_win.exeC:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exeC:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exeC:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exeC:\Program Files (x86)\Real\RealPlayer\Update\realsched.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Program Files (x86)\Steam\Steam.exeC:\Program Files (x86)\Common Files\Steam\SteamService.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Windows\system32\taskmgr.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Users\gfdghhshdhfg\AppData\Local\Google\Chrome\Application\old_chrome.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllBHO: BGAntiphishingBHO Class: {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard Antivirus\Files32\Antiphishing\IE\BGAntiphishingIEBHO.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dlluRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunuRun: [MsgCenterExe] "c:\program files (x86)\real\realplayer\update\RealOneMessageCenter.exe" -osbootmRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exemRun: [bATINDICATORHL] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exemRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exemRun: [iME14 CHT Setup] C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /LogmRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osbootmRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRunOnce: [Malwarebytes Anti-Malware] C:\Users\gfdghhshdhfg\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentmRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScriptuPolicies-Explorer: NoDriveTypeAutoRun = dword:145uPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDrives = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard Antivirus\Files32\Antiphishing\IE\BGAntiphishingIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllLSP: C:\Windows\System32\BGLsp.dllTrusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comTCP: NameServer = 192.168.8.1TCP: Interfaces\{2366C26E-B6ED-4F6C-B00D-8F3E71CF3A8E} : NameServer = 203.198.23.208 218.102.32.208TCP: Interfaces\{2FC9F5EA-3143-44E7-AC3A-069298D7F349} : NameServer = 203.198.23.208 218.102.32.208TCP: Interfaces\{A30A7FB0-4481-4DE3-89A5-52BB9855B80C} : DHCPNameServer = 192.168.8.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-BHO: BGAntiphishingBHO Class: {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard Antivirus\Antiphishing\IE\BGAntiphishingIEBHO.dllx64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dllx64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exex64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /backgroundx64-Run: [bullGuard] "C:\Program Files\BullGuard Ltd\BullGuard Antivirus\bullguard.exe" -bootx64-Run: [iME14 CHT Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Logx64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard Antivirus\Antiphishing\IE\BGAntiphishingIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Dummy\AppData\Roaming\Mozilla\Firefox\Profiles\dt45wiuz.default\.============= SERVICES / DRIVERS ===============.R1 BdSpy;BdSpy;C:\Windows\System32\drivers\BdSpy.sys [2010-3-12 63712]R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-5-27 56344]R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-5-27 172632]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-9-11 25928]R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-5-27 1002848]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-5-27 408680]R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]S3 clwvd;HP Webcam Splitter;C:\Windows\System32\drivers\clwvd.sys [2010-9-4 31088]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-10-9 59392].=============== Created Last 30 ================.2013-09-19 12:18:12 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1C9F920F-15EF-416F-997E-66969C167C17}\offreg.dll2013-09-18 14:05:44 -------- d-sh--w- C:\$RECYCLE.BIN2013-09-18 12:59:32 -------- d-----w- C:\Program Files (x86)\ESET2013-09-18 11:09:11 -------- d-----w- C:\Users\Dummy\AppData\Local\temp2013-09-17 15:03:56 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1C9F920F-15EF-416F-997E-66969C167C17}\mpengine.dll2013-09-14 11:50:51 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-09-11 14:50:20 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-09-03 13:53:52 187248 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll2013-08-31 06:47:36 -------- d-----w- C:\Users\Dummy\AppData\Local\SCE2013-08-25 13:34:12 -------- d-----w- C:\Users\Dummy\AppData\Roaming\RealNetworks2013-08-25 13:33:16 -------- d-----w- C:\Program Files (x86)\RealNetworks2013-08-25 13:33:08 -------- d-----w- C:\ProgramData\RealNetworks2013-08-23 15:14:49 91544 ----a-w- C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll2013-08-22 05:54:57 -------- d-----w- C:\Program Files\HitmanPro2013-08-22 05:40:23 -------- d-----w- C:\ProgramData\HitmanPro2013-08-22 05:34:02 -------- d--h--w- C:\ProgramData\Common Files2013-08-22 05:34:02 -------- d-----w- C:\Users\Dummy\AppData\Local\MFAData2013-08-22 05:34:02 -------- d-----w- C:\Users\Dummy\AppData\Local\Avg20132013-08-22 05:34:02 -------- d-----w- C:\ProgramData\MFAData2013-08-21 11:28:23 -------- d-----w- C:\Users\Dummy\AppData\Local\ApplicationHistory.==================== Find3M ====================.2013-09-19 20:14:45 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-09-19 20:14:45 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-08-25 13:30:32 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll2013-08-25 13:30:32 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys2013-08-06 20:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll2013-07-29 19:40:55 0 ----a-w- C:\Windows\SysWow64\sho650B.tmp2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2013-07-18 17:16:44 0 ----a-w- C:\Windows\SysWow64\sho8616.tmp2013-07-17 19:01:44 0 ----a-w- C:\Windows\SysWow64\sho66EA.tmp2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-07-05 18:53:29 0 ----a-w- C:\Windows\SysWow64\sho702A.tmp2013-07-04 23:32:26 0 ----a-w- C:\Windows\SysWow64\sho11DE.tmp2013-06-30 01:46:01 0 ----a-w- C:\Windows\SysWow64\shoB46F.tmp2013-06-26 11:21:50 23208 ----a-w- C:\Windows\System32\drivers\Sftvollh.sys2013-06-26 11:21:48 28840 ----a-w- C:\Windows\System32\drivers\Sftredirlh.sys2013-06-26 11:21:46 273576 ----a-w- C:\Windows\System32\drivers\Sftplaylh.sys2013-06-26 11:21:46 1777320 ----a-w- C:\Windows\System32\sftldr.dll2013-06-26 11:21:46 1130664 ----a-w- C:\Windows\SysWow64\sftldr_wow64.dll2013-06-26 11:21:44 767144 ----a-w- C:\Windows\System32\drivers\Sftfslh.sys2013-06-24 23:17:55 0 ----a-w- C:\Windows\SysWow64\sho88E6.tmp2013-06-23 16:26:23 0 ----a-w- C:\Windows\SysWow64\sho9F5F.tmp2013-06-22 20:00:41 0 ----a-w- C:\Windows\SysWow64\shoB822.tmp.============= FINISH: 15:44:49.78 =============== Attached.txt .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 家用進階版 Boot Device: \Device\HarddiskVolume1Install Date: 4/8/2011 16:41:08System Uptime: 20/9/2013 6:41:18 (9 hours ago).Motherboard: Hewlett-Packard | | 2AA6Processor: Intel® Core i3 CPU 560 @ 3.33GHz | CPU 1 | 2266/133mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 916 GiB total, 705.631 GiB free.D: is FIXED (NTFS) - 15 GiB total, 1.89 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}Description: USB 視訊裝置Device ID: USB\VID_04F2&PID_B2B2&MI_00\7&2BE61223&0&0000Manufacturer: MicrosoftName: USB WebcamPNP Device ID: USB\VID_04F2&PID_B2B2&MI_00\7&2BE61223&0&0000Service: usbvideo.Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}Description: HP Webcam SplitterDevice ID: ROOT\MEDIA\0000Manufacturer: CyberLinkName: HP Webcam SplitterPNP Device ID: ROOT\MEDIA\0000Service: clwvd.==== System Restore Points ===================.RP260: 18/9/2013 20:55:32 - ComboFix created restore point.==== Installed Programs ======================.7-Zip 9.20 (x64 edition)ABBYY FineReader 9.0 SprintActiveCheck component for HP Active Support LibraryAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.8)Agatha Christie - Peril at End HouseAkamai NetSession InterfaceAlien SwarmBejeweled 2 DeluxeBing BarBing Rewards Client InstallerBlackhawk Striker 2Blasterball 3Bounce SymphonyBuild Your Own Net Dream (remove only)BullGuard Antivirus 9.0BYONDCake ManiaChampions Online: Free For AllChuzzle DeluxeCounter-Strike Online 客戶端CyberLink DVD Suite DeluxeD3DX10Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDora's World AdventureDragons ProphetDVD Menu Pack for HP MediaSmart VideoEpson Easy Photo Print 2Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)Epson Event ManagerEPSON ME 330 Series 用?指南EPSON ScanESET Online Scanner v3 Link to post Share on other sites More sharing options...
Psychotic Posted September 20, 2013 ID:732399 Share Posted September 20, 2013 Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding. Combofix should only be used when adviced by a trained specialist! :-/ Please post up C:\combofix.txt Link to post Share on other sites More sharing options...
Whitespace Posted September 20, 2013 Author ID:732401 Share Posted September 20, 2013 ComboFix 13-09-17.01 - Dummy 09/2013 週三 18:56:16.1.4 - x64Microsoft Windows 7 家用進階版 6.1.7601.1.950.852.3076.18.3959.642 [GMT 8:00]執行位置: c:\users\gfdghhshdhfg\Downloads\ComboFix.exeAV: BullGuard Antivirus *Disabled/Outdated* {504FFF66-3028-EB7E-2E60-62B19ADD791C}SP: BullGuard Antispyware *Disabled/Outdated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\-\AppData\Local\Google\Chrome\User Data\Default\Preferencesc:\users\gfdghhshdhfg\AppData\Local\assembly\tmpc:\users\gfdghhshdhfg\AppData\Local\Google\Chrome\User Data\Default\Preferencesc:\users\gfdghhshdhfg\Documents\~WRL4101.tmpc:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Preferencesc:\windows\apppatch\AppLoc.exe..((((((((((((((((((((((((( 2013-08-18 至 2013-09-18 的新的檔案 )))))))))))))))))))))))))))))))..2013-09-18 11:06 . 2013-09-18 11:06 -------- d-----w- c:\users\hedev\AppData\Local\temp2013-09-18 11:06 . 2013-09-18 11:06 -------- d-----w- c:\users\Dummy\AppData\Local\temp2013-09-18 11:06 . 2013-09-18 11:06 -------- d-----w- c:\users\Default\AppData\Local\temp2013-09-18 11:06 . 2013-09-18 11:06 -------- d-----w- c:\users\hp.hp-HP\AppData\Local\temp2013-09-17 15:03 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C9F920F-15EF-416F-997E-66969C167C17}\mpengine.dll2013-09-14 11:50 . 2013-09-17 11:01 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2013-09-11 14:50 . 2013-04-04 06:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2013-08-31 06:55 . 2013-08-31 06:59 -------- d-----w- c:\users\gfdghhshdhfg\AppData\Roaming\Natural Selection 22013-08-31 06:47 . 2013-08-31 06:47 -------- d-----w- c:\users\Dummy\AppData\Local\SCE2013-08-25 13:34 . 2013-08-25 13:34 -------- d-----w- c:\users\Dummy\AppData\Roaming\RealNetworks2013-08-25 13:33 . 2013-08-25 13:33 -------- d-----w- c:\program files (x86)\RealNetworks2013-08-25 13:33 . 2013-08-25 13:33 -------- d-----w- c:\programdata\RealNetworks2013-08-22 05:54 . 2013-08-22 05:55 -------- d-----w- c:\program files\HitmanPro2013-08-22 05:40 . 2013-08-22 06:05 -------- d-----w- c:\programdata\HitmanPro2013-08-22 05:34 . 2013-08-22 05:35 -------- d-----w- c:\programdata\MFAData2013-08-22 05:34 . 2013-08-22 05:34 -------- d--h--w- c:\programdata\Common Files2013-08-22 05:34 . 2013-08-22 05:34 -------- d-----w- c:\users\Dummy\AppData\Local\MFAData2013-08-22 05:34 . 2013-08-22 05:34 -------- d-----w- c:\users\Dummy\AppData\Local\Avg20132013-08-21 11:28 . 2013-08-21 11:28 -------- d-----w- c:\users\Dummy\AppData\Local\ApplicationHistory...(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-09-11 19:16 . 2011-11-27 01:53 79143768 ----a-w- c:\windows\system32\MRT.exe2013-08-25 13:30 . 2012-06-30 13:35 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll2013-08-25 13:30 . 2012-06-30 13:35 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll2013-08-06 20:22 . 2011-10-08 06:52 278800 ------w- c:\windows\system32\MpSigStub.exe2013-08-02 01:48 . 2013-09-11 10:45 44032 ----a-w- c:\windows\apppatch\acwow64.dll2013-07-29 19:40 . 2013-07-29 19:40 0 ----a-w- c:\windows\SysWow64\sho650B.tmp2013-07-28 02:40 . 2012-04-12 02:50 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-07-28 02:40 . 2011-09-27 14:22 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-07-25 09:25 . 2013-08-14 14:45 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL2013-07-25 08:57 . 2013-08-14 14:45 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL2013-07-20 10:55 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2013-07-19 01:58 . 2013-08-14 14:46 2048 ----a-w- c:\windows\system32\tzres.dll2013-07-19 01:41 . 2013-08-14 14:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll2013-07-18 17:16 . 2013-07-18 17:16 0 ----a-w- c:\windows\SysWow64\sho8616.tmp2013-07-17 19:01 . 2013-07-17 19:01 0 ----a-w- c:\windows\SysWow64\sho66EA.tmp2013-07-09 05:52 . 2013-08-14 14:47 224256 ----a-w- c:\windows\system32\wintrust.dll2013-07-09 05:51 . 2013-08-14 14:45 1217024 ----a-w- c:\windows\system32\rpcrt4.dll2013-07-09 05:46 . 2013-08-14 14:47 1472512 ----a-w- c:\windows\system32\crypt32.dll2013-07-09 05:46 . 2013-08-14 14:47 184320 ----a-w- c:\windows\system32\cryptsvc.dll2013-07-09 05:46 . 2013-08-14 14:47 139776 ----a-w- c:\windows\system32\cryptnet.dll2013-07-09 04:52 . 2013-08-14 14:45 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll2013-07-09 04:52 . 2013-08-14 14:47 175104 ----a-w- c:\windows\SysWow64\wintrust.dll2013-07-09 04:46 . 2013-08-14 14:47 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll2013-07-09 04:46 . 2013-08-14 14:47 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll2013-07-09 04:46 . 2013-08-14 14:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll2013-07-06 06:03 . 2013-08-14 14:44 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-07-05 18:53 . 2013-07-05 18:53 0 ----a-w- c:\windows\SysWow64\sho702A.tmp2013-07-04 23:32 . 2013-07-04 23:32 0 ----a-w- c:\windows\SysWow64\sho11DE.tmp2013-06-30 01:46 . 2013-06-30 01:46 0 ----a-w- c:\windows\SysWow64\shoB46F.tmp2013-06-26 11:21 . 2013-06-26 11:21 23208 ----a-w- c:\windows\system32\drivers\Sftvollh.sys2013-06-26 11:21 . 2013-06-26 11:21 28840 ----a-w- c:\windows\system32\drivers\Sftredirlh.sys2013-06-26 11:21 . 2013-06-26 11:21 273576 ----a-w- c:\windows\system32\drivers\Sftplaylh.sys2013-06-26 11:21 . 2013-06-26 11:21 1777320 ----a-w- c:\windows\system32\sftldr.dll2013-06-26 11:21 . 2013-06-26 11:21 1130664 ----a-w- c:\windows\SysWow64\sftldr_wow64.dll2013-06-26 11:21 . 2013-06-26 11:21 767144 ----a-w- c:\windows\system32\drivers\Sftfslh.sys2013-06-24 23:17 . 2013-06-24 23:17 0 ----a-w- c:\windows\SysWow64\sho88E6.tmp2013-06-23 16:26 . 2013-06-23 16:26 0 ----a-w- c:\windows\SysWow64\sho9F5F.tmp2013-06-22 20:00 . 2013-06-22 20:00 0 ----a-w- c:\windows\SysWow64\shoB822.tmp..((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))..*注意* 空白與合法缺省登錄將不會被顯示 REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]"MsgCenterExe"="c:\program files (x86)\real\realplayer\update\RealOneMessageCenter.exe" [2013-08-25 83072].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe" [2010-07-21 2095616]"BATINDICATORHL"="c:\program files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe" [2010-07-23 557056]"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-10-22 895512]"IME14 CHT Setup"="c:\progra~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2012-03-13 81200]"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-08-25 295512]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]"Malwarebytes Anti-Malware"="c:\users\gfdghhshdhfg\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2013-04-04 1127496].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e00d0404] IME File REG_SZ IMTCC14.IME.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e00e0404] IME File REG_SZ IMTCQ14.IME.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e00f0404] IME File REG_SZ IMTCJ14.IME.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]@="".R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R3 BgRaSvc;BgRaSvc;c:\program files\BullGuard Ltd\BullGuard Antivirus\Support\BgRaSvc.exe;c:\program files\BullGuard Ltd\BullGuard Antivirus\Support\BgRaSvc.exe [x]R3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 WatAdminSvc;Windows 啟用技術服務;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S1 BdSpy;BdSpy;c:\windows\system32\DRIVERS\BdSpy.sys;c:\windows\SYSNATIVE\DRIVERS\BdSpy.sys [x]S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [x]S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]S2 BsBrowser;BullGuard antiphishing service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x]S2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x]S2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x]S2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x]S2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard Antivirus\BullGuardUpdate.exe;c:\program files\BullGuard Ltd\BullGuard Antivirus\BullGuardUpdate.exe [x]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]S2 ImeDictUpdateService;Microsoft IME Dictionary Update;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [x]S2 MBAMScheduler;MBAMScheduler;c:\users\gfdghhshdhfg\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\users\gfdghhshdhfg\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\users\gfdghhshdhfg\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe;c:\users\gfdghhshdhfg\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe [x]S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]S3 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard Antivirus\BullGuardScanner.exe;c:\program files\BullGuard Ltd\BullGuard Antivirus\BullGuardScanner.exe [x]S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]Akamai REG_MULTI_SZ Akamai. ‘計劃任務’ 文件夾 裡的內容.2013-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-05 10:53].2013-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-05 10:53].2013-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-423791886-1600473386-2339945710-1001Core.job- c:\users\gfdghhshdhfg\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-05 10:51].2013-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-423791886-1600473386-2339945710-1001UA.job- c:\users\gfdghhshdhfg\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-05 10:51].2013-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-423791886-1600473386-2339945710-1008Core.job- c:\users\-\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-10 16:58].2013-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-423791886-1600473386-2339945710-1008UA.job- c:\users\-\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-10 16:58].2013-08-20 c:\windows\Tasks\HPCeeScheduleForgfdghhshdhfg.job- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15].2013-08-27 c:\windows\Tasks\HPCeeScheduleForHP-HP$.job- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-13 11046504]"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]"BullGuard"="c:\program files\BullGuard Ltd\BullGuard Antivirus\bullguard.exe" [2011-10-04 2148664]"IME14 CHT Setup"="c:\progra~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2012-03-13 110896].------- 而外的掃描 -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmLSP: c:\windows\system32\BGLsp.dllTrusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comTCP: DhcpNameServer = 192.168.8.1TCP: Interfaces\{2366C26E-B6ED-4F6C-B00D-8F3E71CF3A8E}: NameServer = 203.198.23.208 218.102.32.208TCP: Interfaces\{2FC9F5EA-3143-44E7-AC3A-069298D7F349}: NameServer = 203.198.23.208 218.102.32.208FF - ProfilePath - c:\users\Dummy\AppData\Roaming\Mozilla\Firefox\Profiles\dt45wiuz.default\.- - - - ORPHANS REMOVED - - - -.Wow6432Node-HKLM-Run-<NO NAME> - (no file)HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startAddRemove-Katawa Shoujo - c:\users\gfdghhshdhfg\Desktop\Katawa Shoujo\Uninstall Katawa Shoujo.exeAddRemove-Strange Adventures in Infinite Space - c:\users\gfdghhshdhfg\Desktop\uninstall.exeAddRemove-{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8} - c:\program files (x86)\InstallShield Installation Information\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}\setup.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]"ImagePath"="c:\windows\system32\GameMon.des -service".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).完成時間: 2013-09-18 19:09:09ComboFix-quarantined-files.txt 2013-09-18 11:09.Pre-Run: 745,043,304,448 bytes freePost-Run: 749,323,616,256 bytes free.- - End Of File - - 419ADF378BC2ECA850F5AA4694296E93 Link to post Share on other sites More sharing options...
Psychotic Posted September 20, 2013 ID:732410 Share Posted September 20, 2013 Full System Scan with Malwarebytes AntimalwareIf not existing, please download Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If the program is already installed:Run Malwarebytes Antimalware If an update is found, it will download and install the latest version. Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected. When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt Post that log back here. Scan with ESET Online ScanPlease go to here to run the online scannner from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is unticked Click on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth Technology[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic. Link to post Share on other sites More sharing options...
Whitespace Posted September 20, 2013 Author ID:732715 Share Posted September 20, 2013 Thanks for the replies. The scans didn't find anything obvious, but I see something called ALWIL when I'm scanning with the ESET Online Scanner. I'm not sure if this affected the scanner's performance, but I can't find this ALWIL thing so I can't disable it. Anyway, here is the log from Malwarebytes: www.malwarebytes.org Database version: v2013.09.20.02 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16686Dummy :: HP-HP [administrator] Protection: Enabled 20/9/2013 17:28:13mbam-log-2013-09-20 (17-28-13).txt Scan type: Full scan (C:\|D:\|E:\|Q:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 735606Time elapsed: 2 hour(s), 13 minute(s), 24 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
Psychotic Posted September 21, 2013 ID:732839 Share Posted September 21, 2013 No, that´s ok. Then we can do the cleanup - if you are facing any issues, report that immediately.Delete junk with adwCleanerPlease download AdwCleaner to your desktop.Run adwcleaner.exe. Hit delete. When the run is finished, it will open up a text file. Please post its contents within your next reply. You´ll find the log file at C:\AdwCleaner[s1].txt also.SecurityCheckPlease download SecurityCheck: LINK1 LINK2 Save it to your desktop, start it and follow the instructions in the window. After the scan finished the (checkup.txt) will open. Copy its content to your thread. Link to post Share on other sites More sharing options...
Whitespace Posted September 21, 2013 Author ID:732848 Share Posted September 21, 2013 Thanks for the advice. Here are the logs: AdwCleaner # AdwCleaner v3.004 - Report created 21/09/2013 at 18:28:04# Updated 15/09/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Dummy - HP-HP# Running from : C:\Users\gfdghhshdhfg\Downloads\adwcleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****File Deleted : \END***** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}***** [ Browsers ] *****-\\ Internet Explorer v10.0.9200.16686-\\ Mozilla Firefox v23.0.1 (zh-TW)[ File : C:\Users\gfdghhshdhfg\AppData\Roaming\Mozilla\Firefox\Profiles\w2txq83z.default\prefs.js ][ File : C:\Users\Trololololololololol\AppData\Roaming\Mozilla\Firefox\Profiles\1xst0whj.default\prefs.js ][ File : C:\Users\Dummy\AppData\Roaming\Mozilla\Firefox\Profiles\dt45wiuz.default\prefs.js ][ File : C:\Users\Doppel\AppData\Roaming\Mozilla\Firefox\Profiles\n2kiayro.default\prefs.js ]*************************AdwCleaner[R0].txt - [2104 octets] - [21/09/2013 18:22:28]AdwCleaner[s0].txt - [2033 octets] - [21/09/2013 18:28:04]########## EOF - \AdwCleaner\AdwCleaner[s0].txt - [2093 octets] ########## SecurityCheck Results of screen317's Security Check version 0.99.73 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:``````````````BullGuard Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 29 Java 7 Update 21 Java version out of Date! Adobe Flash Player 11.8.800.168 Adobe Reader 10.1.8 Adobe Reader out of Date! Mozilla Firefox (23.0.1)````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe BullGuard Ltd BullGuard Antivirus BullGuardUpdate.exe BullGuard Ltd BullGuard Antivirus BullGuardScanner.exe BullGuard Ltd BullGuard Antivirus BullGuard.exe gfdghhshdhfg Desktop Malwarebytes' Anti-Malware mbamscheduler.exe`````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
Psychotic Posted September 21, 2013 ID:732854 Share Posted September 21, 2013 Your system is clean! Adobe Reader out of dateYour Adobe Reader is outdated. We will fix this.Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered. Run setup and follow the instructions. Click upon Start-->control panel-->add/remove programs. Search for and remove any older reader versions. Java runtime Environment out of dateYour Java runtime environment is outdated. We will fix this. Get the actual JRE from here Save jxpiinstall.exe to your desktop Close all running programs, especially your browser(s) Run jxpiinstall.exe. This will download the newest JRE installer ( Java 7 Update 4 ) and install the software when finished, go toStart-->control panel-->add/remove programs and remove all older Java versions. (if existing) When finished, reboot your computer.After the reboot Open control panel again and click the java symbol. Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears. Click Delete Files.The Delete Temporary Files dialog box appearsClick OK on Delete Temporary Files window.Click OK again. Uninstall our tools using delfixPlease follow these steps in order: In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed. In any case please download delfix to your desktop. Close all other programms and start delfix. Please check all the boxes and run the tool. delfix will now delete all found traces of our removal process [*] If there is still something left please delete it manualy. How to protect yourself System UpdatesBeeing up to date is very important. Please be sure to activate automatic updates in your control panel. Windows XP | Windows Vista | Windows 7 | windows 8 ProtectionWhat you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software. Up to date SoftwareStay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check: Secunia Online Software Inspector - Checks if your software has updates available. Filehippo Update Checkere - This tool also scans your computer for outdated software. Mozilla: Check your plugins - The webpage will tell you if you have outdated plugins in your Firefox browser. [*] BackupsThere are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice. [*] BrainsIt's no joke! You really need one of those things. It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want. Link to post Share on other sites More sharing options...
Whitespace Posted September 21, 2013 Author ID:732930 Share Posted September 21, 2013 I followed your instructions and there hasn't been any incoming IPs that are blocked. I noticed two blocked outgoing IPs two hours ago when I was doing those things though. Is that normal? Link to post Share on other sites More sharing options...
Psychotic Posted September 23, 2013 ID:733460 Share Posted September 23, 2013 Which IPs has been blocked? Link to post Share on other sites More sharing options...
Whitespace Posted September 23, 2013 Author ID:733470 Share Posted September 23, 2013 Most of the incoming ones are from 60.173.8.2XX (about 30 to 40), with some random ones. The outcoming ones are from 218.8.5X.10X. Should I post the logs? Link to post Share on other sites More sharing options...
Psychotic Posted September 23, 2013 ID:733526 Share Posted September 23, 2013 Yes, please post them up. Link to post Share on other sites More sharing options...
Whitespace Posted September 24, 2013 Author ID:733879 Share Posted September 24, 2013 These are the logs from the last three days. 23/9/2013 2013/09/23 00:08:44 +0800 HP-HP gfdghhshdhfg IP-BLOCK 210.205.6.66 (Type: incoming, Port: 5994, Process: svchost.exe)2013/09/23 00:12:45 +0800 HP-HP gfdghhshdhfg IP-BLOCK 89.248.168.224 (Type: incoming, Port: 123, Process: svchost.exe)2013/09/23 00:12:45 +0800 HP-HP gfdghhshdhfg IP-BLOCK 89.248.168.224 (Type: incoming, Port: 123, Process: svchost.exe)2013/09/23 00:12:45 +0800 HP-HP gfdghhshdhfg IP-BLOCK 89.248.168.224 (Type: incoming, Port: 123, Process: svchost.exe)2013/09/23 01:06:51 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.246 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/23 08:17:00 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/23 08:17:00 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/23 08:28:35 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/23 08:48:35 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.88 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/23 09:38:54 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/23 09:38:54 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/23 10:02:44 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/23 10:47:31 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.69 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/23 10:47:32 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.69 (Type: incoming, Port: 1174, Process: svchost.exe)2013/09/23 11:02:51 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.233 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/23 11:26:47 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/23 11:38:43 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/23 11:38:43 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/23 12:14:31 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/23 12:14:33 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/23 13:01:45 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/23 14:00:16 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/23 14:36:08 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.233 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/23 15:11:30 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/23 15:58:15 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/23 16:33:31 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/23 18:32:33 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/23 18:44:41 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/23 18:45:45 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.57 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/23 18:45:45 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.57 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/23 19:49:07 +0800 HP-HP gfdghhshdhfg IP-BLOCK 94.102.51.196 (Type: incoming, Port: 19, Process: svchost.exe)2013/09/23 20:01:12 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/23 20:01:12 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/23 20:14:30 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/23 20:22:15 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.11.211 (Type: incoming, Port: 1433, Process: svchost.exe)2013/09/23 20:22:16 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.11.211 (Type: incoming, Port: 1433, Process: svchost.exe)2013/09/23 20:30:19 +0800 HP-HP gfdghhshdhfg IP-BLOCK 42.2.151.79 (Type: incoming, Port: 7466, Process: svchost.exe)2013/09/23 20:30:19 +0800 HP-HP gfdghhshdhfg IP-BLOCK 42.2.151.79 (Type: incoming, Port: 7466, Process: svchost.exe)2013/09/23 20:30:27 +0800 HP-HP gfdghhshdhfg IP-BLOCK 42.2.151.79 (Type: incoming, Port: 7466, Process: svchost.exe)2013/09/23 22:40:57 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.88 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/23 22:48:03 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.233 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/23 23:03:51 +0800 HP-HP gfdghhshdhfg IP-BLOCK 46.166.168.105 (Type: incoming, Port: 3389, Process: svchost.exe)2013/09/23 23:47:29 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/23 23:59:14 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 1998, Process: svchost.exe) 22/9/2013 2013/09/22 08:55:25 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/22 09:07:06 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/22 09:18:36 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/22 09:30:15 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/22 10:16:57 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.233 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/22 10:52:24 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.233 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/22 11:18:21 +0800 HP-HP gfdghhshdhfg IP-BLOCK 218.8.55.109 (Type: outgoing, Port: 57345, Process: chrome.exe)2013/09/22 11:18:21 +0800 HP-HP gfdghhshdhfg IP-BLOCK 218.8.55.109 (Type: outgoing, Port: 57346, Process: chrome.exe)2013/09/22 11:18:21 +0800 HP-HP gfdghhshdhfg IP-BLOCK 218.8.55.109 (Type: outgoing, Port: 57347, Process: chrome.exe)2013/09/22 11:18:21 +0800 HP-HP gfdghhshdhfg IP-BLOCK 218.8.55.109 (Type: outgoing, Port: 57354, Process: chrome.exe)2013/09/22 14:01:29 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/22 15:25:23 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/22 17:00:57 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.233 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/22 17:12:47 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/22 17:13:11 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.88 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/22 17:24:45 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/22 17:36:46 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/22 17:48:41 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/22 18:00:45 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/22 19:10:23 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.69 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/22 19:12:49 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/22 19:36:50 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.246 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/22 21:22:27 +0800 HP-HP gfdghhshdhfg IP-BLOCK 61.160.250.96 (Type: incoming, Port: 1433, Process: svchost.exe)2013/09/22 22:04:04 +0800 HP-HP gfdghhshdhfg IP-BLOCK 37.221.170.17 (Type: outgoing, Port: 57644, Process: chrome.exe)2013/09/22 23:44:27 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/22 23:56:01 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/22 23:56:01 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe) 21/9/2013 2013/09/21 00:00:22 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/21 00:00:22 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/21 00:35:58 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 01:23:06 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.233 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 02:33:42 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 06:00:53 +0800 HP-HP (null) MESSAGE Starting protection2013/09/21 06:00:53 +0800 HP-HP (null) MESSAGE Protection started successfully2013/09/21 06:00:53 +0800 HP-HP (null) MESSAGE Starting IP protection2013/09/21 06:00:55 +0800 HP-HP (null) MESSAGE IP Protection started successfully2013/09/21 06:13:04 +0800 HP-HP gfdghhshdhfg MESSAGE Executing scheduled update: Daily2013/09/21 06:13:09 +0800 HP-HP gfdghhshdhfg MESSAGE Starting database refresh2013/09/21 06:13:09 +0800 HP-HP gfdghhshdhfg MESSAGE Stopping IP protection2013/09/21 06:13:09 +0800 HP-HP gfdghhshdhfg MESSAGE Scheduled update executed successfully: database updated from version v2013.09.20.02 to version v2013.09.20.102013/09/21 06:13:10 +0800 HP-HP gfdghhshdhfg MESSAGE IP Protection stopped successfully2013/09/21 06:13:42 +0800 HP-HP gfdghhshdhfg MESSAGE Database refreshed successfully2013/09/21 06:13:42 +0800 HP-HP gfdghhshdhfg MESSAGE Starting IP protection2013/09/21 06:13:44 +0800 HP-HP gfdghhshdhfg MESSAGE IP Protection started successfully2013/09/21 06:39:46 +0800 HP-HP gfdghhshdhfg IP-BLOCK 37.221.160.203 (Type: incoming, Port: 443, Process: pmb.exe)2013/09/21 06:39:46 +0800 HP-HP gfdghhshdhfg IP-BLOCK 37.221.160.203 (Type: incoming, Port: 443, Process: pmb.exe)2013/09/21 06:39:46 +0800 HP-HP gfdghhshdhfg IP-BLOCK 37.221.160.203 (Type: incoming, Port: 443, Process: pmb.exe)2013/09/21 07:20:57 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/21 07:32:31 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 07:55:38 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 07:55:38 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 08:41:58 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.246 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 09:05:16 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 09:05:16 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 09:05:48 +0800 HP-HP gfdghhshdhfg IP-BLOCK 93.174.93.176 (Type: incoming, Port: 53, Process: svchost.exe)2013/09/21 09:16:57 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/21 09:28:13 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.25.44 (Type: incoming, Port: 8088, Process: svchost.exe)2013/09/21 09:28:46 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 09:36:57 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.58 (Type: incoming, Port: 1174, Process: svchost.exe)2013/09/21 09:36:57 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.58 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/21 09:36:57 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.58 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 09:40:19 +0800 HP-HP gfdghhshdhfg IP-BLOCK 94.102.59.185 (Type: incoming, Port: 19, Process: svchost.exe)2013/09/21 09:44:05 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.10.7 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/21 09:52:08 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 09:55:29 +0800 HP-HP gfdghhshdhfg IP-BLOCK 94.102.59.185 (Type: incoming, Port: 19, Process: svchost.exe)2013/09/21 10:15:29 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.246 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 10:17:22 +0800 HP-HP gfdghhshdhfg IP-BLOCK 94.102.59.185 (Type: incoming, Port: 19, Process: svchost.exe)2013/09/21 10:38:42 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 10:43:32 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.25.44 (Type: incoming, Port: 8088, Process: svchost.exe)2013/09/21 10:50:22 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.233 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/21 11:25:48 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 11:35:43 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.57 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 11:35:43 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.57 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/21 12:01:23 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/21 12:13:12 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 12:13:12 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 12:25:00 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/21 12:36:49 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 12:43:15 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.25.44 (Type: incoming, Port: 8088, Process: svchost.exe)2013/09/21 13:12:26 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.233 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/21 14:11:31 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 16:54:56 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.25.44 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 16:56:16 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.246 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 17:29:57 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.88 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 18:18:31 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.248 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/21 18:30:24 +0800 HP-HP (null) MESSAGE Starting protection2013/09/21 18:30:25 +0800 HP-HP (null) MESSAGE Protection started successfully2013/09/21 18:30:25 +0800 HP-HP (null) MESSAGE Starting IP protection2013/09/21 18:30:27 +0800 HP-HP (null) MESSAGE IP Protection started successfully2013/09/21 19:19:42 +0800 HP-HP gfdghhshdhfg IP-BLOCK 218.8.51.108 (Type: outgoing, Port: 54232, Process: svchost.exe)2013/09/21 19:19:43 +0800 HP-HP gfdghhshdhfg IP-BLOCK 218.8.51.108 (Type: outgoing, Port: 54235, Process: svchost.exe)2013/09/21 21:17:53 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 21:38:22 +0800 HP-HP gfdghhshdhfg IP-BLOCK 93.174.93.176 (Type: incoming, Port: 53, Process: svchost.exe)2013/09/21 21:53:21 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/21 22:17:03 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.246 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/21 22:28:50 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 22:28:50 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.238 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 22:52:24 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.239 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 23:15:51 +0800 HP-HP gfdghhshdhfg IP-BLOCK 60.173.8.247 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 23:37:49 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.58 (Type: incoming, Port: 1174, Process: svchost.exe)2013/09/21 23:37:49 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.58 (Type: incoming, Port: 1174, Process: svchost.exe)2013/09/21 23:37:49 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.58 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/21 23:37:49 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.58 (Type: incoming, Port: 1998, Process: svchost.exe)2013/09/21 23:37:49 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.58 (Type: incoming, Port: 18186, Process: svchost.exe)2013/09/21 23:37:49 +0800 HP-HP gfdghhshdhfg IP-BLOCK 222.186.34.58 (Type: incoming, Port: 18186, Process: svchost.exe) Link to post Share on other sites More sharing options...
Psychotic Posted September 24, 2013 ID:733898 Share Posted September 24, 2013 Where do you come from and what is your internet service provider? Please write me a pm with these informations. Link to post Share on other sites More sharing options...
Psychotic Posted September 26, 2013 ID:734814 Share Posted September 26, 2013 All of these adresses are located in China.This seems to be normal internet traffic with the problem that some of these adresses have been potentially abused in the past to do criminal activity around the world and now are blacklisted and therefor be blocked.I don´t see any suspicious activity on your computer. Link to post Share on other sites More sharing options...
Whitespace Posted September 26, 2013 Author ID:734815 Share Posted September 26, 2013 I see. Thank you for your help and explanation. Link to post Share on other sites More sharing options...
Psychotic Posted September 26, 2013 ID:734826 Share Posted September 26, 2013 You´re welcome! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 30, 2013 Root Admin ID:735968 Share Posted September 30, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts