Jump to content

Google Chrome Outgoing Process


Recommended Posts

Hi I am having a problem with outgoing processes from Google Chrome.

This the log from Malwarebyes.

2012/08/06 07:54:49 +1000 SICHTER-PC (null) MESSAGE Executing scheduled update: Daily

2012/08/06 07:55:03 +1000 SICHTER-PC (null) MESSAGE Scheduled update executed successfully: database updated from version v2012.08.05.02 to version v2012.08.05.08

2012/08/06 08:08:08 +1000 SICHTER-PC SICHTER MESSAGE Starting protection

2012/08/06 08:08:10 +1000 SICHTER-PC SICHTER MESSAGE Protection started successfully

2012/08/06 08:08:13 +1000 SICHTER-PC SICHTER MESSAGE Starting IP protection

2012/08/06 08:08:13 +1000 SICHTER-PC SICHTER MESSAGE IP Protection started successfully

2012/08/06 08:08:13 +1000 SICHTER-PC SICHTER MESSAGE Starting database refresh

2012/08/06 08:08:13 +1000 SICHTER-PC SICHTER MESSAGE Stopping IP protection

2012/08/06 08:09:16 +1000 SICHTER-PC SICHTER MESSAGE IP Protection stopped

2012/08/06 08:09:17 +1000 SICHTER-PC SICHTER MESSAGE Database refreshed successfully

2012/08/06 08:09:17 +1000 SICHTER-PC SICHTER MESSAGE Starting IP protection

2012/08/06 08:09:18 +1000 SICHTER-PC SICHTER MESSAGE IP Protection started successfully

2012/08/06 08:12:14 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 49419, Process: chrome.exe)

2012/08/06 08:12:14 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 49420, Process: chrome.exe)

2012/08/06 08:15:03 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 49590, Process: chrome.exe)

2012/08/06 08:15:03 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 49591, Process: chrome.exe)

2012/08/06 08:15:03 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 49592, Process: chrome.exe)

2012/08/06 08:20:15 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 49837, Process: chrome.exe)

2012/08/06 08:20:40 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 49865, Process: chrome.exe)

2012/08/06 08:20:48 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 49872, Process: chrome.exe)

2012/08/06 08:21:20 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 49915, Process: chrome.exe)

2012/08/06 08:21:28 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 49918, Process: chrome.exe)

2012/08/06 08:21:44 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 49929, Process: chrome.exe)

2012/08/06 08:21:44 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 49943, Process: chrome.exe)

2012/08/06 08:21:52 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 49945, Process: chrome.exe)

2012/08/06 08:21:52 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 49951, Process: chrome.exe)

2012/08/06 08:22:24 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 50047, Process: chrome.exe)

2012/08/06 08:22:48 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 50079, Process: chrome.exe)

2012/08/06 08:23:37 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 50179, Process: chrome.exe)

2012/08/06 08:23:53 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 50197, Process: chrome.exe)

2012/08/06 08:24:01 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 50206, Process: chrome.exe)

2012/08/06 08:24:50 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 50304, Process: chrome.exe)

2012/08/06 08:24:58 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 50380, Process: chrome.exe)

2012/08/06 08:25:14 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 50414, Process: chrome.exe)

2012/08/06 08:25:14 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 50443, Process: chrome.exe)

2012/08/06 08:26:10 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 50551, Process: chrome.exe)

2012/08/06 08:26:10 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 50562, Process: chrome.exe)

2012/08/06 08:36:59 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 50784, Process: chrome.exe)

2012/08/06 08:37:31 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 50800, Process: chrome.exe)

2012/08/06 08:37:39 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 50822, Process: chrome.exe)

2012/08/06 08:37:55 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 50828, Process: chrome.exe)

2012/08/06 08:38:03 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 50835, Process: chrome.exe)

2012/08/06 08:38:19 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 50852, Process: chrome.exe)

2012/08/06 08:38:27 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 50857, Process: chrome.exe)

2012/08/06 08:44:04 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 51022, Process: chrome.exe)

2012/08/06 08:44:04 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 51023, Process: chrome.exe)

2012/08/06 08:44:04 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 51024, Process: chrome.exe)

2012/08/06 08:44:04 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 51058, Process: chrome.exe)

2012/08/06 08:44:04 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 51059, Process: chrome.exe)

2012/08/06 08:44:04 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 51084, Process: chrome.exe)

2012/08/06 08:44:04 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 51133, Process: chrome.exe)

2012/08/06 08:44:37 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 51158, Process: chrome.exe)

2012/08/06 08:44:45 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 51180, Process: chrome.exe)

2012/08/06 08:44:53 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 51187, Process: chrome.exe)

2012/08/06 08:44:53 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 51189, Process: chrome.exe)

2012/08/06 08:45:01 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 51193, Process: chrome.exe)

2012/08/06 08:45:01 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 51197, Process: chrome.exe)

2012/08/06 08:45:01 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 51201, Process: chrome.exe)

2012/08/06 08:45:09 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 51207, Process: chrome.exe)

2012/08/06 08:45:25 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 51224, Process: chrome.exe)

2012/08/06 08:45:25 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 51225, Process: chrome.exe)

2012/08/06 08:45:25 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 51226, Process: chrome.exe)

2012/08/06 08:45:33 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 51267, Process: chrome.exe)

2012/08/06 08:45:33 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 51278, Process: chrome.exe)

2012/08/06 08:45:33 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 51280, Process: chrome.exe)

2012/08/06 08:47:01 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 51294, Process: chrome.exe)

2012/08/06 08:47:01 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 51295, Process: chrome.exe)

2012/08/06 08:47:01 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 51296, Process: chrome.exe)

2012/08/06 08:47:01 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 51321, Process: chrome.exe)

2012/08/06 08:50:30 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 51388, Process: chrome.exe)

2012/08/06 08:50:30 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 51397, Process: chrome.exe)

2012/08/06 08:50:38 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 51401, Process: chrome.exe)

2012/08/06 08:50:38 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 51407, Process: chrome.exe)

2012/08/06 08:52:38 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 51529, Process: chrome.exe)

2012/08/06 08:52:38 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 51530, Process: chrome.exe)

2012/08/06 08:52:38 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 51531, Process: chrome.exe)

2012/08/06 08:52:38 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 51558, Process: chrome.exe)

2012/08/06 08:52:38 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 51559, Process: chrome.exe)

2012/08/06 08:52:46 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 51575, Process: chrome.exe)

2012/08/06 08:53:42 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 51616, Process: chrome.exe)

2012/08/06 08:53:42 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 51617, Process: chrome.exe)

2012/08/06 08:53:42 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 51618, Process: chrome.exe)

2012/08/06 08:53:42 +1000 SICHTER-PC SICHTER IP-BLOCK 80.87.199.15 (Type: outgoing, Port: 51628, Process: chrome.exe)

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by SICHTER at 8:17:31 on 2012-08-06

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3562.1958 [GMT 10:00]

.

AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe

C:\Windows\system32\viakaraokesrv.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\GIGABYTE\ET6\GUI.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\vVX1000.exe

C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Users\SICHTER\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\SICHTER\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\SICHTER\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\SICHTER\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Users\SICHTER\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\SICHTER\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\SICHTER\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\SICHTER\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Users\SICHTER\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\6.2.1.5\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\6.2.1.5\ips\IPSBHO.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\6.2.1.5\coIEPlg.dll

uRun: [Google Update] "c:\users\sichter\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [DAEMON Tools Lite] "e:\program files\daemon tools lite\DTLite.exe" -autorun

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [VX1000] c:\windows\vVX1000.exe

mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r

mRun: [uSB3MON] "c:\program files\intel\intel® usb 3.0 extensible host controller driver\application\iusb3mon.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRunOnce: [EasyTuneVI] c:\program files\gigabyte\et6\ETCall.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{7481CCAE-AB12-40E8-BAF9-8574DE8DC5C1} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{C53066B0-5FAE-40FF-A5D5-411D0290FE0E} : DhcpNameServer = 10.4.182.20 10.4.81.103

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys [2012-6-19 13592]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0602010.005\SymDS.sys [2012-6-19 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0602010.005\SymEFA.sys [2012-6-19 905336]

R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [2012-6-19 19056]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\bashdefs\20120711.002\BHDrvx86.sys [2012-7-13 821920]

R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0602010.005\ccSetx86.sys [2012-6-19 132744]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-6-19 242240]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\ipsdefs\20120803.002\IDSvix86.sys [2012-8-4 382624]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0602010.005\Ironx86.sys [2012-6-19 149624]

R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\0602010.005\symnets.sys [2012-6-19 318584]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-4 63928]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\intel\icls client\HeciServer.exe [2011-12-8 423136]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files\intel\intel® management engine components\dal\Jhi_service.exe [2012-6-19 161560]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-5 655944]

R2 N360;Norton 360;c:\program files\norton 360\engine\6.2.1.5\ccSvcHst.exe [2012-6-19 138232]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-6-20 1262400]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-5-15 382272]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2012-6-19 363800]

R2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\ViakaraokeSrv.exe [2012-6-19 27760]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-7-22 106656]

R3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2012-6-19 24944]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys [2012-6-19 348440]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys [2012-6-19 791832]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2012-6-19 88176]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-5 22344]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-8-6 40776]

R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2012-6-19 46080]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-6-20 148800]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-6-19 1822832]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 etdrv;etdrv;c:\windows\etdrv.sys [2012-6-20 17488]

S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files\intel\intel® integrated clock controller service\ICCProxy.exe [2012-6-19 160256]

S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2012-3-26 18432]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-6-20 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-6-19 1343400]

.

=============== Created Last 30 ================

.

2012-08-05 22:14:23 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-08-05 08:28:53 -------- d-----w- c:\users\sichter\appdata\roaming\Malwarebytes

2012-08-05 08:28:48 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-05 08:28:48 -------- d-----w- c:\programdata\Malwarebytes

2012-08-05 08:28:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-08-05 08:12:52 -------- d-----w- c:\program files\CCleaner

2012-07-22 11:59:31 -------- d-----r- c:\program files\Skype

2012-07-19 06:55:41 -------- d-----w- c:\users\sichter\appdata\local\WinZip

2012-07-11 11:02:31 2345984 ----a-w- c:\windows\system32\win32k.sys

.

==================== Find3M ====================

.

2012-08-05 22:08:19 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys

2012-08-05 22:08:06 17488 ----a-w- c:\windows\gdrv.sys

2012-06-27 08:40:40 59 ----a-w- c:\windows\wpd99.drv

2012-06-27 07:02:40 36864 ----a-w- c:\windows\system32\pdf995mon.dll

2012-06-27 07:02:40 1667072 ----a-w- c:\windows\system32\pdfmona.dll

2012-06-21 07:02:44 152576 ----a-w- c:\windows\system32\msclmd.dll

2012-06-19 21:43:34 17488 ----a-w- c:\windows\etdrv.sys

2012-06-19 03:29:34 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2012-06-19 02:19:16 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll

2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-02 05:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 05:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll

2012-05-24 21:18:40 4472832 ----a-w- c:\windows\system32\GPhotos.scr

2012-05-15 09:28:49 645440 ----a-w- c:\windows\system32\nvvsvc.exe

2012-05-15 09:28:49 62272 ----a-w- c:\windows\system32\nvshext.dll

2012-05-15 09:28:49 2621723 ----a-w- c:\windows\system32\nvcoproc.bin

2012-05-15 09:28:49 108352 ----a-w- c:\windows\system32\nvmctray.dll

2012-05-15 09:28:48 3931456 ----a-w- c:\windows\system32\nvcpl.dll

2012-05-15 09:27:28 2759488 ----a-w- c:\windows\system32\nvsvc.dll

2012-05-14 16:21:50 423744 ----a-w- c:\windows\system32\nvStreaming.exe

.

============= FINISH: 8:17:57.46 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 19/06/12 11:11:40 AM

System Uptime: 06/08/12 7:52:14 AM (1 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | H77M-D3H

Processor: Intel® Core i5-3550 CPU @ 3.30GHz | Intel® Core i5-3550 CPU @ 3.30GHz | 3701/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 50 GiB total, 26.148 GiB free.

E: is FIXED (NTFS) - 416 GiB total, 407.627 GiB free.

F: is FIXED (NTFS) - 298 GiB total, 219.748 GiB free.

G: is CDROM ()

H: is CDROM ()

Z: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP51: 04/08/12 8:23:11 AM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

Adobe Reader X (10.1.3)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

BankLink BNotes

BankLink Books 2012

Bonjour

CCleaner

DAEMON Tools Lite

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Easy Tune 6 B12.0402.1

Google Chrome

HP Deskjet 3050 J610 series Basic Device Software

HP Deskjet 3050 J610 series Help

HP Update

Intel® Management Engine Components

Intel® USB 3.0 eXtensible Host Controller Driver

Intel® Trusted Connect Service Client

iTunes

Java Auto Updater

Java 7 Update 5

JavaFX 2.1.1

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft .NET Framework 4 Client Profile

Microsoft Corporation

Microsoft LifeCam

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Norton 360

NVIDIA 3D Vision Controller Driver 301.42

NVIDIA 3D Vision Driver 301.42

NVIDIA Control Panel 301.42

NVIDIA Display Control Panel

NVIDIA Graphics Driver 301.42

NVIDIA HD Audio Driver 1.3.16.0

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0213

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.8.15

NVIDIA Update Components

ON_OFF Charge B11.1102.1

Pdf995

Picasa 3

Platform

SanDisk_Button_Manager.exe

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition

Sid Meier's Civilization V

Skype™ 5.10

Steam

TP-LINK Wireless Client Utility

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

VIA Platform Device Manager

Vuze

Windows 7 Codec Pack 4.0.3

WinZip 16.5

.

==== Event Viewer Messages From Past Week ========

.

02/08/12 6:46:50 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer BECC-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{7481CCAE-AB12-40E8-BAF9-8574DE8DC5. The master browser is stopping or an election is being forced.

02/08/12 6:46:23 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

.

==== End Of File ===========================

Link to post
Share on other sites

Hello and welcome to MBAM forum, sichter88: :)

That particular IP maps to somewhere in Russia.

I presume that you suspect you might be infected?

We cannot review scan logs or work on malware related issues here in this particular sub-section of the forum.

Please follow the steps below to have a qualified malware expert review those logs and provide guided help with checking and cleaning your system. (You've already run DDS, which is good.)

IF YOU WOULD LIKE EXPERT HELP WITH MALWARE REMOVAL, PLEASE CHOOSE ONE OF THE FOLLOWING 3 OPTIONS:

OPTION 1: Free, one-on-one, expert assistance in the Malware Removal Forum.

OPTION 2: For licensed users of MBAM PRO, there is free, one-on-one, expert assistance from the MBAM support helpdesk.

OPTION 3: Fee-based, one-on-one, expert assistance from Premium Support.

OPTION 1:

  • When starting your new post, please note the following:
  • Please do NOT post in a topic started by someone else, even if their problem sounds similar.
  • Please COPY/PASTE the requested logs directly into your post, rather than attaching them.
  • Under options, please be sure to select "track this topic" and "immediate email notification", so you'll know when a helper responds.
  • Please be patient - it may be 48 hours or more before a helper can assist you, especially when the forum is very busy.
  • Please do NOT "bump" your topic or reply back to it for at least 48 hours.
  • Doing so may cause your topic to be overlooked, as it will appear that you are already being helped.

OPTION 2:

If you are a paid user of MBAM PRO and would like support via the helpdesk, please contact them here.

OPTION 3:

If you prefer the Malwarebytes Premium Services (comprehensive solutions to all your computer support needs – from installation and set-up to troubleshooting and tune-ups), please go to the Premium Support site here.

Please be patient – someone will assist you as soon as possible.

Thank you very much,

daledoc1

PS --> There is more information about the IP blocking module in the FAQ - Section G (and in the Helpdesk topics HERE and HERE).

They also contain instructions on how to determine what process might be trying to make the connections.

ALSO: I noticed that you are running both Skype and P2P client software (Vuze).

You might want to refer to these articles from the Support FAQ:

Skype block: Why does Malwarebytes Anti-Malware block Skype?

Torrent/P2P block: Why does Malwarebytes Anti-Malware block BitTorrent or other Peer to Peer Clients?

You may also research the IP in question at www.ip-lookup.net or a similar site.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.