Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Svchost connecting to ips on startup


  • This topic is locked This topic is locked
14 replies to this topic

#1 BRite72

BRite72

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 27 September 2011 - 02:27 PM

Original Topic: http://www.bleepingcomputer.com/forums/topic420437.html

As said in the previous topic linked above at start up svchost connects to some strange IPs through private ports to which it sends and receives some data. After finally getting around to use Process Explorer and TCPView this boot it looks like the svchost that is doing this has SSDP discovery and Windows Font Cache running in it with it connecting,sending,and receiving through 60492 and just sending though 60493.

GMER came up clean in the last topic but I am running 64-bit and there are problems I hear with it and 64-bit OSs.

Here is the DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Zed at 15:10:08 on 2011-09-27
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.2644 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files (x86)\Vidalia Bundle\Tor\tor.exe
C:\Program Files (x86)\Vidalia Bundle\Polipo\polipo.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\system32\mmc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Vidalia] "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe"
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B49D5A44-146E-49E2-887B-54E48DE37A11} : NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{B49D5A44-146E-49E2-887B-54E48DE37A11} : DhcpNameServer = 192.168.1.1
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Zed\AppData\Roaming\Mozilla\Firefox\Profiles\ogm8wkoj.default\
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-9-20 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-9-20 269480]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-9-20 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-20 378472]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-8-27 156288]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;C:\Windows\system32\DRIVERS\WN111v2x.sys --> C:\Windows\system32\DRIVERS\WN111v2x.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-26 14648]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-09-27 18:15:59 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{18149997-4E4D-4B17-AA99-90B349777001}\offreg.dll
2011-09-27 01:39:17 -------- d-----w- C:\Program Files (x86)\ESET
2011-09-24 15:49:59 -------- d-----w- C:\Users\Zed\AppData\Roaming\Beat Hazard
2011-09-23 17:59:21 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-09-23 17:59:19 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{18149997-4E4D-4B17-AA99-90B349777001}\mpengine.dll
2011-09-22 04:31:36 -------- d-----w- C:\Users\Zed\AppData\Local\THQ
2011-09-22 04:31:16 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll
2011-09-22 04:31:16 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll
2011-09-22 04:31:16 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll
2011-09-22 04:31:16 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll
2011-09-22 04:31:15 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll
2011-09-22 04:31:15 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2011-09-21 16:59:34 -------- d-----w- C:\Users\Zed\riotsGamesLogs
2011-09-21 16:58:46 -------- d-----w- C:\Users\Zed\AppData\Roaming\LolClient
2011-09-21 02:48:51 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2011-09-21 02:48:51 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2011-09-21 02:48:50 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2011-09-21 02:45:34 -------- d-----w- C:\Riot Games
2011-09-21 02:17:49 -------- d-----w- C:\Program Files (x86)\Pando Networks
2011-09-21 00:40:01 -------- d-----w- C:\Windows\Panther
2011-09-21 00:37:50 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2011-09-21 00:37:17 -------- d-----w- C:\Users\Zed\AppData\Roaming\.purple
2011-09-21 00:30:20 -------- d-----r- C:\Program Files (x86)\Skype
2011-09-21 00:27:57 -------- d-----w- C:\Program Files (x86)\Pidgin
2011-09-21 00:17:16 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2011-09-21 00:17:15 -------- d-----w- C:\Program Files (x86)\Steam
2011-09-20 23:58:22 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
2011-09-20 23:58:06 -------- d-----w- C:\Windows\PCHEALTH
2011-09-20 23:45:01 -------- d-----w- C:\Program Files (x86)\Combined Community Codec Pack
2011-09-20 23:42:57 508264 ----a-w- C:\Windows\System32\d3dx10_36.dll
2011-09-20 23:40:00 -------- d--h--w- C:\Windows\msdownld.tmp
2011-09-20 23:39:50 -------- d-----w- C:\Windows\SysWow64\directx
2011-09-20 23:39:33 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll
2011-09-20 23:39:33 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll
2011-09-20 23:39:33 238936 ----a-w- C:\Windows\SysWow64\xactengine3_6.dll
2011-09-20 23:39:32 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll
2011-09-20 23:39:32 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll
2011-09-20 23:39:32 3495784 ----a-w- C:\Windows\SysWow64\d3dx9_33.dll
2011-09-20 23:39:32 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll
2011-09-20 23:39:21 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2011-09-20 22:53:50 -------- d-----w- C:\Windows\System32\SPReview
2011-09-20 22:53:35 -------- d-----w- C:\Windows\System32\EventProviders
2011-09-20 22:48:59 867840 ----a-w- C:\Windows\System32\SearchFolder.dll
2011-09-20 22:47:59 73728 ----a-w- C:\Windows\System32\tlscsp.dll
2011-09-20 22:46:53 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-09-20 22:46:53 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2011-09-20 22:46:50 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2011-09-20 22:44:11 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-09-20 22:44:11 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-09-20 22:44:11 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-09-20 22:44:11 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-09-20 22:44:11 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-09-20 22:32:37 -------- d-----w- C:\Program Files\Sandboxie
2011-09-20 22:25:25 -------- d-----w- C:\Windows\SysWow64\Wat
2011-09-20 22:25:25 -------- d-----w- C:\Windows\System32\Wat
2011-09-20 21:56:17 -------- d-----w- C:\Users\Zed\AppData\Roaming\Avira
2011-09-20 21:50:07 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-09-20 21:50:07 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-09-20 21:48:54 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-20 21:47:24 -------- d-----w- C:\Program Files\Microsoft Windows Performance Toolkit
2011-09-20 21:47:00 -------- d-----w- C:\Program Files\Debugging Tools for Windows (x64)
2011-09-20 21:46:40 -------- d-----w- C:\Program Files\Application Verifier (x64)
2011-09-20 21:46:40 -------- d-----w- C:\Program Files (x86)\Application Verifier
2011-09-20 21:43:31 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-20 21:42:49 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-09-20 21:40:17 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-09-20 21:40:16 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-09-20 21:40:16 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-09-20 21:29:31 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-09-20 21:27:46 -------- d-----w- C:\Users\Zed\AppData\Roaming\Malwarebytes
2011-09-20 21:26:31 -------- d-----w- C:\Program Files\CCleaner
2011-09-20 21:19:47 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-09-20 21:19:47 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-09-20 21:16:26 -------- d-----w- C:\Users\Zed\AppData\Local\Mozilla
2011-09-20 21:16:25 -------- d-----w- C:\Users\Zed\AppData\Roaming\Tor
2011-09-20 21:16:25 -------- d-----w- C:\Program Files (x86)\Vidalia Bundle
2011-09-20 21:15:30 110592 ----a-w- C:\Windows\System32\rtvcvfw32.dll
2011-09-20 21:15:27 -------- d-----w- C:\Program Files (x86)\MSI Afterburner
2011-09-20 21:15:02 -------- d-----w- C:\Program Files\Core Temp
2011-09-20 21:12:34 -------- d--h--w- C:\VritualRoot
2011-09-20 21:08:55 -------- d-----w- C:\Program Files\COMODO
2011-09-20 21:08:25 -------- d-----w- C:\ProgramData\Comodo
2011-09-20 21:06:48 -------- d-----w- C:\Users\Zed\AppData\Roaming\SUPERAntiSpyware.com
2011-09-20 21:06:33 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-09-20 21:06:33 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-09-20 21:06:17 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2011-09-20 21:06:17 1071088 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2011-09-20 21:06:16 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2011-09-20 21:06:00 -------- d-----w- C:\ProgramData\Malwarebytes
2011-09-20 21:05:57 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-09-20 21:05:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-20 21:04:26 88288 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2011-09-20 21:04:25 -------- d-----w- C:\ProgramData\Avira
2011-09-20 21:04:25 -------- d-----w- C:\Program Files (x86)\Avira
2011-09-20 20:56:42 16896 ----a-w- C:\Windows\AsTaskSched.dll
2011-09-20 20:56:03 414632 ------w- C:\Windows\difxapi.dll
2011-09-20 20:56:03 -------- d-----w- C:\Program Files (x86)\VIA
2011-09-20 20:55:25 -------- d-----w- C:\Program Files (x86)\NEC Electronics
2011-09-20 20:54:56 -------- d-sh--w- C:\Windows\Installer
2011-09-20 20:54:55 -------- d-----w- C:\Users\Zed\AppData\Local\Downloaded Installations
2011-09-20 20:54:28 -------- d-----w- C:\Program Files (x86)\Marvell
2011-09-20 20:53:55 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2011-09-20 20:53:51 -------- d-----w- C:\Intel
2011-09-20 20:52:10 992368 ----a-w- C:\Windows\System32\VIAPropPageExt.dll
2011-09-20 20:52:10 91760 ----a-w- C:\Windows\System32\Dts2PropPageExt.dll
2011-09-20 20:52:10 86016 ----a-w- C:\Windows\System32\nQPropPageExt.dll
2011-09-20 20:52:10 83056 ----a-w- C:\Windows\System32\ViaMicArrayPropPageExt.dll
2011-09-20 20:52:10 82432 ----a-w- C:\Windows\System32\nQAPO.dll
2011-09-20 20:52:10 549488 ----a-w- C:\Windows\System32\VIASysFx.dll
2011-09-20 20:52:10 248944 ----a-w- C:\Windows\System32\Dts2APO.dll
2011-09-20 20:52:10 199280 ----a-w- C:\Windows\System32\ViaMicArrayAPO.dll
2011-09-20 20:52:10 1342064 ----a-w- C:\Windows\System32\drivers\viahduaa.sys
2011-09-20 20:52:06 553472 ----a-w- C:\Windows\System32\drivers\WN111v2x.sys
.
==================== Find3M ====================
.
2011-09-20 23:05:44 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-09-20 23:05:43 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-08-01 19:59:06 45416 ----a-w- C:\Windows\System32\drivers\point64.sys
2011-08-01 19:59:06 1721576 ----a-w- C:\Windows\System32\wdfcoinstaller01009.dll
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 05:26:20 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-07-09 04:29:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-30 13:38:10 41712 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2011-06-30 13:38:08 252344 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2011-06-30 13:38:08 16016 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2011-06-30 13:37:26 363560 ----a-w- C:\Windows\System32\guard64.dll
2011-06-30 13:37:26 285256 ----a-w- C:\Windows\SysWow64\guard32.dll
.
============= FINISH: 15:10:41.96 ===============

Sorry, forgot to attach the other file.

Attached Files


Edited by BRite72, 27 September 2011 - 02:29 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:52 PM

Posted 02 October 2011 - 02:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/420734 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:52 PM

Posted 02 October 2011 - 03:11 PM

Hi,

from my research all three IPs you listed are related to NTT America and Akamai. Do you know when that traffic started?

I'm not seeing anything obvious in the DDS log. Could you please run a scan with aswMBR:
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Are you familiar with Neustar, Inc?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 BRite72

BRite72
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 02 October 2011 - 05:14 PM

Sorry for revising my story but there are new things that are happening or wanting to bring attention to. First off is that on start up svchost.exe with a different PID nearly every time sends data though a outbound connection to a seemingly different and unknown IP and receives a little bit of data back through this connection after which this connection closes. Along with that I have services.exe listening to port 49155, system listening to port 445, and lsass.exe listening to port 49157 all of which are TCP. Then there is svchost connecting to 2xx.2xx.2xx.2xx (like 239.255.255.250 currently) ips at start up as well.

But as stated in the first topic by me:

The IPs are:

128.242.168.241
128.242.186.247
204.245.162.51

As of this current boot though netstat -a it shows a connection to 128.242.186.247:http through port 57716 with TCP after which to which now has closed.


Also before I looked into this COMODO gave a alert that 192.168.1.1 (which I am almost certain is my router) through port 1033 wanted a UDP in through port 1900, which I blocked.

A similar scenario also happens on my old Vista 32-bit computer as well but that is secondary and I only bring it up because I was trying to see is this was normal, one thing that did stand out is that I think svchost there connected to ips related to google and akamai or it could have been googleupdate but I am fairly certain it was svchost.

As for the logs here they are except for the GMER log due to running a 64-bit OS. The only real difference I know of since the previous logs I have used 3 USB immunization programs(Panda, Bitdefender, and one hosted here that didn't work due to 64-bit), Trendmicro Housecall which came up clean. I also will say that SuperAntiSpyware and Avira have given me all clean results. I really hope it is just me being a hypochondriac involving malware instead of something actually serious and I also apologize for the scrambled nature of this post I'm just trying to get all the information I know out.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Zed at 18:01:11 on 2011-10-02
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.2565 [GMT -4:00]
.
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\Vidalia Bundle\Tor\tor.exe
C:\Program Files (x86)\Vidalia Bundle\Polipo\polipo.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Vidalia] "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe"
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B49D5A44-146E-49E2-887B-54E48DE37A11} : NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{B49D5A44-146E-49E2-887B-54E48DE37A11} : DhcpNameServer = 192.168.1.1
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Zed\AppData\Roaming\Mozilla\Firefox\Profiles\ogm8wkoj.default\
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amdxata;amdxata;C:\Windows\system32\drivers\amdxata.sys --> C:\Windows\system32\drivers\amdxata.sys [?]
R0 CLFS;Common Log (CLFS);C:\Windows\system32\CLFS.sys --> C:\Windows\system32\CLFS.sys [?]
R0 CNG;CNG;C:\Windows\system32\Drivers\cng.sys --> C:\Windows\system32\Drivers\cng.sys [?]
R0 FileInfo;File Information FS MiniFilter;C:\Windows\system32\drivers\fileinfo.sys --> C:\Windows\system32\drivers\fileinfo.sys [?]
R0 fvevol;Bitlocker Drive Encryption Filter Driver;C:\Windows\system32\DRIVERS\fvevol.sys --> C:\Windows\system32\DRIVERS\fvevol.sys [?]
R0 hwpolicy;Hardware Policy Driver;C:\Windows\system32\drivers\hwpolicy.sys --> C:\Windows\system32\drivers\hwpolicy.sys [?]
R0 KSecPkg;KSecPkg;C:\Windows\system32\Drivers\ksecpkg.sys --> C:\Windows\system32\Drivers\ksecpkg.sys [?]
R0 msisadrv;msisadrv;C:\Windows\system32\drivers\msisadrv.sys --> C:\Windows\system32\drivers\msisadrv.sys [?]
R0 pcw;Performance Counters for Windows Driver;C:\Windows\system32\drivers\pcw.sys --> C:\Windows\system32\drivers\pcw.sys [?]
R0 rdyboost;ReadyBoost;C:\Windows\system32\drivers\rdyboost.sys --> C:\Windows\system32\drivers\rdyboost.sys [?]
R0 spldr;Security Processor Loader Driver;C:\Windows\system32\drivers\spldr.sys --> C:\Windows\system32\drivers\spldr.sys [?]
R0 storflt;Disk Virtual Machine Bus Acceleration Filter Driver;C:\Windows\system32\drivers\vmstorfl.sys --> C:\Windows\system32\drivers\vmstorfl.sys [?]
R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;C:\Windows\system32\drivers\vdrvroot.sys --> C:\Windows\system32\drivers\vdrvroot.sys [?]
R0 vmbus;Virtual Machine Bus;C:\Windows\system32\drivers\vmbus.sys --> C:\Windows\system32\drivers\vmbus.sys [?]
R0 volmgr;Volume Manager Driver;C:\Windows\system32\drivers\volmgr.sys --> C:\Windows\system32\drivers\volmgr.sys [?]
R0 volmgrx;Dynamic Volume Manager;C:\Windows\system32\drivers\volmgrx.sys --> C:\Windows\system32\drivers\volmgrx.sys [?]
R1 blbdrive;blbdrive;C:\Windows\system32\DRIVERS\blbdrive.sys --> C:\Windows\system32\DRIVERS\blbdrive.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R1 CSC;Offline Files Driver;C:\Windows\system32\drivers\csc.sys --> C:\Windows\system32\drivers\csc.sys [?]
R1 DfsC;DFS Namespace Client Driver;C:\Windows\system32\Drivers\dfsc.sys --> C:\Windows\system32\Drivers\dfsc.sys [?]
R1 discache;System Attribute Cache;C:\Windows\system32\drivers\discache.sys --> C:\Windows\system32\drivers\discache.sys [?]
R1 nsiproxy;NSI proxy service driver.;C:\Windows\system32\drivers\nsiproxy.sys --> C:\Windows\system32\drivers\nsiproxy.sys [?]
R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\system32\drivers\rdpencdd.sys --> C:\Windows\system32\drivers\rdpencdd.sys [?]
R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;C:\Windows\system32\drivers\rdprefmp.sys --> C:\Windows\system32\drivers\rdprefmp.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 tdx;NetIO Legacy TDI Support Driver;C:\Windows\system32\DRIVERS\tdx.sys --> C:\Windows\system32\DRIVERS\tdx.sys [?]
R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\system32\DRIVERS\wanarp.sys --> C:\Windows\system32\DRIVERS\wanarp.sys [?]
R1 WfpLwf;WFP Lightweight Filter;C:\Windows\system32\DRIVERS\wfplwf.sys --> C:\Windows\system32\DRIVERS\wfplwf.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-9-20 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-9-20 269480]
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 BFE;Base Filtering Engine;C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 20992]
R2 cmdAgent;COMODO Internet Security Helper Service;C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2011-6-30 2528096]
R2 CscService;Offline Files;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
R2 DPS;Diagnostic Policy Service;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 20992]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 20992]
R2 gpsvc;Group Policy Client;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
R2 iphlpsvc;IP Helper;C:\Windows\System32\svchost.exe -k NetSvcs [2009-7-13 20992]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\system32\DRIVERS\lltdio.sys --> C:\Windows\system32\DRIVERS\lltdio.sys [?]
R2 luafv;UAC File Virtualization;C:\Windows\system32\drivers\luafv.sys --> C:\Windows\system32\drivers\luafv.sys [?]
R2 MMCSS;Multimedia Class Scheduler;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
R2 MpsSvc;Windows Firewall;C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 20992]
R2 NlaSvc;Network Location Awareness;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 20992]
R2 nsi;Network Store Interface Service;C:\Windows\system32\svchost.exe -k LocalService [2009-7-13 20992]
R2 PcaSvc;Program Compatibility Assistant Service;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
R2 PEAUTH;PEAUTH;C:\Windows\system32\drivers\peauth.sys --> C:\Windows\system32\drivers\peauth.sys [?]
R2 Power;Power;C:\Windows\system32\svchost.exe -k DcomLaunch [2009-7-13 20992]
R2 ProfSvc;User Profile Service;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
R2 RpcEptMapper;RPC Endpoint Mapper;C:\Windows\system32\svchost.exe -k RPCSS [2009-7-13 20992]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-9-20 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-20 378472]
R2 SysMain;Superfetch;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
R2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\system32\drivers\tcpipreg.sys --> C:\Windows\system32\drivers\tcpipreg.sys [?]
R2 UxSms;Desktop Window Manager Session Manager;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
R2 WinDefend;Windows Defender;C:\Windows\System32\svchost.exe -k secsvcs [2009-7-13 20992]
R2 Wlansvc;WLAN AutoConfig;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
R3 Appinfo;Application Information;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
R3 bowser;Browser Support Driver;C:\Windows\system32\DRIVERS\bowser.sys --> C:\Windows\system32\DRIVERS\bowser.sys [?]
R3 CompositeBus;Composite Bus Enumerator Driver;C:\Windows\system32\drivers\CompositeBus.sys --> C:\Windows\system32\drivers\CompositeBus.sys [?]
R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\system32\drivers\dxgkrnl.sys --> C:\Windows\system32\drivers\dxgkrnl.sys [?]
R3 KeyIso;CNG Key Isolation;C:\Windows\system32\lsass.exe --> C:\Windows\system32\lsass.exe [?]
R3 monitor;Microsoft Monitor Class Function Driver Service;C:\Windows\system32\DRIVERS\monitor.sys --> C:\Windows\system32\DRIVERS\monitor.sys [?]
R3 mpsdrv;Windows Firewall Authorization Driver;C:\Windows\system32\drivers\mpsdrv.sys --> C:\Windows\system32\drivers\mpsdrv.sys [?]
R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb10.sys --> C:\Windows\system32\DRIVERS\mrxsmb10.sys [?]
R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb20.sys --> C:\Windows\system32\DRIVERS\mrxsmb20.sys [?]
R3 NativeWifiP;NativeWiFi Filter;C:\Windows\system32\DRIVERS\nwifi.sys --> C:\Windows\system32\DRIVERS\nwifi.sys [?]
R3 netprofm;Network List Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 20992]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\system32\DRIVERS\point64.sys --> C:\Windows\system32\DRIVERS\point64.sys [?]
R3 RasAgileVpn;WAN Miniport (IKEv2);C:\Windows\system32\DRIVERS\AgileVpn.sys --> C:\Windows\system32\DRIVERS\AgileVpn.sys [?]
R3 rdpbus;Remote Desktop Device Redirector Bus Driver;C:\Windows\system32\DRIVERS\rdpbus.sys --> C:\Windows\system32\DRIVERS\rdpbus.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-8-27 156288]
R3 srv2;Server SMB 2.xxx Driver;C:\Windows\system32\DRIVERS\srv2.sys --> C:\Windows\system32\DRIVERS\srv2.sys [?]
R3 srvnet;srvnet;C:\Windows\system32\DRIVERS\srvnet.sys --> C:\Windows\system32\DRIVERS\srvnet.sys [?]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver;C:\Windows\system32\DRIVERS\tunnel.sys --> C:\Windows\system32\DRIVERS\tunnel.sys [?]
R3 umbus;UMBus Enumerator Driver;C:\Windows\system32\drivers\umbus.sys --> C:\Windows\system32\drivers\umbus.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
R3 WdiServiceHost;Diagnostic Service Host;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 20992]
R3 WdiSystemHost;Diagnostic System Host;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;C:\Windows\system32\DRIVERS\WN111v2x.sys --> C:\Windows\system32\DRIVERS\WN111v2x.sys [?]
R3 WPDBusEnum;Portable Device Enumerator Service;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 sppsvc;Software Protection;C:\Windows\system32\sppsvc.exe --> C:\Windows\system32\sppsvc.exe [?]
S3 1394ohci;1394 OHCI Compliant Host Controller;C:\Windows\system32\drivers\1394ohci.sys --> C:\Windows\system32\drivers\1394ohci.sys [?]
S3 AcpiPmi;ACPI Power Meter Driver;C:\Windows\system32\drivers\acpipmi.sys --> C:\Windows\system32\drivers\acpipmi.sys [?]
S3 adp94xx;adp94xx;C:\Windows\system32\DRIVERS\adp94xx.sys --> C:\Windows\system32\DRIVERS\adp94xx.sys [?]
S3 adpahci;adpahci;C:\Windows\system32\DRIVERS\adpahci.sys --> C:\Windows\system32\DRIVERS\adpahci.sys [?]
S3 amdsata;amdsata;C:\Windows\system32\drivers\amdsata.sys --> C:\Windows\system32\drivers\amdsata.sys [?]
S3 amdsbs;amdsbs;C:\Windows\system32\DRIVERS\amdsbs.sys --> C:\Windows\system32\DRIVERS\amdsbs.sys [?]
S3 AppID;AppID Driver;C:\Windows\system32\drivers\appid.sys --> C:\Windows\system32\drivers\appid.sys [?]
S3 AppIDSvc;Application Identity;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 20992]
S3 arcsas;arcsas;C:\Windows\system32\DRIVERS\arcsas.sys --> C:\Windows\system32\DRIVERS\arcsas.sys [?]
S3 AxInstSV;ActiveX Installer (AxInstSV);C:\Windows\system32\svchost.exe -k AxInstSVGroup [2009-7-13 20992]
S3 b06bdrv;Broadcom NetXtreme II VBD;C:\Windows\system32\DRIVERS\bxvbda.sys --> C:\Windows\system32\DRIVERS\bxvbda.sys [?]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60a.sys --> C:\Windows\system32\DRIVERS\b57nd60a.sys [?]
S3 BDESVC;BitLocker Drive Encryption Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 20992]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\system32\DRIVERS\BrFiltLo.sys --> C:\Windows\system32\DRIVERS\BrFiltLo.sys [?]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\system32\DRIVERS\BrFiltUp.sys --> C:\Windows\system32\DRIVERS\BrFiltUp.sys [?]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\system32\Drivers\Brserid.sys --> C:\Windows\system32\Drivers\Brserid.sys [?]
S3 BrSerWdm;Brother WDM Serial driver;C:\Windows\system32\Drivers\BrSerWdm.sys --> C:\Windows\system32\Drivers\BrSerWdm.sys [?]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\system32\Drivers\BrUsbMdm.sys --> C:\Windows\system32\Drivers\BrUsbMdm.sys [?]
S3 CertPropSvc;Certificate Propagation;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S3 circlass;Consumer IR Devices;C:\Windows\system32\DRIVERS\circlass.sys --> C:\Windows\system32\DRIVERS\circlass.sys [?]
S3 defragsvc;Disk Defragmenter;C:\Windows\system32\svchost.exe -k defragsvc [2009-7-13 20992]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;C:\Windows\system32\DRIVERS\evbda.sys --> C:\Windows\system32\DRIVERS\evbda.sys [?]
S3 elxstor;elxstor;C:\Windows\system32\DRIVERS\elxstor.sys --> C:\Windows\system32\DRIVERS\elxstor.sys [?]
S3 fdPHost;Function Discovery Provider Host;C:\Windows\system32\svchost.exe -k LocalService [2009-7-13 20992]
S3 FDResPub;Function Discovery Resource Publication;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 20992]
S3 Filetrace;Filetrace;C:\Windows\system32\drivers\filetrace.sys --> C:\Windows\system32\drivers\filetrace.sys [?]
S3 FsDepends;File System Dependency Minifilter;C:\Windows\system32\drivers\FsDepends.sys --> C:\Windows\system32\drivers\FsDepends.sys [?]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver;C:\Windows\system32\drivers\hcw85cir.sys --> C:\Windows\system32\drivers\hcw85cir.sys [?]
S3 HomeGroupListener;HomeGroup Listener;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 HomeGroupProvider;HomeGroup Provider;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 20992]
S3 HpSAMD;HpSAMD;C:\Windows\system32\drivers\HpSAMD.sys --> C:\Windows\system32\drivers\HpSAMD.sys [?]
S3 iaStorV;Intel RAID Controller Windows 7;C:\Windows\system32\drivers\iaStorV.sys --> C:\Windows\system32\drivers\iaStorV.sys [?]
S3 IPBusEnum;PnP-X IP Bus Enumerator;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 IPMIDRV;IPMIDRV;C:\Windows\system32\drivers\IPMIDrv.sys --> C:\Windows\system32\drivers\IPMIDrv.sys [?]
S3 iScsiPrt;iScsiPort Driver;C:\Windows\system32\drivers\msiscsi.sys --> C:\Windows\system32\drivers\msiscsi.sys [?]
S3 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [2009-7-13 20992]
S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 20992]
S3 LSI_FC;LSI_FC;C:\Windows\system32\DRIVERS\lsi_fc.sys --> C:\Windows\system32\DRIVERS\lsi_fc.sys [?]
S3 LSI_SAS;LSI_SAS;C:\Windows\system32\DRIVERS\lsi_sas.sys --> C:\Windows\system32\DRIVERS\lsi_sas.sys [?]
S3 LSI_SAS2;LSI_SAS2;C:\Windows\system32\DRIVERS\lsi_sas2.sys --> C:\Windows\system32\DRIVERS\lsi_sas2.sys [?]
S3 LSI_SCSI;LSI_SCSI;C:\Windows\system32\DRIVERS\lsi_scsi.sys --> C:\Windows\system32\DRIVERS\lsi_scsi.sys [?]
S3 megasas;megasas;C:\Windows\system32\DRIVERS\megasas.sys --> C:\Windows\system32\DRIVERS\megasas.sys [?]
S3 mpio;Microsoft Multi-Path Bus Driver;C:\Windows\system32\drivers\mpio.sys --> C:\Windows\system32\drivers\mpio.sys [?]
S3 msahci;msahci;C:\Windows\system32\drivers\msahci.sys --> C:\Windows\system32\drivers\msahci.sys [?]
S3 msdsm;Microsoft Multi-Path Device Specific Module;C:\Windows\system32\drivers\msdsm.sys --> C:\Windows\system32\drivers\msdsm.sys [?]
S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;C:\Windows\system32\drivers\mshidkmdf.sys --> C:\Windows\system32\drivers\mshidkmdf.sys [?]
S3 MSiSCSI;Microsoft iSCSI Initiator Service;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S3 MsRPC;MsRPC;C:\Windows\system32\drivers\MsRPC.sys --> C:\Windows\system32\drivers\MsRPC.sys [?]
S3 MTConfig;Microsoft Input Configuration Driver;C:\Windows\system32\DRIVERS\MTConfig.sys --> C:\Windows\system32\DRIVERS\MTConfig.sys [?]
S3 NdisCap;NDIS Capture LightWeight Filter;C:\Windows\system32\DRIVERS\ndiscap.sys --> C:\Windows\system32\DRIVERS\ndiscap.sys [?]
S3 nfrd960;nfrd960;C:\Windows\system32\DRIVERS\nfrd960.sys --> C:\Windows\system32\DRIVERS\nfrd960.sys [?]
S3 nvstor;nvstor;C:\Windows\system32\drivers\nvstor.sys --> C:\Windows\system32\drivers\nvstor.sys [?]
S3 PeerDistSvc;BranchCache;C:\Windows\System32\svchost.exe -k PeerDist [2009-7-13 20992]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2009-7-13 20992]
S3 pla;Performance Logs & Alerts;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 20992]
S3 PNRPAutoReg;PNRP Machine Name Publication Service;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-13 20992]
S3 ql2300;ql2300;C:\Windows\system32\DRIVERS\ql2300.sys --> C:\Windows\system32\DRIVERS\ql2300.sys [?]
S3 ql40xx;ql40xx;C:\Windows\system32\DRIVERS\ql40xx.sys --> C:\Windows\system32\DRIVERS\ql40xx.sys [?]
S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-26 14648]
S3 s3cap;s3cap;C:\Windows\system32\drivers\vms3cap.sys --> C:\Windows\system32\drivers\vms3cap.sys [?]
S3 scfilter;Smart card PnP Class Filter Driver;C:\Windows\system32\DRIVERS\scfilter.sys --> C:\Windows\system32\DRIVERS\scfilter.sys [?]
S3 SCPolicySvc;Smart Card Removal Policy;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S3 SDRSVC;Windows Backup;C:\Windows\system32\svchost.exe -k SDRSVC [2009-7-13 20992]
S3 SensrSvc;Adaptive Brightness;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 20992]
S3 SessionEnv;Remote Desktop Configuration;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 20992]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\system32\drivers\sffp_mmc.sys --> C:\Windows\system32\drivers\sffp_mmc.sys [?]
S3 SiSRaid4;SiSRaid4;C:\Windows\system32\DRIVERS\sisraid4.sys --> C:\Windows\system32\DRIVERS\sisraid4.sys [?]
S3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);C:\Windows\system32\DRIVERS\smb.sys --> C:\Windows\system32\DRIVERS\smb.sys [?]
S3 sppuinotify;SPP Notification Service;C:\Windows\system32\svchost.exe -k LocalService [2009-7-13 20992]
S3 stexstor;stexstor;C:\Windows\system32\DRIVERS\stexstor.sys --> C:\Windows\system32\DRIVERS\stexstor.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 storvsc;storvsc;C:\Windows\system32\drivers\storvsc.sys --> C:\Windows\system32\drivers\storvsc.sys [?]
S3 TabletInputService;Tablet PC Input Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TBS;TPM Base Services;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 20992]
S3 THREADORDER;Thread Ordering Server;C:\Windows\system32\svchost.exe -k LocalService [2009-7-13 20992]
S3 TrustedInstaller;Windows Modules Installer;C:\Windows\servicing\TrustedInstaller.exe [2011-9-20 194048]
S3 tssecsrv;Remote Desktop Services Security Filter Driver;C:\Windows\system32\DRIVERS\tssecsrv.sys --> C:\Windows\system32\DRIVERS\tssecsrv.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 UI0Detect;Interactive Services Detection;C:\Windows\system32\UI0Detect.exe --> C:\Windows\system32\UI0Detect.exe [?]
S3 uliagpkx;Uli AGP Bus Filter;C:\Windows\system32\drivers\uliagpkx.sys --> C:\Windows\system32\drivers\uliagpkx.sys [?]
S3 UmRdpService;Remote Desktop Services UserMode Port Redirector;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 usbcir;eHome Infrared Receiver (USBCIR);C:\Windows\system32\drivers\usbcir.sys --> C:\Windows\system32\drivers\usbcir.sys [?]
S3 VaultSvc;Credential Manager;C:\Windows\system32\lsass.exe --> C:\Windows\system32\lsass.exe [?]
S3 vhdmp;vhdmp;C:\Windows\system32\drivers\vhdmp.sys --> C:\Windows\system32\drivers\vhdmp.sys [?]
S3 VMBusHID;VMBusHID;C:\Windows\system32\drivers\VMBusHID.sys --> C:\Windows\system32\drivers\VMBusHID.sys [?]
S3 vsmraid;vsmraid;C:\Windows\system32\DRIVERS\vsmraid.sys --> C:\Windows\system32\DRIVERS\vsmraid.sys [?]
S3 vwifibus;Virtual WiFi Bus Driver;C:\Windows\system32\drivers\vwifibus.sys --> C:\Windows\system32\drivers\vwifibus.sys [?]
S3 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\system32\DRIVERS\wacompen.sys --> C:\Windows\system32\DRIVERS\wacompen.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 wbengine;Block Level Backup Engine Service;"C:\Windows\system32\wbengine.exe" --> C:\Windows\system32\wbengine.exe [?]
S3 WbioSrvc;Windows Biometric Service;C:\Windows\system32\svchost.exe -k WbioSvcGroup [2009-7-13 20992]
S3 wcncsvc;Windows Connect Now - Config Registrar;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 20992]
S3 WcsPlugInService;Windows Color System;C:\Windows\system32\svchost.exe -k wcssvc [2009-7-13 20992]
S3 Wd;Wd;C:\Windows\system32\DRIVERS\wd.sys --> C:\Windows\system32\DRIVERS\wd.sys [?]
S3 Wecsvc;Windows Event Collector;C:\Windows\system32\svchost.exe -k NetworkService [2009-7-13 20992]
S3 wercplsupport;Problem Reports and Solutions Control Panel Support;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 20992]
S3 WerSvc;Windows Error Reporting Service;C:\Windows\System32\svchost.exe -k WerSvcGroup [2009-7-13 20992]
S3 WIMMount;WIMMount;C:\Windows\System32\drivers\wimmount.sys [2009-7-13 19008]
S3 WinRM;Windows Remote Management (WS-Management);C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 20992]
S3 WPCSvc;Parental Controls;C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 20992]
S3 WwanSvc;WWAN AutoConfig;C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 20992]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-13 89920]
S4 Mcx2Svc;Media Center Extender Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 20992]
.
=============== Created Last 30 ================
.
2011-10-02 17:53:00 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{94679F9C-F003-46BF-8065-8E587A2AACAA}\offreg.dll
2011-09-30 19:05:28 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{94679F9C-F003-46BF-8065-8E587A2AACAA}\mpengine.dll
2011-09-29 02:58:58 -------- d-----w- C:\ProgramData\Panda Security
2011-09-29 02:58:49 -------- d-----w- C:\Program Files (x86)\Panda USB Vaccine
2011-09-27 01:39:17 -------- d-----w- C:\Program Files (x86)\ESET
2011-09-24 15:49:59 -------- d-----w- C:\Users\Zed\AppData\Roaming\Beat Hazard
2011-09-23 17:59:21 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-09-22 04:31:36 -------- d-----w- C:\Users\Zed\AppData\Local\THQ
2011-09-22 04:31:16 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll
2011-09-22 04:31:16 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll
2011-09-22 04:31:16 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll
2011-09-22 04:31:16 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll
2011-09-22 04:31:15 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll
2011-09-22 04:31:15 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2011-09-21 16:59:34 -------- d-----w- C:\Users\Zed\riotsGamesLogs
2011-09-21 16:58:46 -------- d-----w- C:\Users\Zed\AppData\Roaming\LolClient
2011-09-21 02:48:51 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2011-09-21 02:48:51 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2011-09-21 02:48:50 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2011-09-21 02:45:34 -------- d-----w- C:\Riot Games
2011-09-21 02:17:49 -------- d-----w- C:\Program Files (x86)\Pando Networks
2011-09-21 00:40:01 -------- d-----w- C:\Windows\Panther
2011-09-21 00:37:50 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2011-09-21 00:37:17 -------- d-----w- C:\Users\Zed\AppData\Roaming\.purple
2011-09-21 00:30:20 -------- d-----r- C:\Program Files (x86)\Skype
2011-09-21 00:27:57 -------- d-----w- C:\Program Files (x86)\Pidgin
2011-09-21 00:17:16 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2011-09-21 00:17:15 -------- d-----w- C:\Program Files (x86)\Steam
2011-09-20 23:58:22 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
2011-09-20 23:58:06 -------- d-----w- C:\Windows\PCHEALTH
2011-09-20 23:45:01 -------- d-----w- C:\Program Files (x86)\Combined Community Codec Pack
2011-09-20 23:42:57 508264 ----a-w- C:\Windows\System32\d3dx10_36.dll
2011-09-20 23:40:00 -------- d--h--w- C:\Windows\msdownld.tmp
2011-09-20 23:39:50 -------- d-----w- C:\Windows\SysWow64\directx
2011-09-20 23:39:33 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll
2011-09-20 23:39:33 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll
2011-09-20 23:39:33 238936 ----a-w- C:\Windows\SysWow64\xactengine3_6.dll
2011-09-20 23:39:32 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll
2011-09-20 23:39:32 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll
2011-09-20 23:39:32 3495784 ----a-w- C:\Windows\SysWow64\d3dx9_33.dll
2011-09-20 23:39:32 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll
2011-09-20 23:39:21 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2011-09-20 22:53:50 -------- d-----w- C:\Windows\System32\SPReview
2011-09-20 22:53:35 -------- d-----w- C:\Windows\System32\EventProviders
2011-09-20 22:48:59 867840 ----a-w- C:\Windows\System32\SearchFolder.dll
2011-09-20 22:47:59 73728 ----a-w- C:\Windows\System32\tlscsp.dll
2011-09-20 22:46:53 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-09-20 22:46:53 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2011-09-20 22:46:50 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2011-09-20 22:44:11 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-09-20 22:44:11 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-09-20 22:44:11 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-09-20 22:44:11 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-09-20 22:44:11 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-09-20 22:32:37 -------- d-----w- C:\Program Files\Sandboxie
2011-09-20 22:25:25 -------- d-----w- C:\Windows\SysWow64\Wat
2011-09-20 22:25:25 -------- d-----w- C:\Windows\System32\Wat
2011-09-20 21:56:17 -------- d-----w- C:\Users\Zed\AppData\Roaming\Avira
2011-09-20 21:50:07 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-09-20 21:50:07 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-09-20 21:48:54 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-20 21:47:24 -------- d-----w- C:\Program Files\Microsoft Windows Performance Toolkit
2011-09-20 21:47:00 -------- d-----w- C:\Program Files\Debugging Tools for Windows (x64)
2011-09-20 21:46:40 -------- d-----w- C:\Program Files\Application Verifier (x64)
2011-09-20 21:46:40 -------- d-----w- C:\Program Files (x86)\Application Verifier
2011-09-20 21:43:31 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-20 21:42:49 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-09-20 21:40:17 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-09-20 21:40:16 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-09-20 21:40:16 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-09-20 21:29:31 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-09-20 21:27:46 -------- d-----w- C:\Users\Zed\AppData\Roaming\Malwarebytes
2011-09-20 21:26:31 -------- d-----w- C:\Program Files\CCleaner
2011-09-20 21:19:47 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-09-20 21:19:47 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-09-20 21:16:26 -------- d-----w- C:\Users\Zed\AppData\Local\Mozilla
2011-09-20 21:16:25 -------- d-----w- C:\Users\Zed\AppData\Roaming\Tor
2011-09-20 21:16:25 -------- d-----w- C:\Program Files (x86)\Vidalia Bundle
2011-09-20 21:15:30 110592 ----a-w- C:\Windows\System32\rtvcvfw32.dll
2011-09-20 21:15:27 -------- d-----w- C:\Program Files (x86)\MSI Afterburner
2011-09-20 21:15:02 -------- d-----w- C:\Program Files\Core Temp
2011-09-20 21:12:34 -------- d--h--w- C:\VritualRoot
2011-09-20 21:08:55 -------- d-----w- C:\Program Files\COMODO
2011-09-20 21:08:25 -------- d-----w- C:\ProgramData\Comodo
2011-09-20 21:06:48 -------- d-----w- C:\Users\Zed\AppData\Roaming\SUPERAntiSpyware.com
2011-09-20 21:06:33 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-09-20 21:06:33 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-09-20 21:06:17 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2011-09-20 21:06:17 1071088 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2011-09-20 21:06:16 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2011-09-20 21:06:00 -------- d-----w- C:\ProgramData\Malwarebytes
2011-09-20 21:05:57 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-09-20 21:05:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-20 21:04:26 88288 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2011-09-20 21:04:25 -------- d-----w- C:\ProgramData\Avira
2011-09-20 21:04:25 -------- d-----w- C:\Program Files (x86)\Avira
2011-09-20 20:56:42 16896 ----a-w- C:\Windows\AsTaskSched.dll
2011-09-20 20:56:03 414632 ------w- C:\Windows\difxapi.dll
2011-09-20 20:56:03 -------- d-----w- C:\Program Files (x86)\VIA
2011-09-20 20:55:25 -------- d-----w- C:\Program Files (x86)\NEC Electronics
2011-09-20 20:54:56 -------- d-sh--w- C:\Windows\Installer
2011-09-20 20:54:55 -------- d-----w- C:\Users\Zed\AppData\Local\Downloaded Installations
2011-09-20 20:54:28 -------- d-----w- C:\Program Files (x86)\Marvell
2011-09-20 20:53:55 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2011-09-20 20:53:51 -------- d-----w- C:\Intel
2011-09-20 20:52:10 992368 ----a-w- C:\Windows\System32\VIAPropPageExt.dll
2011-09-20 20:52:10 91760 ----a-w- C:\Windows\System32\Dts2PropPageExt.dll
2011-09-20 20:52:10 86016 ----a-w- C:\Windows\System32\nQPropPageExt.dll
2011-09-20 20:52:10 83056 ----a-w- C:\Windows\System32\ViaMicArrayPropPageExt.dll
2011-09-20 20:52:10 82432 ----a-w- C:\Windows\System32\nQAPO.dll
2011-09-20 20:52:10 549488 ----a-w- C:\Windows\System32\VIASysFx.dll
2011-09-20 20:52:10 248944 ----a-w- C:\Windows\System32\Dts2APO.dll
2011-09-20 20:52:10 199280 ----a-w- C:\Windows\System32\ViaMicArrayAPO.dll
2011-09-20 20:52:10 1342064 ----a-w- C:\Windows\System32\drivers\viahduaa.sys
2011-09-20 20:52:06 553472 ----a-w- C:\Windows\System32\drivers\WN111v2x.sys
.
==================== Find3M ====================
.
2011-09-20 23:05:44 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-09-20 23:05:43 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-08-01 19:59:06 45416 ----a-w- C:\Windows\System32\drivers\point64.sys
2011-08-01 19:59:06 1721576 ----a-w- C:\Windows\System32\wdfcoinstaller01009.dll
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 05:26:20 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-07-09 04:29:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
.
============= FINISH: 18:01:36.11 ===============

After I finished this I just saw your post and completed the MBR scan as well:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-02 17:57:08
-----------------------------
17:57:08.348 OS Version: Windows x64 6.1.7601 Service Pack 1
17:57:08.348 Number of processors: 4 586 0x1E05
17:57:08.363 ComputerName: F-91 UserName: Zed
17:57:10.079 Initialize success
17:57:19.176 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4
17:57:19.176 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
17:57:21.204 Disk 0 MBR read successfully
17:57:21.204 Disk 0 MBR scan
17:57:21.204 Disk 0 Windows 7 default MBR code
17:57:21.204 Service scanning
17:57:22.639 Modules scanning
17:57:22.639 Disk 0 trace - called modules:
17:57:22.639 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
17:57:22.639 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004771060]
17:57:22.639 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa80044c1e40]
17:57:22.655 5 ACPI.sys[fffff88000fad7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-4[0xfffffa80044f4060]
17:57:22.655 Scan finished successfully
17:57:50.095 Disk 0 MBR has been saved successfully to "C:\Users\Zed\Desktop\MBR.dat"
17:57:50.111 The log file has been saved successfully to "C:\Users\Zed\Desktop\aswMBR.txt"

What I can say about the traffic is that when I noticed it I immediately posted here after probably a hour of google searching for other cases of this. The absolute earliest it could have happened on this install is September 20th when I reformatted this computer. As for Neustar, Inc I only know as much as Wikipedia and Google can give me and to my knowledge have no dealings with them.

Attached Files


Edited by BRite72, 02 October 2011 - 05:15 PM.


#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:52 PM

Posted 02 October 2011 - 05:56 PM

Hi,

making sure that nothing is there is always a bit more difficult than determining that something is there. However, I'm not seeing any indication that something is wrong in your logs.

The ports you're mentioning are private ports, meaning they are not meant for anything but internal communication of the OS. The are relevant to the OS itself and most probably not caused by any intruder: http://forums.comodo.com/help-for-v3/vistas-default-listening-ports-t23227.0.html
The problem of information being sent to 239.255.255.250 is also known, it's basically Windows looking for other devices on the network: http://en.wikipedia.org/wiki/Simple_Service_Discovery_Protocol

Comodo is very simple in that aspect, it does white list almost nothing and leaves it up to the user to determine what is good and what is bad. This, however, means that you need to learn a lot about your PC before you can configure it successfully.

I'm still looking into those IPs you gave first, however I'm not seeing any indication of foul play there either so far. It could just be a program looking for updates or similar. (f-secure.com seems to have ties to one of those IPs, so does skype.)

rgards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 BRite72

BRite72
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 04 October 2011 - 08:17 PM

I wish you well with that but I can see why the they were listening to those ports since I usually use a Standard User Account unless I am installing programs and when I logged into it there was only a connection to one of 128.xxx.xxx.xxx ips and nothing listening, but if it is related to Skype I can see why it would connect but I still do not get it becuase as you also know I don't have it run at start. Still thank you for your time and I wish you well on this IP hunt and I really am just making sure you don't close this post due to the guy never responding.

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:52 PM

Posted 06 October 2011 - 02:11 AM

Hi,

I have not checked the full list of websites related to that IP, there's about 200 of them. There's an easy way to check if the connection is done by one of the programs you have installed: Disable the autorun options for Vidalia, Sandbox and SuperAntiSpyware and see if the connection on boot up stop.
Afterwards you can of course turn it on again.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 BRite72

BRite72
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 06 October 2011 - 05:47 PM

That seems to have worked and under my Standard User Account when I boot into it there is only connections to 64.4.18.90:80 which I think is Microsoft based, my choice of DNS server, and some Router based connections. It occurs still on my other account but it still has all the programs enabled on start but when I change profiles, even logging it out, the Standard Profile still connects to the IP but that is secondary as it one of the three programs. I want to believe that it is Vidalia because it has way back in the past said when a version is no longer supported or SUPERANTISPYWARE because those are the only two programs in common with my older computer.

However recently I have seen I believe a ICMP and a connection to I think 244.0.0.xx through system.

If I can get one last answer to the question would be fantastic but it looks like we are nearly done here.

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:52 PM

Posted 07 October 2011 - 01:20 AM

Hi,

those are internal IPs:

Historically other address blocks than the private address ranges have been reserved for other potential future uses. Some organizations have used them for private networking applications despite official warnings of possible future address collisions. Typically these addresses are not referred to as "reserved." Addresses 240.0.0.0 to 254.255.255.254, are designated for future use and research and development


This is likely from a router. See here: http://www.networksorcery.com/enp/protocol/icmp/msg9.htm

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 BRite72

BRite72
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 07 October 2011 - 08:08 PM

Thanks for that though there is a slight problem now is that when I tried the same thing on the Admin account(disabling on start Vidalia, Sandbox and SuperAntiSpyware) and then restarting the computer svchost still connected to one of the previous IPs posted. As of this boot with none of the programs booting on start it seems like it has connected to a new IP with 64.208.126.27:80 and it seems that connecting to a ip through port 80 is a running occurrence.


EDIT: Sorry for the multiple edits, I wanted to give the best info I can give.

Edited by BRite72, 07 October 2011 - 08:23 PM.


#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:52 PM

Posted 08 October 2011 - 03:23 AM

Hi,

that IP belongs to panda security. This must have been your USB immunization program of Panda that was updating itself.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 BRite72

BRite72
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 08 October 2011 - 09:39 PM

Could those 128.xxx.xxx.xxx be related to ASK tool bar by chance?

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:52 PM

Posted 09 October 2011 - 02:13 AM

I see you have decided to ask at comodo as well. There is no point in having two people research the same solution for you at the same time, please let me know if you'd rather continue at Comodo or here.

I don't see an indication for the ask-bar on those IPs. However nokia seems to host content on that site, as does foxnews, gap, new york post and some others (eg the very reputable French France3)

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 BRite72

BRite72
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 10 October 2011 - 01:34 AM

I am sorry for not getting back to you involving this after I asked at Comodo, but I do thank you for your time and nearly completely ruling out it being malware and I orginally though. If it does come back to it actually being malware I will be sure to PM you to try and restart this discussion but I'm going try see what Comodo has involving this unless your rather knowlageable at reading Wireshark data or have found out what is causing it.

Again thanks for helping me.

Edited by BRite72, 10 October 2011 - 02:12 AM.


#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:52 PM

Posted 10 October 2011 - 03:25 AM

Hi,

since you're being helped at comodo, I'll close this topic now. Good luck with your search!

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users