Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fluctuating connections in TCPview, connections develop on their own


  • This topic is locked This topic is locked
6 replies to this topic

#1 Artkin

Artkin

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 12 April 2015 - 11:30 PM

Hi, i have previously made a thread [Topic here: http://www.bleepingcomputer.com/forums/t/572613/uploading-to-random-websites-i-think-im-being-spied-on/ ~ OB] about this problem before being referred to everyone here.

I experience random lag spikes in games and stuff, jump from 100 to 1500 ping or more and it'll hover around the same pings and then eventually die down. I've investigated in tcp view and it shows many, sometimes pages full of "[System Process]" which are untraceable through properties. I have many screenshots on the original thread. These connections really start when I open Firefox or Google Chrome and will open in masses and close in masses. I've had a full red page of closing connections. Please help!

Ps. I will find the thread after I post this but for some reason my history deleted itself.. 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015
Ran by Foley (administrator) on FOLEY-PC on 13-04-2015 00:11:28
Running from C:\Users\Foley\Downloads
Loaded Profiles: Foley (Available profiles: Foley)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Sysinternals - www.sysinternals.com) C:\Users\Foley\Desktop\SysinternalsSuite\Tcpview.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-08-13] (Check Point Software Technologies Ltd.)
HKU\S-1-5-21-510676003-3341429976-2907470696-1000\...\MountPoints2: D - D:\ASRSetup.exe
HKU\S-1-5-21-510676003-3341429976-2907470696-1000\...\MountPoints2: {0018804c-479d-11e4-935c-8126f8dd3372} - H:\Autorun.exe
HKU\S-1-5-21-510676003-3341429976-2907470696-1000\...\MountPoints2: {e42bc1ae-ac1c-11e4-be5a-b5207b56c958} - F:\Autorun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-09-29] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-510676003-3341429976-2907470696-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Foley\AppData\Roaming\Mozilla\Firefox\Profiles\8mzxwl6u.default-1428330943762
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-11-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-11-12] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\Foley\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Foley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-18]
CHR Extension: (Google Docs) - C:\Users\Foley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-18]
CHR Extension: (Google Drive) - C:\Users\Foley\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-18]
CHR Extension: (YouTube) - C:\Users\Foley\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-18]
CHR Extension: (Google Search) - C:\Users\Foley\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-18]
CHR Extension: (Google Sheets) - C:\Users\Foley\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Foley\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\Foley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-18]
CHR Extension: (Gmail) - C:\Users\Foley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-18]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
S4 lxdnCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe [33960 2009-08-13] (Lexmark International, Inc.)
S4 lxdn_device; C:\Windows\system32\lxdncoms.exe [1044648 2009-08-13] ( )
S4 lxdn_device; C:\Windows\SysWOW64\lxdncoms.exe [594600 2009-08-13] ( )
S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-02-27] (Electronic Arts)
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-12-23] ()
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-03-13] ()
S3 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [621632 2011-03-04] ()
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3596752 2014-08-13] (Check Point Software Technologies Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2014-08-13] (Check Point Software Technologies, Ltd.)
S2 Apple Mobile Device Service; "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [X]
S2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R3 AsrVDrive; C:\Windows\System32\DRIVERS\AsrVDrive.sys [23048 2011-01-26] (ASRock Inc.)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2734080 2013-04-11] (C-Media Inc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-09-29] (Disc Soft Ltd)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
S3 LADF_BakerCOnly; C:\Windows\System32\DRIVERS\ladfBakerCamd64.sys [410184 2011-03-18] (Logitech)
S3 LADF_BakerROnly; C:\Windows\System32\DRIVERS\ladfBakerRamd64.sys [335688 2011-03-18] (Logitech)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-18] (Riverbed Technology, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2015-04-10] (BitDefender S.R.L.)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450456 2014-08-13] (Check Point Software Technologies Ltd.)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [103752 2015-04-11] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-13 00:11 - 2015-04-13 00:11 - 02096640 _____ (Farbar) C:\Users\Foley\Downloads\FRST64.exe
2015-04-13 00:11 - 2015-04-13 00:11 - 00010802 _____ () C:\Users\Foley\Downloads\FRST.txt
2015-04-13 00:11 - 2015-04-13 00:11 - 00000000 ____D () C:\FRST
2015-04-12 23:37 - 2015-04-12 23:37 - 00000000 ____D () C:\Windows\pss
2015-04-12 15:26 - 2015-04-12 15:26 - 06199480 _____ () C:\Users\Foley\Downloads\rmtool-setup-x64(1).exe
2015-04-12 15:26 - 2015-04-12 15:26 - 00000000 ____D () C:\Users\Foley\AppData\Roaming\9-lab
2015-04-12 15:26 - 2015-04-12 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool
2015-04-12 15:26 - 2015-04-12 15:26 - 00000000 ____D () C:\ProgramData\9-lab
2015-04-12 15:26 - 2015-04-12 15:26 - 00000000 ____D () C:\Program Files\9-lab
2015-04-12 15:13 - 2015-04-12 15:25 - 00000000 ____D () C:\Users\Foley\Desktop\mbar
2015-04-12 14:59 - 2015-04-12 14:59 - 06199480 _____ () C:\Users\Foley\Downloads\rmtool-setup-x64.exe
2015-04-12 14:58 - 2015-04-12 15:25 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-12 01:06 - 2015-04-12 01:06 - 00000561 _____ () C:\Users\Foley\Documents\asd.txt
2015-04-11 22:26 - 2015-04-11 22:26 - 02347384 _____ (ESET) C:\Users\Foley\Downloads\esetsmartinstaller_enu.exe
2015-04-11 22:26 - 2015-04-11 22:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-04-11 13:08 - 2015-04-11 13:10 - 00000000 ____D () C:\AdwCleaner
2015-04-11 13:04 - 2015-04-11 13:04 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-FOLEY-PC-Windows-7-Ultimate-(64-bit).dat
2015-04-11 13:04 - 2015-04-11 13:04 - 00000000 ____D () C:\RegBackup
2015-04-11 13:03 - 2015-04-11 13:03 - 02686959 _____ (Thisisu) C:\Users\Foley\Downloads\JRT.exe
2015-04-11 12:34 - 2015-04-11 12:34 - 00103752 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2015-04-11 12:33 - 2015-04-11 12:33 - 00000000 ____D () C:\Users\Foley\AppData\Local\Zemana
2015-04-11 12:33 - 2015-04-11 12:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2015-04-11 12:33 - 2015-04-11 12:33 - 00000000 ____D () C:\Program Files (x86)\Zemana AntiMalware
2015-04-11 12:32 - 2015-04-11 12:32 - 04675824 _____ (Zemana Ltd. ) C:\Users\Foley\Downloads\ZAMv2.10.2.18.Setup.exe
2015-04-11 12:20 - 2015-04-12 15:13 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-11 12:20 - 2015-04-12 15:13 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-11 12:20 - 2015-04-11 12:20 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-11 12:20 - 2015-04-11 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-11 12:20 - 2015-04-11 12:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-11 12:20 - 2015-04-11 12:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-11 12:20 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-11 12:20 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-11 12:19 - 2015-04-11 12:19 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Foley\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-10 20:32 - 2015-04-10 20:32 - 01708032 _____ () C:\Users\Foley\Downloads\ZHPCleaner.exe
2015-04-10 18:21 - 2015-04-10 18:21 - 00000502 _____ () C:\Windows\UPDLL.LOG
2015-04-10 18:20 - 2015-04-10 18:20 - 00000000 ____D () C:\Windows\VDLL.DLL
2015-04-10 18:20 - 2015-04-10 18:20 - 00000000 ____D () C:\Windows\SysWOW64\runouce.exe
2015-04-10 18:20 - 2015-04-10 18:20 - 00000000 ____D () C:\Windows\rundll16.exe
2015-04-10 18:20 - 2015-04-10 18:20 - 00000000 ____D () C:\Windows\RUNDL132.EXE
2015-04-10 18:20 - 2015-04-10 18:20 - 00000000 ____D () C:\Windows\logo1_.exe
2015-04-10 18:20 - 2015-04-10 18:20 - 00000000 ____D () C:\Windows\logo_1.exe
2015-04-10 18:20 - 2015-04-10 18:20 - 00000000 ____D () C:\Users\Foley\Downloads\TempBK
2015-04-10 18:16 - 2015-04-10 18:20 - 00000182 _____ () C:\Windows\general.log
2015-04-10 18:16 - 2015-04-10 18:20 - 00000056 _____ () C:\Windows\Lic.xxx
2015-04-10 18:16 - 2015-04-10 18:16 - 00655872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr90.dll
2015-04-10 18:16 - 2015-04-10 18:16 - 00632064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr80.dll
2015-04-10 18:16 - 2015-04-10 18:16 - 00572928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp90.dll
2015-04-10 18:16 - 2015-04-10 18:16 - 00554240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp80.dll
2015-04-10 18:16 - 2015-04-10 18:16 - 00350160 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2015-04-10 18:16 - 2015-04-10 18:16 - 00156392 _____ (MicroWorld Technologies Inc.) C:\Windows\SysWOW64\eEmpty.exe
2015-04-10 18:16 - 2015-04-10 18:16 - 00001243 _____ () C:\Windows\ESCAN.LOG
2015-04-10 18:16 - 2015-04-10 18:16 - 00000000 ____D () C:\ProgramData\MicroWorld
2015-04-10 18:14 - 2015-04-10 18:15 - 158158304 _____ () C:\Users\Foley\Downloads\mwav.exe
2015-04-10 11:09 - 2015-04-10 11:09 - 31158944 _____ () C:\Users\Foley\Downloads\sp_rx7_fd3s.rar
2015-04-09 14:27 - 2015-04-12 16:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-08 12:55 - 2015-04-08 12:59 - 1168702108 _____ () C:\Users\Foley\Downloads\dSPEC v1.0.7z
2015-04-07 00:46 - 2015-04-07 00:46 - 00000000 ____D () C:\Users\Foley\Desktop\asdg_jointrails-v0.14
2015-04-06 11:29 - 2015-04-06 11:29 - 121366450 _____ () C:\Users\Foley\Downloads\Lexus sc300 and sc400 V1.0.rar
2015-04-06 11:27 - 2015-04-06 11:28 - 83948459 _____ () C:\Users\Foley\Downloads\SP Mod Beta TA cars.rar
2015-04-06 10:36 - 2015-04-06 10:36 - 00000000 ____D () C:\Users\Foley\Downloads\ProcessExplorer
2015-04-06 10:35 - 2015-04-06 10:35 - 01190415 _____ () C:\Users\Foley\Downloads\ProcessExplorer.zip
2015-04-06 00:52 - 2015-03-23 07:34 - 00000000 ____D () C:\Users\Foley\Downloads\@GEAR
2015-04-05 23:53 - 2015-04-06 01:11 - 00000000 ____D () C:\Users\Foley\Downloads\Community-Upgrade-Project-Weapon-Pack-v11
2015-04-04 19:49 - 2015-04-04 19:50 - 00000000 ____D () C:\Users\Foley\Downloads\Eastern Creek Raceway 2014 v2.0 by R1CHO and Rainmaker
2015-04-04 19:16 - 2015-04-04 19:17 - 210948145 _____ () C:\Users\Foley\Downloads\Eastern Creek Raceway 2014 v2.0 by R1CHO and Rainmaker.7z
2015-04-04 19:09 - 2015-04-04 19:10 - 63838092 _____ () C:\Users\Foley\Downloads\Eastern Creek Raceway 2014 v3.0 a R1CHO by Rainmaker.7z
2015-04-04 15:54 - 2015-04-04 15:56 - 186386889 _____ () C:\Users\Foley\Downloads\nissan_180sx_typex_d460 (1).rar
2015-04-03 14:32 - 2015-04-03 14:48 - 794041466 _____ () C:\Users\Foley\Downloads\Community-Upgrade-Project-Weapon-Pack-v11.7z
2015-03-31 23:10 - 2015-03-31 23:25 - 1777632702 _____ () C:\Users\Foley\Downloads\rhs_afrf.zip
2015-03-31 23:10 - 2015-03-31 23:22 - 1313061605 _____ () C:\Users\Foley\Downloads\rhs_usaf.zip
2015-03-31 23:09 - 2015-03-31 23:10 - 80159982 _____ () C:\Users\Foley\Downloads\GEAR (1).rar
2015-03-31 23:08 - 2015-03-31 23:13 - 585789293 _____ () C:\Users\Foley\Downloads\GEAR.rar
2015-03-28 16:10 - 2015-03-28 16:10 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-03-28 15:54 - 2015-03-28 15:54 - 00001158 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2015-03-28 15:54 - 2015-03-28 15:54 - 00001147 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2015-03-28 15:54 - 2015-03-28 15:54 - 00001135 _____ () C:\Users\Public\Desktop\Security Task Manager.lnk
2015-03-28 15:54 - 2015-03-28 15:54 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2015-03-28 15:53 - 2015-03-28 15:53 - 02931056 _____ () C:\Users\Foley\Downloads\SecurityTaskManager_Setup.exe
2015-03-28 15:50 - 2015-03-28 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-03-28 15:50 - 2015-03-28 15:50 - 00000000 ____D () C:\Program Files (x86)\Sophos
2015-03-28 15:49 - 2015-03-28 15:49 - 116668912 _____ (Sophos Limited) C:\Users\Foley\Downloads\Sophos Virus Removal Tool.exe
2015-03-28 15:41 - 2015-03-28 15:47 - 00000000 ____D () C:\Users\Foley\Desktop\cports-x64
2015-03-28 15:41 - 2015-03-28 15:41 - 00112572 _____ () C:\Users\Foley\Downloads\cports-x64.zip
2015-03-28 15:37 - 2015-03-28 15:37 - 00431395 _____ () C:\Windows\system32\Drivers\vsconfig.xml
2015-03-28 15:37 - 2015-03-28 15:37 - 00000762 _____ () C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2015-03-28 15:37 - 2015-03-28 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2015-03-28 15:36 - 2015-03-28 15:37 - 00000000 ____D () C:\Program Files (x86)\CheckPoint
2015-03-28 15:36 - 2015-03-28 15:36 - 00000000 ____D () C:\ProgramData\CheckPoint
2015-03-28 15:34 - 2015-03-28 15:34 - 22240472 _____ () C:\Users\Foley\Downloads\LittleSnitch-3.5.2.dmg
2015-03-28 15:03 - 2015-03-28 15:03 - 00624000 _____ () C:\Users\Foley\Downloads\CoreParkingManager.zip
2015-03-28 15:03 - 2015-03-28 15:03 - 00000000 ____D () C:\Users\Foley\Downloads\CoreParkingManager
2015-03-28 14:29 - 2015-03-28 14:29 - 00000000 ____D () C:\Users\Foley\AppData\Local\Bohemia_Interactive
2015-03-27 22:52 - 2015-03-27 22:53 - 00000221 _____ () C:\Users\Foley\Desktop\Arma 2.url
2015-03-27 21:20 - 2015-03-27 21:21 - 57489654 _____ () C:\Users\Foley\Downloads\tandem_drift.rar
2015-03-27 16:02 - 2015-03-27 16:09 - 1115150278 _____ (German Soldiers ) C:\Users\Foley\Downloads\GSM_Fields_of_Honor_XII_Installer_26.03.15.exe
2015-03-27 15:57 - 2015-03-27 15:58 - 00000000 ____D () C:\Users\Foley\Downloads\WRM_Addon
2015-03-27 10:42 - 2015-03-27 10:43 - 205805477 _____ () C:\Users\Foley\Downloads\nissan_180sx_tx_sr20_dmf.rar
2015-03-27 10:42 - 2015-03-27 10:43 - 148021638 _____ () C:\Users\Foley\Downloads\toyota_jzx110_dmf.rar
2015-03-26 22:27 - 2015-03-26 22:27 - 53056907 _____ () C:\Users\Foley\Downloads\trialmountain-v0_2.7z
2015-03-26 22:27 - 2015-03-26 22:27 - 00000000 ____D () C:\Users\Foley\Downloads\content
2015-03-26 10:30 - 2015-03-26 10:30 - 60272109 _____ () C:\Users\Foley\Downloads\barbagallo-release-v1.2.rar
2015-03-25 12:11 - 2015-03-25 19:54 - 00000000 ____D () C:\Users\Foley\Downloads\SP Mod Beta Release
2015-03-25 12:01 - 2015-03-25 12:04 - 1319676780 _____ () C:\Users\Foley\Downloads\SP Mod Beta Release.rar
2015-03-24 23:41 - 2015-03-24 23:41 - 00003382 _____ () C:\Windows\System32\Tasks\{6ED35785-D71E-4B52-9F03-3F536057B40D}
2015-03-24 09:24 - 2015-03-24 09:24 - 00000000 ____D () C:\Users\Foley\Downloads\Nissan Silvia S13 - Pack (v1.0)
2015-03-24 09:03 - 2015-03-24 09:03 - 55177958 _____ () C:\Users\Foley\Downloads\Nissan Silvia S13 - Pack (v1.0).zip
2015-03-24 00:13 - 2015-03-24 00:13 - 46671401 _____ () C:\Users\Foley\Downloads\r32_skyline_DMF.zip
2015-03-23 23:07 - 2015-03-23 23:09 - 271842402 _____ () C:\Users\Foley\Downloads\WRM_Addon.zip
2015-03-23 10:47 - 2015-03-23 10:47 - 25337304 _____ () C:\Users\Foley\Downloads\minami.rar
2015-03-23 10:36 - 2015-03-23 10:36 - 23790972 _____ () C:\Users\Foley\Downloads\Isle of Man v1.0 a philrob by Rainmaker.7z
2015-03-23 10:17 - 2015-03-23 10:18 - 186386889 _____ () C:\Users\Foley\Downloads\nissan_180sx_typex_d460.rar
2015-03-23 10:17 - 2015-03-23 10:18 - 148020856 _____ () C:\Users\Foley\Downloads\toyota_jzx110.rar
2015-03-23 10:17 - 2015-03-23 10:17 - 57264586 _____ () C:\Users\Foley\Downloads\ds_is_f.rar
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-13 00:00 - 2015-01-18 13:50 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-12 23:43 - 2009-07-14 00:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-12 23:43 - 2009-07-14 00:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-12 23:42 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-12 23:41 - 2015-01-18 13:50 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-12 23:41 - 2014-09-28 23:20 - 01629522 _____ () C:\Windows\WindowsUpdate.log
2015-04-12 23:38 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-12 23:38 - 2009-07-14 00:51 - 00096154 _____ () C:\Windows\setupact.log
2015-04-12 23:24 - 2014-09-29 15:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-12 22:15 - 2014-09-28 23:30 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-12 15:10 - 2014-09-29 04:29 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-12 14:56 - 2014-09-29 15:29 - 00000000 ____D () C:\Program Files\Bonjour
2015-04-12 14:55 - 2014-09-29 15:29 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-04-12 14:54 - 2014-11-20 13:38 - 00000000 ____D () C:\Users\Foley\AppData\Roaming\TS3Client
2015-04-11 23:20 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-11 13:10 - 2014-09-29 00:52 - 00156450 _____ () C:\Windows\PFRO.log
2015-04-10 20:56 - 2014-10-04 17:17 - 00000000 ____D () C:\Users\Foley\AppData\Local\Arma 3
2015-04-10 19:21 - 2014-10-17 09:30 - 00000000 ____D () C:\Users\Foley\AppData\Local\Arma 3 Launcher
2015-04-10 18:16 - 2009-07-13 22:34 - 00000820 _____ () C:\Windows\win.ini
2015-04-10 08:52 - 2014-09-29 14:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-10 00:26 - 2014-10-09 22:30 - 00007599 _____ () C:\Users\Foley\AppData\Local\Resmon.ResmonCfg
2015-04-06 10:35 - 2014-11-21 23:24 - 00000000 ____D () C:\Users\Foley\Desktop\Old Firefox Data
2015-04-06 10:32 - 2014-11-21 15:08 - 00000000 ____D () C:\Users\Foley\AppData\Local\CrashDumps
2015-04-05 23:56 - 2015-02-28 06:49 - 00000000 ____D () C:\Users\Foley\Downloads\@rhs1
2015-04-05 23:55 - 2015-02-28 06:44 - 00000000 ____D () C:\Users\Foley\Downloads\@rhs2
2015-04-03 16:02 - 2015-01-18 13:51 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-31 22:46 - 2015-02-11 23:17 - 00000000 ____D () C:\ProgramData\Lx_cats
2015-03-28 16:11 - 2014-09-30 13:59 - 00000000 ____D () C:\Program Files (x86)\ASUS
2015-03-24 23:47 - 2014-10-10 15:56 - 00000000 ____D () C:\Users\Foley\AppData\Local\ArmA 2 OA
2015-03-24 23:42 - 2014-10-10 16:04 - 00000000 ____D () C:\Users\Foley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2015-03-24 23:20 - 2014-09-29 15:16 - 00000000 ____D () C:\Users\Foley\AppData\Roaming\uTorrent
2015-03-14 00:27 - 2014-12-25 21:54 - 00281032 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-03-14 00:27 - 2014-10-04 06:21 - 00281032 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-03-14 00:00 - 2014-10-04 06:21 - 00281032 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
 
==================== Files in the root of some directories =======
 
2014-10-09 22:30 - 2015-04-10 00:26 - 0007599 _____ () C:\Users\Foley\AppData\Local\Resmon.ResmonCfg
2015-02-11 23:17 - 2015-02-11 23:17 - 0000504 _____ () C:\ProgramData\FastPics.log
 
Some content of TEMP:
====================
C:\Users\Foley\AppData\Local\Temp\ADInsightDll.dll
C:\Users\Foley\AppData\Local\Temp\avcuf32.dll
C:\Users\Foley\AppData\Local\Temp\avcuf64.dll
C:\Users\Foley\AppData\Local\Temp\avxdisk.dll
C:\Users\Foley\AppData\Local\Temp\awesomium_setup.exe
C:\Users\Foley\AppData\Local\Temp\bdc.exe
C:\Users\Foley\AppData\Local\Temp\bdcore.dll
C:\Users\Foley\AppData\Local\Temp\bdfltlib2k.dll
C:\Users\Foley\AppData\Local\Temp\bdnimbus32.dll
C:\Users\Foley\AppData\Local\Temp\bdnimbus64.dll
C:\Users\Foley\AppData\Local\Temp\bdupdateservice.dll
C:\Users\Foley\AppData\Local\Temp\DEVCON.EXE
C:\Users\Foley\AppData\Local\Temp\drm_dyndata_7390006.dll
C:\Users\Foley\AppData\Local\Temp\eEmpty.exe
C:\Users\Foley\AppData\Local\Temp\encdec.dll
C:\Users\Foley\AppData\Local\Temp\esupdate.exe
C:\Users\Foley\AppData\Local\Temp\FSSync.dll
C:\Users\Foley\AppData\Local\Temp\Getvlist.exe
C:\Users\Foley\AppData\Local\Temp\ikave.dll
C:\Users\Foley\AppData\Local\Temp\ipc.dll
C:\Users\Foley\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Foley\AppData\Local\Temp\kave.dll
C:\Users\Foley\AppData\Local\Temp\kavvlg.dll
C:\Users\Foley\AppData\Local\Temp\msvclnt.dll
C:\Users\Foley\AppData\Local\Temp\msvcp80.dll
C:\Users\Foley\AppData\Local\Temp\msvcp90.dll
C:\Users\Foley\AppData\Local\Temp\msvcr80.dll
C:\Users\Foley\AppData\Local\Temp\msvcr90.dll
C:\Users\Foley\AppData\Local\Temp\msvl64.dll
C:\Users\Foley\AppData\Local\Temp\msvlclnt.dll
C:\Users\Foley\AppData\Local\Temp\mwavdwnl.exe
C:\Users\Foley\AppData\Local\Temp\MWAVL.exe
C:\Users\Foley\AppData\Local\Temp\mwavscan.exe
C:\Users\Foley\AppData\Local\Temp\mwunzip.dll
C:\Users\Foley\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Foley\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Foley\AppData\Local\Temp\nvStInst.exe
C:\Users\Foley\AppData\Local\Temp\prLoader.dll
C:\Users\Foley\AppData\Local\Temp\Quarantine.exe
C:\Users\Foley\AppData\Local\Temp\red32.dll
C:\Users\Foley\AppData\Local\Temp\Reload.exe
C:\Users\Foley\AppData\Local\Temp\RWZTLQBKUCK.exe
C:\Users\Foley\AppData\Local\Temp\scan.dll
C:\Users\Foley\AppData\Local\Temp\ScanningProcess.exe
C:\Users\Foley\AppData\Local\Temp\setpriv.exe
C:\Users\Foley\AppData\Local\Temp\SIntf16.dll
C:\Users\Foley\AppData\Local\Temp\SIntf32.dll
C:\Users\Foley\AppData\Local\Temp\SIntfNT.dll
C:\Users\Foley\AppData\Local\Temp\sonarinst.exe
C:\Users\Foley\AppData\Local\Temp\sqlite3.dll
C:\Users\Foley\AppData\Local\Temp\test2.exe
C:\Users\Foley\AppData\Local\Temp\trufos.dll
C:\Users\Foley\AppData\Local\Temp\unregx.exe
C:\Users\Foley\AppData\Local\Temp\UPDLL10.DLL
C:\Users\Foley\AppData\Local\Temp\viewtcp.exe
C:\Users\Foley\AppData\Local\Temp\ZXV.exe
 
 
Some zero byte size files/folders:
==========================
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-04 19:44
 
==================== End Of Log ============================

Attached Files


Edited by Orange Blossom, 12 April 2015 - 11:51 PM.


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:00 AM

Posted 16 April 2015 - 07:50 PM

hi Artkin,

 

Iam shelf life and will try to help. I didnt read that entire thread you linked to, but I will if we continue. If your still concerned about the tcp connections you can post back and we will see if it has anything to do with malware.


How Can I Reduce My Risk to Malware?


#3 Artkin

Artkin
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 16 April 2015 - 09:31 PM

I am concerned with them, thanks for replying

 

http://tinypic.com/r/2uyt1ue/8


Edited by Artkin, 17 April 2015 - 10:44 AM.


#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:00 AM

Posted 17 April 2015 - 01:13 PM

I looked through your other post and your FRST log you posted. Looks like you already ran the standards like Adwcleaner and JRT as well as Malwarebytes.

What your seeing in tcpview is normal connections and there states like: established, listening, closing. Local host is a connection within the machine itself and not a connection to the internet. The screenshot is kind of fuzzy but it all looks ok. All those arent established connections to the internet even though it may look that way. I dont think you have anything to worry about.

 


How Can I Reduce My Risk to Malware?


#5 Artkin

Artkin
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 17 April 2015 - 07:24 PM

Okay, thank you guys, sorry if i sidetracked you too hard. I appreciate it



#6 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:00 AM

Posted 17 April 2015 - 08:01 PM

No problem. Your welcome. You can remove the tools you used with one more download:

 

    Next please download Delfix.exe and save it to your desktop. It will remove the special tools and there associated folders/files.

    https://toolslib.net/downloads/viewdownload/2-delfix/

    Right click and select "run as admin" check: "Remove disinfection tools" and click on the Run button.
    The tool will delete itself once it finishes. You can delete the log it generates

 

Happy Safe Surfing There.

 


How Can I Reduce My Risk to Malware?


#7 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:00 AM

Posted 04 May 2015 - 05:12 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users