nemanja

Honorary Members

View Profile See their activity

Posts
41
Joined
March 10, 2012
Last visited
March 26, 2012

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by nemanja

my malwarebytes keeps on blocking several ip addresses (type: outgoing)..

nemanja replied to nemanja's topic in Resolved Malware Removal Logs

avira FW still showing blocked pakets... but internet is seems faster
- March 14, 2012
- 69 replies
my malwarebytes keeps on blocking several ip addresses (type: outgoing)..

nemanja replied to nemanja's topic in Resolved Malware Removal Logs

i created wrong script .. .. .. sorry should i try again ?? ComboFix 12-03-11.01 - herb 03/14/2012 0:16.5.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2704 [GMT 1:00] Running from: c:\users\herb\Desktop\ComboFix.exe Command switches used :: c:\users\herb\Desktop\CFScript.txt.txt AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} FW: FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\users\herb\AppData\Local\Temp\0064386.tmp" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_X6VA006 -------\Service_X6va006 . . ((((((((((((((((((((((((( Files Created from 2012-02-13 to 2012-03-13 ))))))))))))))))))))))))))))))) . . 2012-03-13 23:24 . 2012-03-13 23:24 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-12 03:19 . 2012-03-12 03:19 -------- d-----w- c:\program files\CCleaner 2012-03-12 02:53 . 2012-03-12 02:59 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2012-03-12 01:31 . 2012-03-12 01:31 -------- d-----w- c:\windows\system32\appmgmt 2012-03-11 22:17 . 2012-03-11 22:17 -------- d-----w- c:\program files (x86)\GSC 2.00 2012-03-11 19:39 . 2012-03-11 19:39 -------- d-----w- c:\program files (x86)\ht 2012-03-10 14:48 . 2009-02-05 01:49 451072 ----a-w- c:\windows\SysWow64\ISSRemoveSP.exe 2012-03-10 13:47 . 2012-03-10 13:47 -------- d-----w- c:\program files (x86)\ESET 2012-03-10 02:34 . 2012-03-10 02:34 -------- d-----w- c:\programdata\Malwarebytes 2012-03-10 02:34 . 2012-03-10 02:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-03-10 02:34 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-10 02:26 . 2012-03-11 02:53 -------- d-----w- c:\program files (x86)\Webteh 2012-03-09 23:34 . 2012-03-09 23:34 0 ----a-w- c:\windows\ativpsrm.bin 2012-03-09 23:31 . 2012-03-12 03:20 -------- d-----w- c:\windows\Panther 2012-03-09 23:31 . 2012-03-09 18:20 -------- d-----w- C:\Boot 2012-03-09 19:00 . 2012-03-09 19:00 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-03-09 19:00 . 2012-03-09 19:00 -------- d-----w- c:\windows\SysWow64\Macromed 2012-03-09 19:00 . 2012-03-09 19:00 -------- d-----w- c:\windows\system32\Macromed 2012-03-09 18:40 . 2012-03-13 17:45 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-03-09 18:40 . 2012-03-13 17:37 -------- d-----w- c:\programdata\Avira 2012-03-09 18:40 . 2012-03-09 18:40 -------- d-----w- c:\program files (x86)\Avira 2012-03-09 18:40 . 2011-10-11 13:53 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-03-09 18:40 . 2011-10-11 13:53 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-03-09 18:40 . 2011-10-11 13:53 139512 ----a-w- c:\windows\system32\drivers\avfwot.sys 2012-03-09 18:40 . 2011-10-11 13:53 113768 ----a-w- c:\windows\system32\drivers\avfwim.sys 2012-03-09 17:33 . 2012-03-09 17:33 -------- d-----w- c:\windows\system32\SPReview 2012-03-09 17:32 . 2012-03-09 17:32 -------- d-----w- c:\windows\system32\EventProviders 2012-03-09 17:20 . 2010-11-20 13:27 244224 ----a-w- c:\windows\system32\spp.dll 2012-03-09 17:19 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll 2012-03-09 17:19 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll 2012-03-09 17:19 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll 2012-03-09 17:19 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll 2012-03-09 17:18 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll 2012-03-09 17:18 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll 2012-03-09 17:18 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll 2012-03-09 17:15 . 2012-03-09 17:15 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd 2012-03-09 17:14 . 2012-03-09 17:14 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-03-09 17:14 . 2012-03-09 17:17 -------- d-----w- c:\programdata\Logishrd 2012-03-09 17:14 . 2012-03-09 17:14 -------- d-----w- c:\program files\Logitech 2012-03-09 17:03 . 2012-03-09 17:14 -------- d-----w- c:\program files\Common Files\Logishrd 2012-03-09 16:57 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-03-09 16:57 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll 2012-03-09 16:57 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll 2012-03-09 16:57 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys 2012-03-09 16:57 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys 2012-03-09 16:57 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys 2012-03-09 16:57 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys 2012-03-09 16:57 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys 2012-03-09 16:57 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys 2012-03-09 16:57 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe 2012-03-09 16:57 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe 2012-03-09 16:56 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2012-03-09 16:56 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys 2012-03-09 16:56 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys 2012-03-09 16:56 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2012-03-09 16:56 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2012-03-09 16:56 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2012-03-09 16:56 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys 2012-03-09 16:21 . 2012-03-09 16:21 -------- d-----w- c:\program files (x86)\Microsoft.NET 2012-03-09 16:05 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll 2012-03-09 16:05 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-03-09 16:05 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-03-09 16:05 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-03-09 16:05 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\programdata\ATI 2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\programdata\AMD 2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files (x86)\AMD AVT 2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files (x86)\AMD APP 2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files\Common Files\ATI Technologies 2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies 2012-03-09 15:44 . 2012-03-09 15:44 -------- d-----w- c:\program files (x86)\ATI Technologies 2012-03-09 15:44 . 2012-03-09 15:44 -------- d-----w- c:\program files\ATI 2012-03-09 15:44 . 2012-03-09 15:46 -------- d-----w- c:\program files\ATI Technologies 2012-03-09 15:43 . 2012-03-09 15:43 -------- d-----w- C:\AMD 2012-03-09 15:32 . 2012-02-23 08:18 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-03-09 15:10 . 2012-03-01 12:21 8643640 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C71759E0-5BC3-4538-997B-F17AFD634FED}\mpengine.dll 2012-03-09 15:09 . 2012-03-09 15:09 -------- d-----w- c:\program files\Ventrilo 2012-03-09 15:07 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe 2012-03-09 14:56 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll 2012-03-09 14:56 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll 2012-03-09 14:43 . 2012-03-13 14:26 -------- d-----w- c:\users\herb 2012-03-09 14:40 . 2012-03-09 14:40 -------- d-----w- C:\Recovery 2012-02-15 03:48 . 2012-02-15 03:48 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2012-02-15 03:21 . 2012-02-15 03:21 25839104 ----a-w- c:\windows\system32\atio6axx.dll 2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe 2012-02-15 03:18 . 2012-02-15 03:18 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll 2012-02-15 03:17 . 2012-02-15 03:17 957952 ----a-w- c:\windows\system32\aticfx64.dll 2012-02-15 03:13 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll 2012-02-15 03:13 . 2012-02-15 03:13 496128 ----a-w- c:\windows\system32\atieclxx.exe 2012-02-15 03:13 . 2012-02-15 03:13 235520 ----a-w- c:\windows\system32\atiesrxx.exe 2012-02-15 03:11 . 2012-02-15 03:11 120320 ----a-w- c:\windows\system32\atitmm64.dll 2012-02-15 03:10 . 2012-02-15 03:10 21504 ----a-w- c:\windows\system32\atimuixx.dll 2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll 2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2012-02-15 03:07 . 2012-02-15 03:07 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll 2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll 2012-02-15 02:41 . 2012-02-15 02:41 1113088 ----a-w- c:\windows\system32\atiumd6v.dll 2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll 2012-02-15 02:40 . 2012-02-15 02:40 4958208 ----a-w- c:\windows\system32\atiumd6a.dll 2012-02-15 02:34 . 2012-02-15 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2012-02-15 02:34 . 2012-02-15 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2012-02-15 02:34 . 2012-02-15 02:34 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll 2012-02-15 02:34 . 2012-02-15 02:34 13859840 ----a-w- c:\windows\system32\aticaldd64.dll 2012-02-15 02:29 . 2012-02-15 02:29 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll 2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll 2012-02-15 02:25 . 2012-02-15 02:25 7551488 ----a-w- c:\windows\system32\atiumd64.dll 2012-02-15 02:16 . 2012-02-15 02:16 58880 ----a-w- c:\windows\system32\coinst.dll 2012-02-15 02:14 . 2012-02-15 02:14 512000 ----a-w- c:\windows\system32\atiadlxx.dll 2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2012-02-15 02:13 . 2012-02-15 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll 2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll 2012-02-15 02:13 . 2012-02-15 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll 2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll 2012-02-15 02:13 . 2012-02-15 02:13 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2012-02-15 02:12 . 2012-02-15 02:12 43008 ----a-w- c:\windows\system32\atiuxp64.dll 2012-02-15 02:12 . 2012-02-15 02:12 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2012-02-15 02:12 . 2012-02-15 02:12 39936 ----a-w- c:\windows\system32\atiu9p64.dll 2012-02-15 02:12 . 2012-02-15 02:12 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll 2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll 2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-09 18:12 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-03-09 18:12 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-02-15 02:52 . 2009-07-13 21:59 7646208 ----a-w- c:\windows\system32\atidxx64.dll 2012-01-31 05:02 . 2012-01-31 05:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll 2012-01-31 05:00 . 2012-01-31 05:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-03-13_22.43.41 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2012-03-13 14:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-03-13 23:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-03-13 23:00 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-03-13 14:27 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-03-13 14:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-03-13 23:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-03-13 22:01 . 2012-03-13 22:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-03-13 23:26 . 2012-03-13 23:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-03-13 23:26 . 2012-03-13 23:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-03-13 22:01 . 2012-03-13 22:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-03-09 15:57 . 2012-03-13 22:00 763544 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2012-03-09 15:57 . 2012-03-13 23:25 763544 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2009-07-14 05:01 . 2012-03-13 23:25 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-03-13 22:00 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2012-03-09 18:03 . 2012-03-13 22:00 1211292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3638853225-1990997699-2437280156-1000-8192.dat + 2012-03-09 18:03 . 2012-03-13 23:25 1211292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3638853225-1990997699-2437280156-1000-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] . c:\users\herb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 RTL8187B;Belkin Wireless G USB Network Adapter;c:\windows\system32\DRIVERS\rtl8187B.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2011-10-11 616400] S2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-03-13 342480] S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224] S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-10-11 463824] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [x] S3 SaiH8000;SaiH8000;c:\windows\system32\DRIVERS\SaiH8000.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3638853225-1990997699-2437280156-1000Core.job - c:\users\herb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09 14:48] . 2012-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3638853225-1990997699-2437280156-1000UA.job - c:\users\herb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09 14:48] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152] "combofix"="c:\combofix\CF1490.3XE" [2010-11-20 345088] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.1.1 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe . ************************************************************************** . Completion time: 2012-03-14 00:37:44 - machine was rebooted ComboFix-quarantined-files.txt 2012-03-13 23:37 ComboFix2.txt 2012-03-13 22:57 ComboFix3.txt 2012-03-13 04:04 . Pre-Run: 16,269,287,424 bytes free Post-Run: 16,048,390,144 bytes free . - - End Of File - - 85AA3264E9DB504663336EF6B42F9598
- March 13, 2012
- 69 replies
my malwarebytes keeps on blocking several ip addresses (type: outgoing)..

nemanja replied to nemanja's topic in Resolved Malware Removal Logs

i did alow for google it was deny, and all is alowed now but still some new adresses keep showing.. on every 10min ill try now with script
- March 13, 2012
- 69 replies
my malwarebytes keeps on blocking several ip addresses (type: outgoing)..

nemanja replied to nemanja's topic in Resolved Malware Removal Logs

http://whois.domaintools.com/4.23.52.126 and this one is from facebook http://whois.domaintools.com/66.220.145.45 but why avira FW block these sites?
- March 13, 2012
- 69 replies
my malwarebytes keeps on blocking several ip addresses (type: outgoing)..

nemanja replied to nemanja's topic in Resolved Malware Removal Logs

ComboFix 12-03-11.01 - herb 03/13/2012 23:33:57.4.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2958 [GMT 1:00] Running from: c:\users\herb\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} FW: FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\CFLog c:\cflog\CrashLog_20120313.txt . . ((((((((((((((((((((((((( Files Created from 2012-02-13 to 2012-03-13 ))))))))))))))))))))))))))))))) . . 2012-03-13 22:42 . 2012-03-13 22:42 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-10 02:34 . 2012-03-10 02:34 -------- d-----w- c:\programdata\Malwarebytes 2012-03-10 02:34 . 2012-03-10 02:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-03-10 02:34 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-10 02:26 . 2012-03-11 02:53 -------- d-----w- c:\program files (x86)\Webteh 2012-03-09 23:34 . 2012-03-09 23:34 0 ----a-w- c:\windows\ativpsrm.bin 2012-03-09 23:31 . 2012-03-12 03:20 -------- d-----w- c:\windows\Panther 2012-03-09 23:31 . 2012-03-09 18:20 -------- d-----w- C:\Boot 2012-03-09 19:00 . 2012-03-09 19:00 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-03-09 19:00 . 2012-03-09 19:00 -------- d-----w- c:\windows\SysWow64\Macromed 2012-03-09 19:00 . 2012-03-09 19:00 -------- d-----w- c:\windows\system32\Macromed 2012-03-09 18:40 . 2012-03-13 17:45 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-03-09 18:40 . 2012-03-13 17:37 -------- d-----w- c:\programdata\Avira 2012-03-09 18:40 . 2012-03-09 18:40 -------- d-----w- c:\program files (x86)\Avira 2012-03-09 18:40 . 2011-10-11 13:53 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-03-09 18:40 . 2011-10-11 13:53 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-03-09 18:40 . 2011-10-11 13:53 139512 ----a-w- c:\windows\system32\drivers\avfwot.sys 2012-03-09 18:40 . 2011-10-11 13:53 113768 ----a-w- c:\windows\system32\drivers\avfwim.sys 2012-03-09 17:33 . 2012-03-09 17:33 -------- d-----w- c:\windows\system32\SPReview 2012-03-09 17:32 . 2012-03-09 17:32 -------- d-----w- c:\windows\system32\EventProviders 2012-03-09 17:20 . 2010-11-20 13:27 244224 ----a-w- c:\windows\system32\spp.dll 2012-03-09 17:19 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll 2012-03-09 17:19 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll 2012-03-09 17:19 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll 2012-03-09 17:19 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll 2012-03-09 17:18 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll 2012-03-09 17:18 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll 2012-03-09 17:18 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll 2012-03-09 17:15 . 2012-03-09 17:15 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd 2012-03-09 17:14 . 2012-03-09 17:14 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-03-09 17:14 . 2012-03-09 17:17 -------- d-----w- c:\programdata\Logishrd 2012-03-09 17:14 . 2012-03-09 17:14 -------- d-----w- c:\program files\Logitech 2012-03-09 17:03 . 2012-03-09 17:14 -------- d-----w- c:\program files\Common Files\Logishrd 2012-03-09 16:57 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-03-09 16:57 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll 2012-03-09 16:57 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll 2012-03-09 16:57 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys 2012-03-09 16:57 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys 2012-03-09 16:57 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys 2012-03-09 16:57 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys 2012-03-09 16:57 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys 2012-03-09 16:57 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys 2012-03-09 16:57 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe 2012-03-09 16:57 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe 2012-03-09 16:56 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2012-03-09 16:56 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys 2012-03-09 16:56 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys 2012-03-09 16:56 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2012-03-09 16:56 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2012-03-09 16:56 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2012-03-09 16:56 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys 2012-03-09 16:21 . 2012-03-09 16:21 -------- d-----w- c:\program files (x86)\Microsoft.NET 2012-03-09 16:05 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll 2012-03-09 16:05 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-03-09 16:05 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-03-09 16:05 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-03-09 16:05 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\programdata\ATI 2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\programdata\AMD 2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files (x86)\AMD AVT 2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files (x86)\AMD APP 2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files\Common Files\ATI Technologies 2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies 2012-03-09 15:44 . 2012-03-09 15:44 -------- d-----w- c:\program files (x86)\ATI Technologies 2012-03-09 15:44 . 2012-03-09 15:44 -------- d-----w- c:\program files\ATI 2012-03-09 15:44 . 2012-03-09 15:46 -------- d-----w- c:\program files\ATI Technologies 2012-03-09 15:43 . 2012-03-09 15:43 -------- d-----w- C:\AMD 2012-03-09 15:32 . 2012-02-23 08:18 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-03-09 15:10 . 2012-03-01 12:21 8643640 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C71759E0-5BC3-4538-997B-F17AFD634FED}\mpengine.dll 2012-03-09 15:09 . 2012-03-09 15:09 -------- d-----w- c:\program files\Ventrilo 2012-03-09 15:07 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe 2012-03-09 14:56 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll 2012-03-09 14:56 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll 2012-03-09 14:43 . 2012-03-13 14:26 -------- d-----w- c:\users\herb 2012-03-09 14:40 . 2012-03-09 14:40 -------- d-----w- C:\Recovery 2012-02-15 03:48 . 2012-02-15 03:48 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2012-02-15 03:21 . 2012-02-15 03:21 25839104 ----a-w- c:\windows\system32\atio6axx.dll 2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe 2012-02-15 03:18 . 2012-02-15 03:18 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll 2012-02-15 03:17 . 2012-02-15 03:17 957952 ----a-w- c:\windows\system32\aticfx64.dll 2012-02-15 03:13 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll 2012-02-15 03:13 . 2012-02-15 03:13 496128 ----a-w- c:\windows\system32\atieclxx.exe 2012-02-15 03:13 . 2012-02-15 03:13 235520 ----a-w- c:\windows\system32\atiesrxx.exe 2012-02-15 03:11 . 2012-02-15 03:11 120320 ----a-w- c:\windows\system32\atitmm64.dll 2012-02-15 03:10 . 2012-02-15 03:10 21504 ----a-w- c:\windows\system32\atimuixx.dll 2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll 2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2012-02-15 03:07 . 2012-02-15 03:07 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll 2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll 2012-02-15 02:41 . 2012-02-15 02:41 1113088 ----a-w- c:\windows\system32\atiumd6v.dll 2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll 2012-02-15 02:40 . 2012-02-15 02:40 4958208 ----a-w- c:\windows\system32\atiumd6a.dll 2012-02-15 02:34 . 2012-02-15 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2012-02-15 02:34 . 2012-02-15 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2012-02-15 02:34 . 2012-02-15 02:34 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll 2012-02-15 02:34 . 2012-02-15 02:34 13859840 ----a-w- c:\windows\system32\aticaldd64.dll 2012-02-15 02:29 . 2012-02-15 02:29 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll 2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll 2012-02-15 02:25 . 2012-02-15 02:25 7551488 ----a-w- c:\windows\system32\atiumd64.dll 2012-02-15 02:16 . 2012-02-15 02:16 58880 ----a-w- c:\windows\system32\coinst.dll 2012-02-15 02:14 . 2012-02-15 02:14 512000 ----a-w- c:\windows\system32\atiadlxx.dll 2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2012-02-15 02:13 . 2012-02-15 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll 2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll 2012-02-15 02:13 . 2012-02-15 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll 2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll 2012-02-15 02:13 . 2012-02-15 02:13 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2012-02-15 02:12 . 2012-02-15 02:12 43008 ----a-w- c:\windows\system32\atiuxp64.dll 2012-02-15 02:12 . 2012-02-15 02:12 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2012-02-15 02:12 . 2012-02-15 02:12 39936 ----a-w- c:\windows\system32\atiu9p64.dll 2012-02-15 02:12 . 2012-02-15 02:12 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll 2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll 2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll 2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2012-02-14 21:05 . 2012-02-14 21:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll 2012-02-14 21:05 . 2012-02-14 21:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2012-02-14 21:05 . 2012-02-14 21:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll 2012-02-14 21:05 . 2012-02-14 21:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll 2012-02-14 21:05 . 2012-02-14 21:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll 2012-02-14 21:04 . 2012-02-14 21:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-09 18:12 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-03-09 18:12 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-02-15 02:52 . 2009-07-13 21:59 7646208 ----a-w- c:\windows\system32\atidxx64.dll 2012-01-31 05:02 . 2012-01-31 05:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll 2012-01-31 05:00 . 2012-01-31 05:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] . c:\users\herb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 RTL8187B;Belkin Wireless G USB Network Adapter;c:\windows\system32\DRIVERS\rtl8187B.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 X6va006;X6va006;c:\users\herb\AppData\Local\Temp\0064386.tmp [x] S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2011-10-11 616400] S2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-03-13 342480] S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224] S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-10-11 463824] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [x] S3 SaiH8000;SaiH8000;c:\windows\system32\DRIVERS\SaiH8000.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3638853225-1990997699-2437280156-1000Core.job - c:\users\herb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09 14:48] . 2012-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3638853225-1990997699-2437280156-1000UA.job - c:\users\herb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09 14:48] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-BitTorrent - c:\program files (x86)\BitTorrent\BitTorrent.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006] "ImagePath"="\??\c:\users\herb\AppData\Local\Temp\0064386.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-03-13 23:57:00 ComboFix-quarantined-files.txt 2012-03-13 22:56 ComboFix2.txt 2012-03-13 04:04 . Pre-Run: 16,506,994,688 bytes free Post-Run: 16,221,315,072 bytes free . - - End Of File - - E400782127CF142C74F70C1E5FA51C65
- March 13, 2012
- 69 replies
my malwarebytes keeps on blocking several ip addresses (type: outgoing)..

nemanja replied to nemanja's topic in Resolved Malware Removal Logs

Google o.O a sec ago avira FW shows Deny all IP packets" has blocked a packet from IP:192.168.1.1" thats my IP!! what is going oN ?? thanks for your time
- March 13, 2012
- 69 replies
my malwarebytes keeps on blocking several ip addresses (type: outgoing)..

nemanja replied to nemanja's topic in Resolved Malware Removal Logs

Malwarebytes Anti-Malware (PRO) 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.13.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 herb :: HERB-PC [administrator] Protection: Enabled 3/13/2012 11:24:27 PM mbam-log-2012-03-13 (23-24-27).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 186942 Time elapsed: 1 minute(s), 45 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
- March 13, 2012
- 69 replies
my malwarebytes keeps on blocking several ip addresses (type: outgoing)..

nemanja replied to nemanja's topic in Resolved Malware Removal Logs

i made mistake other ip is 74.125.232.193
- March 13, 2012
- 69 replies
my malwarebytes keeps on blocking several ip addresses (type: outgoing)..

nemanja replied to nemanja's topic in Resolved Malware Removal Logs

uninstalled bittorrent restarted pc and avira firewall still says "The rule: "Deny all IP packets" has blocked a packet from IP:74.125.232.229" and other IP 74.125.232.229 i think there is more difrent IPs
- March 13, 2012
- 69 replies
my malwarebytes keeps on blocking several ip addresses (type: outgoing)..

nemanja replied to nemanja's topic in Resolved Malware Removal Logs

it seems like every time i open port (torrent, online game) something is slowing my internet, i mean really slowing 1kb/s is speed, ping in game 5000, cant even post with 1st try, pages need 3min to load etc... when "working" torrent speed goes to 300 than to 0 and my max download speed should be 420. last night i turned off my antivirus and firewall and disconected pc from internet and when i woke up internet was so slow, practicly i didn't have it. i did restore point and things is like few days ago, malwarebytes blocking traffic outgoing, and avira firewall also block some packets i spotted one strange IP 192.168.1.1 (mine IP acured by router) i hope some one will help soon, am thinking about reinstall OS becose i can use my internet for another day without problem... thanks for your time
- March 13, 2012
- 69 replies
my malwarebytes keeps on blocking several ip addresses (type: outgoing)..

nemanja replied to nemanja's topic in Resolved Malware Removal Logs

also i did format whole hdd with active kill disc and problem is still here, OS reinstall does not help.. after 24h max its back! non of antiviruses detect any kind of malware or virus [eset ss 4, avira, microsoft essentials, avg]! avira firewall also detect bloced pakets on every 10-15min
- March 12, 2012
- 69 replies
A short film animation painted on public walls

nemanja posted a topic in Tailwaggers and Jokes
nemanja

lame malware is just virtual ! I want to kick his ass
- March 12, 2012
nemanja

lame malware is just virtual I want to kick his ass
- March 12, 2012
my malwarebytes keeps on blocking several ip addresses (type: outgoing)..

nemanja replied to nemanja's topic in Resolved Malware Removal Logs

Malwarebytes Anti-Malware (PRO) 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.12.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 herb :: HERB-PC [administrator] Protection: Enabled 3/12/2012 3:23:11 AM mbam-log-2012-03-12 (03-23-11).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 186303 Time elapsed: 3 minute(s), 13 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
- March 12, 2012
- 69 replies
my malwarebytes keeps on blocking several ip addresses (type: outgoing)..

nemanja replied to nemanja's topic in Resolved Malware Removal Logs

ComboFix 12-03-09.05 - herb 03/10/2012 5:05.2.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2335 [GMT 1:00] Running from: c:\users\herb\Downloads\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} FW: FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-02-10 to 2012-03-10 ))))))))))))))))))))))))))))))) . . 2012-03-10 04:15 . 2012-03-10 04:15 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-10 03:11 . 2012-03-10 03:11 -------- d-----w- c:\program files (x86)\BitTorrent 2012-03-10 02:34 . 2012-03-10 02:34 -------- d-----w- c:\programdata\Malwarebytes 2012-03-10 02:34 . 2012-03-10 02:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-03-10 02:34 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-10 02:26 . 2012-03-10 02:26 -------- d-----w- c:\program files (x86)\Webteh 2012-03-09 23:34 . 2012-03-09 23:34 0 ----a-w- c:\windows\ativpsrm.bin 2012-03-09 23:31 . 2012-03-09 23:36 -------- d-----w- c:\windows\Panther 2012-03-09 23:31 . 2012-03-09 18:20 -------- d-----w- C:\Boot 2012-03-09 19:00 . 2012-03-09 19:00 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-03-09 19:00 . 2012-03-09 19:00 -------- d-----w- c:\windows\SysWow64\Macromed 2012-03-09 19:00 . 2012-03-09 19:00 -------- d-----w- c:\windows\system32\Macromed 2012-03-09 18:40 . 2012-03-09 18:40 -------- d-----w- c:\programdata\Avira 2012-03-09 18:40 . 2012-03-09 18:40 -------- d-----w- c:\program files (x86)\Avira 2012-03-09 18:40 . 2011-10-11 13:53 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-03-09 18:40 . 2011-10-11 13:53 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-03-09 18:40 . 2011-10-11 13:53 139512 ----a-w- c:\windows\system32\drivers\avfwot.sys 2012-03-09 18:40 . 2011-10-11 13:53 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-03-09 18:40 . 2011-10-11 13:53 113768 ----a-w- c:\windows\system32\drivers\avfwim.sys 2012-03-09 17:33 . 2012-03-09 17:33 -------- d-----w- c:\windows\system32\SPReview 2012-03-09 17:32 . 2012-03-09 17:32 -------- d-----w- c:\windows\system32\EventProviders 2012-03-09 17:20 . 2010-11-20 13:27 244224 ----a-w- c:\windows\system32\spp.dll 2012-03-09 17:19 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll 2012-03-09 17:19 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll 2012-03-09 17:19 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll 2012-03-09 17:19 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll 2012-03-09 17:18 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll 2012-03-09 17:18 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll 2012-03-09 17:18 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll 2012-03-09 17:15 . 2012-03-09 17:15 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd 2012-03-09 17:14 . 2012-03-09 17:14 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-03-09 17:14 . 2012-03-09 17:17 -------- d-----w- c:\programdata\Logishrd 2012-03-09 17:14 . 2012-03-09 17:14 -------- d-----w- c:\program files\Logitech 2012-03-09 17:03 . 2012-03-09 17:14 -------- d-----w- c:\program files\Common Files\Logishrd 2012-03-09 16:57 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-03-09 16:57 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll 2012-03-09 16:57 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll 2012-03-09 16:57 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys 2012-03-09 16:57 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys 2012-03-09 16:57 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys 2012-03-09 16:57 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys 2012-03-09 16:57 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys 2012-03-09 16:57 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys 2012-03-09 16:57 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe 2012-03-09 16:57 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe 2012-03-09 16:56 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2012-03-09 16:56 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys 2012-03-09 16:56 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys 2012-03-09 16:56 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2012-03-09 16:56 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2012-03-09 16:56 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2012-03-09 16:56 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys 2012-03-09 16:21 . 2012-03-09 16:21 -------- d-----w- c:\program files (x86)\Microsoft.NET 2012-03-09 16:05 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll 2012-03-09 16:05 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-03-09 16:05 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-03-09 16:05 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-03-09 16:05 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-03-09 15:49 . 2012-03-09 15:49 -------- d-----w- c:\program files (x86)\uTorrent 2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\programdata\ATI 2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\programdata\AMD 2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files (x86)\AMD AVT 2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files (x86)\AMD APP 2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files\Common Files\ATI Technologies 2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies 2012-03-09 15:44 . 2012-03-09 15:44 -------- d-----w- c:\program files (x86)\ATI Technologies 2012-03-09 15:44 . 2012-03-09 15:44 -------- d-----w- c:\program files\ATI 2012-03-09 15:44 . 2012-03-09 15:46 -------- d-----w- c:\program files\ATI Technologies 2012-03-09 15:43 . 2012-03-09 15:43 -------- d-----w- C:\AMD 2012-03-09 15:32 . 2012-02-23 08:18 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-03-09 15:10 . 2012-03-01 12:21 8643640 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C71759E0-5BC3-4538-997B-F17AFD634FED}\mpengine.dll 2012-03-09 15:09 . 2012-03-09 15:09 -------- d-----w- c:\program files\Ventrilo 2012-03-09 15:07 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe 2012-03-09 14:56 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll 2012-03-09 14:56 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll 2012-03-09 14:43 . 2012-03-09 14:43 -------- d-----w- c:\users\herb 2012-03-09 14:40 . 2012-03-09 14:40 -------- d-----w- C:\Recovery 2012-02-15 03:48 . 2012-02-15 03:48 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2012-02-15 03:21 . 2012-02-15 03:21 25839104 ----a-w- c:\windows\system32\atio6axx.dll 2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe 2012-02-15 03:18 . 2012-02-15 03:18 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll 2012-02-15 03:17 . 2012-02-15 03:17 957952 ----a-w- c:\windows\system32\aticfx64.dll 2012-02-15 03:13 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll 2012-02-15 03:13 . 2012-02-15 03:13 496128 ----a-w- c:\windows\system32\atieclxx.exe 2012-02-15 03:13 . 2012-02-15 03:13 235520 ----a-w- c:\windows\system32\atiesrxx.exe 2012-02-15 03:11 . 2012-02-15 03:11 120320 ----a-w- c:\windows\system32\atitmm64.dll 2012-02-15 03:10 . 2012-02-15 03:10 21504 ----a-w- c:\windows\system32\atimuixx.dll 2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll 2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2012-02-15 03:07 . 2012-02-15 03:07 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll 2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll 2012-02-15 02:41 . 2012-02-15 02:41 1113088 ----a-w- c:\windows\system32\atiumd6v.dll 2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll 2012-02-15 02:40 . 2012-02-15 02:40 4958208 ----a-w- c:\windows\system32\atiumd6a.dll 2012-02-15 02:34 . 2012-02-15 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2012-02-15 02:34 . 2012-02-15 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2012-02-15 02:34 . 2012-02-15 02:34 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll 2012-02-15 02:34 . 2012-02-15 02:34 13859840 ----a-w- c:\windows\system32\aticaldd64.dll 2012-02-15 02:29 . 2012-02-15 02:29 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll 2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll 2012-02-15 02:25 . 2012-02-15 02:25 7551488 ----a-w- c:\windows\system32\atiumd64.dll 2012-02-15 02:16 . 2012-02-15 02:16 58880 ----a-w- c:\windows\system32\coinst.dll 2012-02-15 02:14 . 2012-02-15 02:14 512000 ----a-w- c:\windows\system32\atiadlxx.dll 2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2012-02-15 02:13 . 2012-02-15 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll 2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll 2012-02-15 02:13 . 2012-02-15 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll 2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll 2012-02-15 02:13 . 2012-02-15 02:13 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2012-02-15 02:12 . 2012-02-15 02:12 43008 ----a-w- c:\windows\system32\atiuxp64.dll 2012-02-15 02:12 . 2012-02-15 02:12 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2012-02-15 02:12 . 2012-02-15 02:12 39936 ----a-w- c:\windows\system32\atiu9p64.dll 2012-02-15 02:12 . 2012-02-15 02:12 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll 2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll 2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll 2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2012-02-14 21:05 . 2012-02-14 21:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll 2012-02-14 21:05 . 2012-02-14 21:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2012-02-14 21:05 . 2012-02-14 21:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll 2012-02-14 21:05 . 2012-02-14 21:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-09 18:12 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-03-09 18:12 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-02-15 02:52 . 2009-07-13 21:59 7646208 ----a-w- c:\windows\system32\atidxx64.dll 2012-01-31 05:02 . 2012-01-31 05:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll 2012-01-31 05:00 . 2012-01-31 05:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-03-10_03.44.41 ))))))))))))))))))))))))))))))))))))))))) . + 2012-03-10 04:14 . 2012-03-10 04:14 66048 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\a9a494047cfbd13fd4a155c77a258a0a\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper.ni.dll + 2012-03-10 04:14 . 2012-03-10 04:14 64000 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\90b3ba2f1de795690641228b63586965\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.ni.dll + 2012-03-10 04:13 . 2012-03-10 04:13 65536 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\f8f0b08845fb76dfcf57e00d86fc13fc\Microsoft.MediaCenter.iTv.Hosting.ni.dll + 2012-03-10 04:13 . 2012-03-10 04:13 49664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUPnP\50cda8ab4cd566b222342c3da14302d3\ehiUPnP.ni.dll + 2012-03-10 04:13 . 2012-03-10 04:13 93184 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiTVMSMusic\4089bf2cec6e1a1539076c5bd6d95ce7\ehiTVMSMusic.ni.dll + 2012-03-10 04:12 . 2012-03-10 04:12 28672 c:\windows\assembly\NativeImages_v2.0.50727_64\dfsvc\7de9a8137a33d06dad01c8405d960037\dfsvc.ni.exe + 2012-03-10 04:10 . 2012-03-10 04:10 33280 c:\windows\assembly\NativeImages_v2.0.50727_64\AuditPolicyGPManage#\320d4f45d6463976ce238f654e706926\AuditPolicyGPManagedStubs.Interop.ni.dll + 2012-03-10 03:49 . 2012-03-10 03:49 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\94a173b39fa90956937b41c775ac66d7\dfsvc.ni.exe + 2012-03-10 04:12 . 2012-03-10 04:12 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\9880905a6fde778e564adf54b2afbaa5\System.Messaging.ni.dll + 2012-03-10 04:12 . 2012-03-10 04:12 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\2ba95581264a766410a6dbbe767c5ed8\System.IdentityModel.Selectors.ni.dll + 2012-03-10 04:12 . 2012-03-10 04:12 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\823bd996cb5aefd6c2b2fa7e19e0ef40\SMDiagnostics.ni.dll + 2012-03-10 04:15 . 2012-03-10 04:15 376832 c:\windows\assembly\NativeImages_v2.0.50727_64\SecurityAuditPolici#\b92e9816d6f35ffb11dc27e00dfa9f98\SecurityAuditPoliciesSnapIn.ni.dll + 2012-03-10 04:14 . 2012-03-10 04:14 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\b94e1c9115d8e37e734b27b48f54d236\MMCFxCommon.ni.dll + 2012-03-10 04:15 . 2012-03-10 04:15 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\cb1c199305d00b2424e707311eb9dcfd\Microsoft.Vsa.ni.dll + 2012-03-10 04:14 . 2012-03-10 04:14 235008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\593d4852da5730b2745a902cb765bf9b\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.ni.dll + 2012-03-10 04:14 . 2012-03-10 04:14 275456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\2bd4bf486059581106a5d16bd9fe853f\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager.ni.dll + 2012-03-10 04:16 . 2012-03-10 04:16 416768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\99bb7896ddbe74236efaa97733c63cbc\Microsoft.PowerShell.Commands.Diagnostics.ni.dll + 2012-03-10 04:13 . 2012-03-10 04:13 522240 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\ddd2f252bea1cce14bb498257992635a\Microsoft.MediaCenter.Interop.ni.dll + 2012-03-10 04:15 . 2012-03-10 04:15 164864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\cf9be66d53dddbf49b75cead76ef3cea\Microsoft.MediaCenter.Mheg.ni.dll + 2012-03-10 04:13 . 2012-03-10 04:13 152576 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\a743124afb874ab00d713ab50a7d850d\Microsoft.MediaCenter.ITVVM.ni.dll + 2012-03-10 04:14 . 2012-03-10 04:14 219648 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\7de5318ee2be8e2b8fcffde83c79ab7c\Microsoft.MediaCenter.iTv.Media.ni.dll + 2012-03-10 04:13 . 2012-03-10 04:13 370176 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\55172dec8f1353d1a8d9cdc4c0b9fac0\Microsoft.MediaCenter.Playback.ni.dll + 2012-03-10 04:13 . 2012-03-10 04:13 965632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\5495e7eca3dac7eee473e30a3611f178\Microsoft.MediaCenter.Sports.ni.dll + 2012-03-10 04:14 . 2012-03-10 04:14 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\35ce662c1368782ede0852134106ea43\Microsoft.MediaCenter.iTv.ni.dll + 2012-03-10 04:14 . 2012-03-10 04:14 798720 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\505549b05e5c3ceccd26ad9c398381e8\Microsoft.ManagementConsole.ni.dll + 2012-03-10 04:15 . 2012-03-10 04:15 618496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.GroupPoli#\b232ba7650e5449bb5dfa5c1818763ef\Microsoft.GroupPolicy.AdmTmplEditor.ni.dll + 2012-03-10 04:15 . 2012-03-10 04:15 399360 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.GroupPoli#\6380c4a4aa90e1047f6b160077983dbb\Microsoft.GroupPolicy.Interop.ni.dll + 2012-03-10 04:15 . 2012-03-10 04:15 244736 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\f356844d3667b88d03bde2ae524659b6\Microsoft.Build.Utilities.v3.5.ni.dll + 2012-03-10 04:15 . 2012-03-10 04:15 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\86f7fa65013864ae7da2fba058199dae\Microsoft.Build.Utilities.ni.dll + 2012-03-10 04:15 . 2012-03-10 04:15 142336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\9f5bcff6a0b169efa6b607efd8789ea9\Microsoft.Build.Framework.ni.dll + 2012-03-10 04:15 . 2012-03-10 04:15 121344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\0ef8fa5e835e9ae9fd9a20e5d5058460\Microsoft.Build.Framework.ni.dll + 2012-03-10 04:14 . 2012-03-10 04:14 423424 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Applicati#\6a6fa7724d13030a9e6fa097b8bf2e81\Microsoft.ApplicationId.Framework.ni.dll + 2012-03-10 04:14 . 2012-03-10 04:14 727040 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Applicati#\4ad25d1d04dc7511507cc7c7f2863e65\Microsoft.ApplicationId.RuleWizard.ni.dll + 2012-03-10 04:14 . 2012-03-10 04:14 107008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft-Windows-H#\77b758c083ce18f7ff9c262e4f6291e4\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.ni.dll + 2012-03-10 04:14 . 2012-03-10 04:14 380928 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\304068df803748d7743a6a4dc344915f\Mcx2Dvcs.ni.dll + 2012-03-10 04:14 . 2012-03-10 04:14 547328 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\fb79aad0c745ff7b45151bc58b4dc8e9\mcupdate.ni.exe + 2012-03-10 04:13 . 2012-03-10 04:13 533504 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\4a29229fecf805779bee25b756d78a0d\mcstoredb.ni.dll + 2012-03-10 04:14 . 2012-03-10 04:14 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\8affc4346a86b80727282966ce58662b\mcplayerinterop.ni.dll + 2012-03-10 04:14 . 2012-03-10 04:14 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\756a74d6b322877662a0f6da4bc7d8e6\mcGlidHostObj.ni.dll + 2012-03-10 04:14 . 2012-03-10 04:14 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\956ca0e08e881df7f16f7d6d1381f71d\EventViewer.ni.dll + 2012-03-10 04:12 . 2012-03-10 04:12 969216 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\307ca4b67db79b05b4781634ea8ec0d7\ehRecObj.ni.dll + 2012-03-10 04:13 . 2012-03-10 04:13 661504 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiWUapi\87f11d95ab10469f888fd76c45f9fceb\ehiWUapi.ni.dll + 2012-03-10 04:13 . 2012-03-10 04:13 933888 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiwmp\a24c79d19a6d2a3e8ca587ecddd3e735\ehiwmp.ni.dll + 2012-03-10 04:12 . 2012-03-10 04:12 145408 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUserXp\0de7a02857c6041bc2c86c1db3ca8c23\ehiUserXp.ni.dll + 2012-03-10 04:13 . 2012-03-10 04:13 196096 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiiTv\421eb174f94249cf6a3b9e517baa82f8\ehiiTv.ni.dll + 2012-03-10 04:13 . 2012-03-10 04:13 397824 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtens\d5bf6f8e9e3d08d407ed68b714c268ae\ehiExtens.ni.dll + 2012-03-10 04:13 . 2012-03-10 04:13 110080 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiBmlDataCarousel\b55c3bb24dda0acda2bc332cc3016f75\ehiBmlDataCarousel.ni.dll + 2012-03-10 04:13 . 2012-03-10 04:13 125440 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiActivScp\fa493e64ca63def1a404a0d4b44cdefc\ehiActivScp.ni.dll + 2012-03-10 04:12 . 2012-03-10 04:12 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\5f53457f49927ecf00156d20466cc5a6\ehExtHost.ni.exe + 2012-03-10 04:12 . 2012-03-10 04:12 313856 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\b49168b11f5f60ddafed2ab1fdd4540f\ehCIR.ni.dll + 2012-03-10 04:12 . 2012-03-10 04:12 348672 c:\windows\assembly\NativeImages_v2.0.50727_64\CustomMarshalers\1e040217cf674c6cf528fbfe18c4c2f8\CustomMarshalers.ni.dll + 2012-03-10 04:10 . 2012-03-10 04:10 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\f2808fb3389d3e28e2b0223dcd654e02\ComSvcConfig.ni.exe + 2012-03-10 04:10 . 2012-03-10 04:10 971264 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\45af2aab82a69a1a6fe0f7cef4024673\BDATunePIA.ni.dll + 2012-03-10 03:49 . 2012-03-10 03:49 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\a717cdb44ec0d3238c621efa420a9956\System.Messaging.ni.dll + 2012-03-10 03:49 . 2012-03-10 03:49 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\8b0dc9405f292a93ddd52eb76bb88169\System.IdentityModel.Selectors.ni.dll + 2012-03-10 03:48 . 2012-03-10 03:48 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\281b67b96a2dd473dad4d222da0ca514\SMDiagnostics.ni.dll + 2012-03-10 03:49 . 2012-03-10 03:49 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\6a07aa6df4d45d1485b6a2749647a3aa\ehExtHost32.ni.exe + 2012-03-10 03:49 . 2012-03-10 03:49 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\2c2215e99c21daeec6bf697cf7bcf103\CustomMarshalers.ni.dll + 2012-03-10 04:12 . 2012-03-10 04:12 3073536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\f99728bbb535157b904873158379dc67\System.Runtime.Serialization.ni.dll + 2012-03-10 04:15 . 2012-03-10 04:15 1472000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\6860203a3f244d4c6b89ff38a9c9cadb\System.Management.ni.dll + 2012-03-10 04:12 . 2012-03-10 04:12 1444352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\3fae8a8515a716f1fae4a64a7f2a4b05\System.IdentityModel.ni.dll + 2012-03-10 04:16 . 2012-03-10 04:16 3315200 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\9e59bc2c8cf98cd315468ca01f68663c\System.Core.ni.dll + 2012-03-10 04:14 . 2012-03-10 04:14 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\77c418992d39a8c1ce569194f9b1ff1e\MIGUIControls.ni.dll + 2012-03-10 04:12 . 2012-03-10 04:12 1598976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\11bd9381aca79215bc01b45a5e7bddce\Microsoft.Transactions.Bridge.ni.dll + 2012-03-10 04:16 . 2012-03-10 04:16 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\8d5a4862d0e61fdd2e958fc989df3cca\Microsoft.PowerShell.Commands.Utility.ni.dll + 2012-03-10 04:16 . 2012-03-10 04:16 1131008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\09516cb547f50c165051c5512c0770d3\Microsoft.PowerShell.Commands.Management.ni.dll + 2012-03-10 04:12 . 2012-03-10 04:12 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\d7d03c116e282c198f398652dbddc074\Microsoft.MediaCenter.ni.dll + 2012-03-10 04:12 . 2012-03-10 04:12 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\bf5f76b58c88f17410effc17059685a8\Microsoft.MediaCenter.UI.ni.dll + 2012-03-10 04:13 . 2012-03-10 04:13 1142784 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\b54d398a06452904630482f2f83d21dd\Microsoft.MediaCenter.Shell.ni.dll + 2012-03-10 04:13 . 2012-03-10 04:13 1170432 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\5f69561da0086365718db46e1172d204\Microsoft.MediaCenter.TV.Tuners.Interop.ni.dll + 2012-03-10 04:15 . 2012-03-10 04:15 3213312 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\551b383e39b9fedb84e25c9fc7d763ee\Microsoft.JScript.ni.dll + 2012-03-10 04:15 . 2012-03-10 04:15 5054976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.GroupPoli#\7c9b82506032312a1cbc644fffa73b17\Microsoft.GroupPolicy.Reporting.ni.dll + 2012-03-10 04:15 . 2012-03-10 04:15 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\4ccd2dddff73b52cd77ecaed30075b09\Microsoft.Build.Tasks.ni.dll + 2012-03-10 04:15 . 2012-03-10 04:15 2682880 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\35cee0a531b3136b21b2c7e2ff56b5eb\Microsoft.Build.Tasks.v3.5.ni.dll + 2012-03-10 04:15 . 2012-03-10 04:15 2544640 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\a22f83fa561173b77ee1215e0dfd7a76\Microsoft.Build.Engine.ni.dll + 2012-03-10 04:15 . 2012-03-10 04:15 1137152 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\5cd9b4020f38edbdc2718884fe3e68f0\Microsoft.Build.Engine.ni.dll + 2012-03-10 04:13 . 2012-03-10 04:13 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\0217b5f9a72020bee3d0291bbae125ff\mcstore.ni.dll + 2012-03-10 04:13 . 2012-03-10 04:13 4088320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcepg\905166e37a4a5f45a7d1672fb756d96e\mcepg.ni.dll + 2012-03-10 04:13 . 2012-03-10 04:13 2165248 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\e6a702f8ccd27dcdcf09008531ab40e5\ehiVidCtl.ni.dll + 2012-03-10 04:12 . 2012-03-10 04:12 1201664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\17d0b71391bf67c5a663b140b9a7a936\ehiProxy.ni.dll + 2012-03-10 03:49 . 2012-03-10 03:49 2347008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bc96c5c6e644452270ff7c3d066ff713\System.Runtime.Serialization.ni.dll + 2012-03-10 03:49 . 2012-03-10 03:49 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\d939fca96c3645bb8806ea8ae43cc0ca\System.IdentityModel.ni.dll + 2012-03-10 03:49 . 2012-03-10 03:49 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1a6921bcfb8ade6652efb9f095b275f1\Microsoft.Transactions.Bridge.ni.dll + 2012-03-10 03:49 . 2012-03-10 03:49 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\03d64144ed3ea21cbeea0c872ece14b6\Microsoft.MediaCenter.ni.dll + 2012-03-10 04:11 . 2012-03-10 04:11 23913984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\0b51b0626d95de7446d132c73edd77cc\System.ServiceModel.ni.dll + 2012-03-10 04:16 . 2012-03-10 04:16 11900928 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\e18dbed9e34d7d56cc7e2f683de12237\System.Management.Automation.ni.dll + 2012-03-10 04:14 . 2012-03-10 04:14 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\089d0fee0e702f9b9a611f761cb3bd8a\ehshell.ni.dll + 2012-03-10 03:48 . 2012-03-10 03:48 17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\b74950292d5681795d9d2c1a72a79952\System.ServiceModel.ni.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2012-03-10 6410096] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . c:\users\herb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 X6va006;X6va006;c:\users\herb\AppData\Local\Temp\006BD59.tmp [x] S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2011-10-11 616400] S2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-10-11 342480] S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224] S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-10-11 463824] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x] S3 SaiH8000;SaiH8000;c:\windows\system32\DRIVERS\SaiH8000.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3638853225-1990997699-2437280156-1000Core.job - c:\users\herb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09 14:48] . 2012-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3638853225-1990997699-2437280156-1000UA.job - c:\users\herb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09 14:48] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.1.1 . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006] "ImagePath"="\??\c:\users\herb\AppData\Local\Temp\006BD59.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-03-10 05:34:17 ComboFix-quarantined-files.txt 2012-03-10 04:34 ComboFix2.txt 2012-03-10 04:00 . Pre-Run: 25,204,334,592 bytes free Post-Run: 24,410,750,976 bytes free . - - End Of File - - 12F900DCF776031FEE00EAABF0B9F6AE
- March 11, 2012
- 69 replies
my malwarebytes keeps on blocking several ip addresses (type: outgoing)..

nemanja replied to nemanja's topic in Resolved Malware Removal Logs

. DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by herb at 21:31:06 on 2012-03-11 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2839 [GMT 1:00] . AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\BitTorrent\BitTorrent.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Users\herb\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\herb\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\herb\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [bitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AMLDEV~1.LNK - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{52A2726C-FD97-421D-9203-CBD2DA6A5A85} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{6AC69217-9567-4CB4-BFFF-1AF9454FE20C} : DhcpNameServer = 192.168.1.1 mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray . ============= SERVICES / DRIVERS =============== . R1 avfwot;avfwot;C:\Windows\system32\DRIVERS\avfwot.sys --> C:\Windows\system32\DRIVERS\avfwot.sys [?] R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 AntiVirFirewallService;Avira FireWall;C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2012-3-9 616400] R2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-3-9 342480] R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-3-9 86224] R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-3-9 110032] R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2012-3-9 463824] R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-10 652360] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 avfwim;AvFw Packet Filter Miniport;C:\Windows\system32\DRIVERS\avfwim.sys --> C:\Windows\system32\DRIVERS\avfwim.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?] R3 SaiH8000;SaiH8000;C:\Windows\system32\DRIVERS\SaiH8000.sys --> C:\Windows\system32\DRIVERS\SaiH8000.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 RTL8187B;Belkin Wireless G USB Network Adapter;C:\Windows\system32\DRIVERS\rtl8187B.sys --> C:\Windows\system32\DRIVERS\rtl8187B.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] . =============== Created Last 30 ================ . 2012-03-11 19:39:47 388096 ----a-r- C:\Users\herb\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-03-11 19:39:46 -------- d-----w- C:\Program Files (x86)\ht 2012-03-11 17:52:31 -------- d-sh--w- C:\$RECYCLE.BIN 2012-03-11 15:15:24 -------- d-----w- C:\CFLog 2012-03-10 14:49:25 446976 ----a-w- C:\Windows\System32\drivers\rtl8187B.sys 2012-03-10 14:49:25 446976 ----a-w- C:\Windows\system\rtl8187B.sys 2012-03-10 14:49:25 -------- d-----w- C:\Windows\OPTIONS 2012-03-10 14:48:53 451072 ----a-w- C:\Windows\SysWow64\ISSRemoveSP.exe 2012-03-10 14:48:53 -------- d-----w- C:\Program Files (x86)\Belkin 2012-03-10 14:10:36 -------- d-----w- C:\Users\herb\AppData\Local\NFS Underground 2 2012-03-10 13:47:14 -------- d-----w- C:\Program Files (x86)\ESET 2012-03-10 03:32:29 98816 ----a-w- C:\Windows\sed.exe 2012-03-10 03:32:29 518144 ----a-w- C:\Windows\SWREG.exe 2012-03-10 03:32:29 256000 ----a-w- C:\Windows\PEV.exe 2012-03-10 03:32:29 208896 ----a-w- C:\Windows\MBR.exe 2012-03-10 03:11:36 -------- d-----w- C:\Program Files (x86)\BitTorrent 2012-03-10 03:10:27 -------- d-----w- C:\Users\herb\AppData\Roaming\BitTorrent 2012-03-10 02:34:25 -------- d-----w- C:\Users\herb\AppData\Roaming\Malwarebytes 2012-03-10 02:34:18 -------- d-----w- C:\ProgramData\Malwarebytes 2012-03-10 02:34:17 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-03-10 02:34:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-03-10 02:26:48 -------- d-----w- C:\Users\herb\AppData\Roaming\BSplayer PRO 2012-03-10 02:26:47 -------- d-----w- C:\Program Files (x86)\Webteh 2012-03-09 23:34:15 0 ----a-w- C:\Windows\ativpsrm.bin 2012-03-09 23:31:36 -------- d-----w- C:\Windows\Panther 2012-03-09 23:31:22 -------- d-----w- C:\Boot 2012-03-09 19:00:46 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-03-09 18:40:47 -------- d-----w- C:\Users\herb\AppData\Roaming\Avira 2012-03-09 18:40:12 97312 ----a-w- C:\Windows\System32\drivers\avgntflt.sys 2012-03-09 18:40:12 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys 2012-03-09 18:40:12 139512 ----a-w- C:\Windows\System32\drivers\avfwot.sys 2012-03-09 18:40:12 113768 ----a-w- C:\Windows\System32\drivers\avfwim.sys 2012-03-09 18:40:12 -------- d-----w- C:\ProgramData\Avira 2012-03-09 18:40:12 -------- d-----w- C:\Program Files (x86)\Avira 2012-03-09 17:33:04 -------- d-----w- C:\Windows\System32\SPReview 2012-03-09 17:32:46 -------- d-----w- C:\Windows\System32\EventProviders 2012-03-09 17:20:59 762880 ----a-w- C:\Windows\SysWow64\azroles.dll 2012-03-09 17:19:56 189952 ----a-w- C:\Windows\SysWow64\sqmapi.dll 2012-03-09 17:19:49 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll 2012-03-09 17:19:49 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll 2012-03-09 17:19:49 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll 2012-03-09 17:18:54 529408 ----a-w- C:\Windows\System32\wbemcomn.dll 2012-03-09 17:18:54 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll 2012-03-09 17:18:50 244736 ----a-w- C:\Windows\System32\sqmapi.dll 2012-03-09 17:15:02 53248 ----a-r- C:\Users\herb\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2012-03-09 17:14:54 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys 2012-03-09 16:56:54 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2012-03-09 16:56:54 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2012-03-09 16:56:54 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys 2012-03-09 16:56:53 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2012-03-09 16:56:53 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys 2012-03-09 16:56:53 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2012-03-09 16:56:53 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys 2012-03-09 16:05:55 1139200 ----a-w- C:\Windows\System32\FntCache.dll 2012-03-09 16:05:54 902656 ----a-w- C:\Windows\System32\d2d1.dll 2012-03-09 16:05:54 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2012-03-09 16:05:54 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2012-03-09 16:05:54 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-03-09 15:49:36 -------- d-----w- C:\Program Files (x86)\uTorrent 2012-03-09 15:49:16 -------- d-----w- C:\Users\herb\AppData\Roaming\uTorrent 2012-03-09 15:46:44 -------- d-----w- C:\Users\herb\AppData\Local\ATI 2012-03-09 15:46:33 -------- d-----w- C:\ProgramData\AMD 2012-03-09 15:46:32 -------- d-----w- C:\Program Files (x86)\AMD AVT 2012-03-09 15:46:30 -------- d-----w- C:\Program Files (x86)\AMD APP 2012-03-09 15:46:24 -------- d-----w- C:\Program Files\Common Files\ATI Technologies 2012-03-09 15:46:24 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies 2012-03-09 15:44:54 -------- d-----w- C:\Program Files (x86)\ATI Technologies 2012-03-09 15:44:50 -------- d-----w- C:\Program Files\ATI 2012-03-09 15:44:12 -------- d-----w- C:\Program Files\ATI Technologies 2012-03-09 15:43:28 -------- d-----w- C:\AMD 2012-03-09 15:32:53 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-03-09 15:10:20 8643640 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C71759E0-5BC3-4538-997B-F17AFD634FED}\mpengine.dll 2012-03-09 15:09:11 -------- d-----w- C:\Program Files\Ventrilo 2012-03-09 15:07:55 2871808 ----a-w- C:\Windows\explorer.exe 2012-03-09 14:56:44 77312 ----a-w- C:\Windows\System32\packager.dll 2012-03-09 14:56:44 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2012-03-09 14:48:35 -------- d-----w- C:\Users\herb\AppData\Local\Google 2012-03-09 14:48:22 -------- d-----w- C:\Users\herb\AppData\Local\Deployment 2012-03-09 14:48:22 -------- d-----w- C:\Users\herb\AppData\Local\Apps 2012-03-09 14:47:23 -------- d-----w- C:\Users\herb\AppData\Local\Diagnostics 2012-03-09 14:40:26 -------- d-----w- C:\Recovery 2012-02-15 03:48:32 10856960 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2012-02-15 03:21:24 25839104 ----a-w- C:\Windows\System32\atio6axx.dll 2012-02-15 03:18:56 159744 ----a-w- C:\Windows\System32\atiapfxx.exe 2012-02-15 03:18:40 791040 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2012-02-15 03:17:04 957952 ----a-w- C:\Windows\System32\aticfx64.dll 2012-02-15 03:13:56 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll 2012-02-15 03:13:40 496128 ----a-w- C:\Windows\System32\atieclxx.exe 2012-02-15 03:13:00 235520 ----a-w- C:\Windows\System32\atiesrxx.exe 2012-02-15 03:11:42 120320 ----a-w- C:\Windows\System32\atitmm64.dll 2012-02-15 03:10:58 21504 ----a-w- C:\Windows\System32\atimuixx.dll 2012-02-15 03:10:54 59392 ----a-w- C:\Windows\System32\atiedu64.dll 2012-02-15 03:10:48 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll 2012-02-15 03:07:44 6200320 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2012-02-15 02:58:56 19392000 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2012-02-15 02:41:28 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll 2012-02-15 02:40:54 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll 2012-02-15 02:40:42 4958208 ----a-w- C:\Windows\System32\atiumd6a.dll 2012-02-15 02:34:56 51200 ----a-w- C:\Windows\System32\aticalrt64.dll 2012-02-15 02:34:54 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2012-02-15 02:34:46 44544 ----a-w- C:\Windows\System32\aticalcl64.dll 2012-02-15 02:34:44 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2012-02-15 02:34:36 5954048 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2012-02-15 02:34:30 13859840 ----a-w- C:\Windows\System32\aticaldd64.dll 2012-02-15 02:29:52 5062656 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2012-02-15 02:29:50 11561984 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2012-02-15 02:25:06 7551488 ----a-w- C:\Windows\System32\atiumd64.dll 2012-02-15 02:16:38 58880 ----a-w- C:\Windows\System32\coinst.dll 2012-02-15 02:14:00 512000 ----a-w- C:\Windows\System32\atiadlxx.dll 2012-02-15 02:13:50 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll 2012-02-15 02:13:36 17408 ----a-w- C:\Windows\System32\atig6pxx.dll 2012-02-15 02:13:32 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll 2012-02-15 02:13:32 14336 ----a-w- C:\Windows\System32\atiglpxx.dll 2012-02-15 02:13:28 39936 ----a-w- C:\Windows\System32\atig6txx.dll 2012-02-15 02:13:20 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll 2012-02-15 02:13:12 327680 ----a-w- C:\Windows\System32\drivers\atikmpag.sys 2012-02-15 02:12:22 43008 ----a-w- C:\Windows\System32\atiuxp64.dll 2012-02-15 02:12:14 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2012-02-15 02:12:08 39936 ----a-w- C:\Windows\System32\atiu9p64.dll 2012-02-15 02:12:00 30208 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2012-02-15 02:11:22 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll 2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\atimpc64.dll 2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\amdpcom64.dll 2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll 2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll 2012-02-14 21:05:32 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll 2012-02-14 21:05:26 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll 2012-02-14 21:05:20 61952 ----a-w- C:\Windows\System32\OVDecode64.dll 2012-02-14 21:05:16 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2012-02-14 21:05:08 16507904 ----a-w- C:\Windows\System32\amdocl64.dll 2012-02-14 21:04:26 13238272 ----a-w- C:\Windows\SysWow64\amdocl.dll 2012-02-14 21:03:44 54272 ----a-w- C:\Windows\System32\OpenCL.dll 2012-02-14 21:03:38 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll . ==================== Find3M ==================== . 2012-03-09 18:12:49 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2012-03-09 18:12:48 175616 ----a-w- C:\Windows\System32\msclmd.dll 2012-02-15 02:52:28 7646208 ----a-w- C:\Windows\System32\atidxx64.dll 2012-01-31 05:02:26 21504 ----a-w- C:\Windows\System32\kdbsdk64.dll 2012-01-31 05:00:24 16896 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll 2012-01-14 04:06:27 3145728 ----a-w- C:\Windows\System32\win32k.sys 2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll 2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll 2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl 2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl 2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys 2011-12-16 08:46:06 634880 ----a-w- C:\Windows\System32\msvcrt.dll 2011-12-16 07:52:58 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll 2011-12-13 17:27:30 4718952 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys 2011-12-13 15:58:20 1560168 ----a-w- C:\Windows\System32\RTSnMg64.cpl 2011-12-13 10:01:00 1698408 ----a-w- C:\Windows\RtlExUpd.dll . ============= FINISH: 21:31:52.51 ===============
- March 11, 2012
- 69 replies
my malwarebytes keeps on blocking several ip addresses (type: outgoing)..

nemanja posted a topic in Resolved Malware Removal Logs

please help me.. im not good at computer stuffs and im kinda worried.. my malwarebytes keeps on blocking several ip addresses (type: outgoing).. what does this means? is someone trying to hack my system? but i ran anti virus and anti malware and it seems okay... do i need to do further action? did i miss something? please instruct me what to do... your help would be highly appreciated. Thanks 2012/03/11 03:01:44 +0100 HERB-PC herb IP-BLOCK 212.36.9.157 (Type: outgoing, Port: 59238, Process: avwebgrd.exe) 2012/03/11 03:01:44 +0100 HERB-PC herb IP-BLOCK 212.36.9.157 (Type: outgoing, Port: 59239, Process: avwebgrd.exe) 2012/03/11 03:01:44 +0100 HERB-PC herb IP-BLOCK 212.36.9.157 (Type: outgoing, Port: 59241, Process: avwebgrd.exe) 2012/03/11 03:08:32 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 60750, Process: avwebgrd.exe) 2012/03/11 03:34:34 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 63141, Process: avwebgrd.exe) 2012/03/11 03:44:43 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 64209, Process: avwebgrd.exe) 2012/03/11 03:45:23 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe) 2012/03/11 03:45:31 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe) 2012/03/11 03:45:31 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 64348, Process: bittorrent.exe) 2012/03/11 03:45:40 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe) 2012/03/11 03:47:00 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 64498, Process: bittorrent.exe) 2012/03/11 03:47:16 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe) 2012/03/11 03:47:16 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe) 2012/03/11 03:51:25 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe) 2012/03/11 03:51:25 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 64780, Process: bittorrent.exe) 2012/03/11 03:51:33 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe) 2012/03/11 03:57:02 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 65192, Process: avwebgrd.exe) 2012/03/11 03:57:10 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe) 2012/03/11 03:57:27 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe) 2012/03/11 03:57:27 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 65298, Process: bittorrent.exe) 2012/03/11 03:57:27 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe) 2012/03/11 03:58:07 +0100 HERB-PC herb IP-BLOCK 195.216.189.66 (Type: outgoing, Port: 50738, Process: bittorrent.exe) 2012/03/11 03:58:23 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe) 2012/03/11 03:58:23 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 65355, Process: bittorrent.exe) 2012/03/11 03:58:31 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe) 2012/03/11 03:59:35 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 65389, Process: bittorrent.exe) 2012/03/11 04:00:00 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe) 2012/03/11 04:00:08 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe) 2012/03/11 04:07:13 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 49171, Process: avwebgrd.exe) 2012/03/11 04:14:01 +0100 HERB-PC herb IP-BLOCK 218.7.226.66 (Type: outgoing, Port: 50738, Process: bittorrent.exe) 2012/03/11 04:27:30 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 49424, Process: avwebgrd.exe) 2012/03/11 04:59:40 +0100 HERB-PC herb IP-BLOCK 94.102.56.139 (Type: outgoing, Port: 50738, Process: bittorrent.exe) 2012/03/11 05:07:33 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 50100, Process: avwebgrd.exe) 2012/03/11 05:14:37 +0100 HERB-PC herb IP-BLOCK 89.28.98.66 (Type: outgoing, Port: 50738, Process: bittorrent.exe) 2012/03/11 06:15:12 +0100 HERB-PC herb IP-BLOCK 203.93.109.188 (Type: outgoing, Port: 50738, Process: bittorrent.exe) 2012/03/11 06:15:20 +0100 HERB-PC herb IP-BLOCK 79.135.149.98 (Type: outgoing, Port: 50738, Process: bittorrent.exe) 2012/03/11 06:27:45 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 50751, Process: avwebgrd.exe) 2012/03/11 06:44:10 +0100 HERB-PC herb IP-BLOCK 195.161.7.1 (Type: outgoing, Port: 50738, Process: bittorrent.exe) 2012/03/11 07:59:09 +0100 HERB-PC herb IP-BLOCK 46.182.104.43 (Type: outgoing, Port: 50738, Process: bittorrent.exe) 2012/03/11 08:31:35 +0100 HERB-PC herb IP-BLOCK 61.139.126.180 (Type: outgoing, Port: 50738, Process: bittorrent.exe) 2012/03/11 09:04:36 +0100 HERB-PC herb IP-BLOCK 61.139.126.180 (Type: outgoing, Port: 50738, Process: bittorrent.exe) 2012/03/11 09:06:04 +0100 HERB-PC herb IP-BLOCK 91.188.46.33 (Type: outgoing, Port: 50738, Process: bittorrent.exe) 2012/03/11 09:07:48 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 52497, Process: avwebgrd.exe) 2012/03/11 09:18:05 +0100 HERB-PC herb IP-BLOCK 194.165.0.8 (Type: outgoing, Port: 50738, Process: bittorrent.exe) 2012/03/11 09:33:01 +0100 HERB-PC herb IP-BLOCK 46.182.104.43 (Type: outgoing, Port: 50738, Process: bittorrent.exe) 2012/03/11 09:49:02 +0100 HERB-PC herb IP-BLOCK 91.188.33.97 (Type: outgoing, Port: 50738, Process: bittorrent.exe) 2012/03/11 10:02:39 +0100 HERB-PC herb IP-BLOCK 80.67.13.105 (Type: outgoing, Port: 50738, Process: bittorrent.exe) 2012/03/11 11:18:34 +0100 HERB-PC herb IP-BLOCK 212.117.179.122 (Type: outgoing, Port: 50738, Process: bittorrent.exe) 2012/03/11 11:18:34 +0100 HERB-PC herb IP-BLOCK 222.65.100.98 (Type: outgoing, Port: 50738, Process: bittorrent.exe) 2012/03/11 11:48:43 +0100 HERB-PC herb IP-BLOCK 213.186.119.120 (Type: outgoing, Port: 50738, Process: bittorrent.exe) 2012/03/11 11:58:59 +0100 HERB-PC herb IP-BLOCK 89.28.6.125 (Type: outgoing, Port: 50738, Process: bittorrent.exe) 2012/03/11 14:01:21 +0100 HERB-PC herb IP-BLOCK 218.7.16.117 (Type: outgoing, Port: 50738, Process: bittorrent.exe) 2012/03/11 14:28:19 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 57242, Process: avwebgrd.exe) 2012/03/11 14:45:56 +0100 HERB-PC herb IP-BLOCK 58.241.117.105 (Type: outgoing, Port: 50738, Process: bittorrent.exe) 2012/03/11 15:13:17 +0100 HERB-PC herb IP-BLOCK 31.31.77.117 (Type: outgoing, Port: 50738, Process: bittorrent.exe) 2012/03/11 15:29:34 +0100 HERB-PC herb IP-BLOCK 121.125.133.24 (Type: outgoing, Port: 50738, Process: bittorrent.exe) 2012/03/11 15:44:07 +0100 HERB-PC herb IP-BLOCK 89.28.40.246 (Type: outgoing, Port: 50738, Process: bittorrent.exe)
- March 11, 2012
- 69 replies

Events

Profiles

Forums

Everything posted by nemanja

Important Information