[my malwarebytes keeps on blocking several ip addresses (type: outgoing)..]

avira FW still showing blocked pakets... but internet is seems faster

[my malwarebytes keeps on blocking several ip addresses (type: outgoing)..]

i created wrong script .. .. .. sorry should i try again ??

ComboFix 12-03-11.01 - herb 03/14/2012 0:16.5.2 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2704 [GMT 1:00]

Running from: c:\users\herb\Desktop\ComboFix.exe

Command switches used :: c:\users\herb\Desktop\CFScript.txt.txt

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

FW: FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\users\herb\AppData\Local\Temp\0064386.tmp"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_X6VA006

-------\Service_X6va006

.

.

((((((((((((((((((((((((( Files Created from 2012-02-13 to 2012-03-13 )))))))))))))))))))))))))))))))

.

.

2012-03-13 23:24 . 2012-03-13 23:24 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-12 03:19 . 2012-03-12 03:19 -------- d-----w- c:\program files\CCleaner

2012-03-12 02:53 . 2012-03-12 02:59 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2012-03-12 01:31 . 2012-03-12 01:31 -------- d-----w- c:\windows\system32\appmgmt

2012-03-11 22:17 . 2012-03-11 22:17 -------- d-----w- c:\program files (x86)\GSC 2.00

2012-03-11 19:39 . 2012-03-11 19:39 -------- d-----w- c:\program files (x86)\ht

2012-03-10 14:48 . 2009-02-05 01:49 451072 ----a-w- c:\windows\SysWow64\ISSRemoveSP.exe

2012-03-10 13:47 . 2012-03-10 13:47 -------- d-----w- c:\program files (x86)\ESET

2012-03-10 02:34 . 2012-03-10 02:34 -------- d-----w- c:\programdata\Malwarebytes

2012-03-10 02:34 . 2012-03-10 02:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-10 02:34 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-10 02:26 . 2012-03-11 02:53 -------- d-----w- c:\program files (x86)\Webteh

2012-03-09 23:34 . 2012-03-09 23:34 0 ----a-w- c:\windows\ativpsrm.bin

2012-03-09 23:31 . 2012-03-12 03:20 -------- d-----w- c:\windows\Panther

2012-03-09 23:31 . 2012-03-09 18:20 -------- d-----w- C:\Boot

2012-03-09 19:00 . 2012-03-09 19:00 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-09 19:00 . 2012-03-09 19:00 -------- d-----w- c:\windows\SysWow64\Macromed

2012-03-09 19:00 . 2012-03-09 19:00 -------- d-----w- c:\windows\system32\Macromed

2012-03-09 18:40 . 2012-03-13 17:45 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-03-09 18:40 . 2012-03-13 17:37 -------- d-----w- c:\programdata\Avira

2012-03-09 18:40 . 2012-03-09 18:40 -------- d-----w- c:\program files (x86)\Avira

2012-03-09 18:40 . 2011-10-11 13:53 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2012-03-09 18:40 . 2011-10-11 13:53 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-03-09 18:40 . 2011-10-11 13:53 139512 ----a-w- c:\windows\system32\drivers\avfwot.sys

2012-03-09 18:40 . 2011-10-11 13:53 113768 ----a-w- c:\windows\system32\drivers\avfwim.sys

2012-03-09 17:33 . 2012-03-09 17:33 -------- d-----w- c:\windows\system32\SPReview

2012-03-09 17:32 . 2012-03-09 17:32 -------- d-----w- c:\windows\system32\EventProviders

2012-03-09 17:20 . 2010-11-20 13:27 244224 ----a-w- c:\windows\system32\spp.dll

2012-03-09 17:19 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll

2012-03-09 17:19 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll

2012-03-09 17:19 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll

2012-03-09 17:19 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll

2012-03-09 17:18 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll

2012-03-09 17:18 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll

2012-03-09 17:18 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll

2012-03-09 17:15 . 2012-03-09 17:15 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd

2012-03-09 17:14 . 2012-03-09 17:14 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2012-03-09 17:14 . 2012-03-09 17:17 -------- d-----w- c:\programdata\Logishrd

2012-03-09 17:14 . 2012-03-09 17:14 -------- d-----w- c:\program files\Logitech

2012-03-09 17:03 . 2012-03-09 17:14 -------- d-----w- c:\program files\Common Files\Logishrd

2012-03-09 16:57 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-03-09 16:57 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll

2012-03-09 16:57 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll

2012-03-09 16:57 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys

2012-03-09 16:57 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys

2012-03-09 16:57 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys

2012-03-09 16:57 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys

2012-03-09 16:57 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys

2012-03-09 16:57 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys

2012-03-09 16:57 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe

2012-03-09 16:57 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe

2012-03-09 16:56 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2012-03-09 16:56 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2012-03-09 16:56 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys

2012-03-09 16:56 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2012-03-09 16:56 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2012-03-09 16:56 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2012-03-09 16:56 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys

2012-03-09 16:21 . 2012-03-09 16:21 -------- d-----w- c:\program files (x86)\Microsoft.NET

2012-03-09 16:05 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll

2012-03-09 16:05 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-09 16:05 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll

2012-03-09 16:05 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-09 16:05 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\programdata\ATI

2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\programdata\AMD

2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files (x86)\AMD AVT

2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files (x86)\AMD APP

2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files\Common Files\ATI Technologies

2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2012-03-09 15:44 . 2012-03-09 15:44 -------- d-----w- c:\program files (x86)\ATI Technologies

2012-03-09 15:44 . 2012-03-09 15:44 -------- d-----w- c:\program files\ATI

2012-03-09 15:44 . 2012-03-09 15:46 -------- d-----w- c:\program files\ATI Technologies

2012-03-09 15:43 . 2012-03-09 15:43 -------- d-----w- C:\AMD

2012-03-09 15:32 . 2012-02-23 08:18 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-03-09 15:10 . 2012-03-01 12:21 8643640 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C71759E0-5BC3-4538-997B-F17AFD634FED}\mpengine.dll

2012-03-09 15:09 . 2012-03-09 15:09 -------- d-----w- c:\program files\Ventrilo

2012-03-09 15:07 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe

2012-03-09 14:56 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-03-09 14:56 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-03-09 14:43 . 2012-03-13 14:26 -------- d-----w- c:\users\herb

2012-03-09 14:40 . 2012-03-09 14:40 -------- d-----w- C:\Recovery

2012-02-15 03:48 . 2012-02-15 03:48 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-02-15 03:21 . 2012-02-15 03:21 25839104 ----a-w- c:\windows\system32\atio6axx.dll

2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2012-02-15 03:18 . 2012-02-15 03:18 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-02-15 03:17 . 2012-02-15 03:17 957952 ----a-w- c:\windows\system32\aticfx64.dll

2012-02-15 03:13 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-02-15 03:13 . 2012-02-15 03:13 496128 ----a-w- c:\windows\system32\atieclxx.exe

2012-02-15 03:13 . 2012-02-15 03:13 235520 ----a-w- c:\windows\system32\atiesrxx.exe

2012-02-15 03:11 . 2012-02-15 03:11 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-02-15 03:10 . 2012-02-15 03:10 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-02-15 03:07 . 2012-02-15 03:07 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-02-15 02:41 . 2012-02-15 02:41 1113088 ----a-w- c:\windows\system32\atiumd6v.dll

2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll

2012-02-15 02:40 . 2012-02-15 02:40 4958208 ----a-w- c:\windows\system32\atiumd6a.dll

2012-02-15 02:34 . 2012-02-15 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-02-15 02:34 . 2012-02-15 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-02-15 02:34 . 2012-02-15 02:34 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-02-15 02:34 . 2012-02-15 02:34 13859840 ----a-w- c:\windows\system32\aticaldd64.dll

2012-02-15 02:29 . 2012-02-15 02:29 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-02-15 02:25 . 2012-02-15 02:25 7551488 ----a-w- c:\windows\system32\atiumd64.dll

2012-02-15 02:16 . 2012-02-15 02:16 58880 ----a-w- c:\windows\system32\coinst.dll

2012-02-15 02:14 . 2012-02-15 02:14 512000 ----a-w- c:\windows\system32\atiadlxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-02-15 02:13 . 2012-02-15 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll

2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-02-15 02:12 . 2012-02-15 02:12 43008 ----a-w- c:\windows\system32\atiuxp64.dll

2012-02-15 02:12 . 2012-02-15 02:12 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-02-15 02:12 . 2012-02-15 02:12 39936 ----a-w- c:\windows\system32\atiu9p64.dll

2012-02-15 02:12 . 2012-02-15 02:12 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll

2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll

2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-09 18:12 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2012-03-09 18:12 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2012-02-15 02:52 . 2009-07-13 21:59 7646208 ----a-w- c:\windows\system32\atidxx64.dll

2012-01-31 05:02 . 2012-01-31 05:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll

2012-01-31 05:00 . 2012-01-31 05:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-03-13_22.43.41 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-03-13 14:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-03-13 23:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-03-13 23:00 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-03-13 14:27 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-03-13 14:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-03-13 23:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2012-03-13 22:01 . 2012-03-13 22:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-03-13 23:26 . 2012-03-13 23:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-03-13 23:26 . 2012-03-13 23:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-03-13 22:01 . 2012-03-13 22:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-03-09 15:57 . 2012-03-13 22:00 763544 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2012-03-09 15:57 . 2012-03-13 23:25 763544 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2009-07-14 05:01 . 2012-03-13 23:25 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-03-13 22:00 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2012-03-09 18:03 . 2012-03-13 22:00 1211292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3638853225-1990997699-2437280156-1000-8192.dat

+ 2012-03-09 18:03 . 2012-03-13 23:25 1211292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3638853225-1990997699-2437280156-1000-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

.

c:\users\herb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 RTL8187B;Belkin Wireless G USB Network Adapter;c:\windows\system32\DRIVERS\rtl8187B.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2011-10-11 616400]

S2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-03-13 342480]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]

S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-10-11 463824]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [x]

S3 SaiH8000;SaiH8000;c:\windows\system32\DRIVERS\SaiH8000.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3638853225-1990997699-2437280156-1000Core.job

- c:\users\herb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09 14:48]

.

2012-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3638853225-1990997699-2437280156-1000UA.job

- c:\users\herb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09 14:48]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]

"combofix"="c:\combofix\CF1490.3XE" [2010-11-20 345088]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 192.168.1.1

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

.

**************************************************************************

.

Completion time: 2012-03-14 00:37:44 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-13 23:37

ComboFix2.txt 2012-03-13 22:57

ComboFix3.txt 2012-03-13 04:04

.

Pre-Run: 16,269,287,424 bytes free

Post-Run: 16,048,390,144 bytes free

.

- - End Of File - - 85AA3264E9DB504663336EF6B42F9598

[my malwarebytes keeps on blocking several ip addresses (type: outgoing)..]

i did alow for google it was deny, and all is alowed now but still some new adresses keep showing.. on every 10min ill try now with script

[my malwarebytes keeps on blocking several ip addresses (type: outgoing)..]

http://whois.domaintools.com/4.23.52.126 and this one is from facebook http://whois.domaintools.com/66.220.145.45 but why avira FW block these sites?

[my malwarebytes keeps on blocking several ip addresses (type: outgoing)..]

ComboFix 12-03-11.01 - herb 03/13/2012 23:33:57.4.2 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2958 [GMT 1:00]

Running from: c:\users\herb\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

FW: FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\CFLog

c:\cflog\CrashLog_20120313.txt

.

.

((((((((((((((((((((((((( Files Created from 2012-02-13 to 2012-03-13 )))))))))))))))))))))))))))))))

.

.

2012-03-13 22:42 . 2012-03-13 22:42 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-10 02:34 . 2012-03-10 02:34 -------- d-----w- c:\programdata\Malwarebytes

2012-03-10 02:34 . 2012-03-10 02:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-10 02:34 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-10 02:26 . 2012-03-11 02:53 -------- d-----w- c:\program files (x86)\Webteh

2012-03-09 23:34 . 2012-03-09 23:34 0 ----a-w- c:\windows\ativpsrm.bin

2012-03-09 23:31 . 2012-03-12 03:20 -------- d-----w- c:\windows\Panther

2012-03-09 23:31 . 2012-03-09 18:20 -------- d-----w- C:\Boot

2012-03-09 19:00 . 2012-03-09 19:00 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-09 19:00 . 2012-03-09 19:00 -------- d-----w- c:\windows\SysWow64\Macromed

2012-03-09 19:00 . 2012-03-09 19:00 -------- d-----w- c:\windows\system32\Macromed

2012-03-09 18:40 . 2012-03-13 17:45 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-03-09 18:40 . 2012-03-13 17:37 -------- d-----w- c:\programdata\Avira

2012-03-09 18:40 . 2012-03-09 18:40 -------- d-----w- c:\program files (x86)\Avira

2012-03-09 18:40 . 2011-10-11 13:53 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2012-03-09 18:40 . 2011-10-11 13:53 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-03-09 18:40 . 2011-10-11 13:53 139512 ----a-w- c:\windows\system32\drivers\avfwot.sys

2012-03-09 18:40 . 2011-10-11 13:53 113768 ----a-w- c:\windows\system32\drivers\avfwim.sys

2012-03-09 17:33 . 2012-03-09 17:33 -------- d-----w- c:\windows\system32\SPReview

2012-03-09 17:32 . 2012-03-09 17:32 -------- d-----w- c:\windows\system32\EventProviders

2012-03-09 17:20 . 2010-11-20 13:27 244224 ----a-w- c:\windows\system32\spp.dll

2012-03-09 17:19 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll

2012-03-09 17:19 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll

2012-03-09 17:19 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll

2012-03-09 17:19 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll

2012-03-09 17:18 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll

2012-03-09 17:18 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll

2012-03-09 17:18 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll

2012-03-09 17:15 . 2012-03-09 17:15 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd

2012-03-09 17:14 . 2012-03-09 17:14 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2012-03-09 17:14 . 2012-03-09 17:17 -------- d-----w- c:\programdata\Logishrd

2012-03-09 17:14 . 2012-03-09 17:14 -------- d-----w- c:\program files\Logitech

2012-03-09 17:03 . 2012-03-09 17:14 -------- d-----w- c:\program files\Common Files\Logishrd

2012-03-09 16:57 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-03-09 16:57 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll

2012-03-09 16:57 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll

2012-03-09 16:57 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys

2012-03-09 16:57 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys

2012-03-09 16:57 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys

2012-03-09 16:57 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys

2012-03-09 16:57 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys

2012-03-09 16:57 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys

2012-03-09 16:57 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe

2012-03-09 16:57 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe

2012-03-09 16:56 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2012-03-09 16:56 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2012-03-09 16:56 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys

2012-03-09 16:56 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2012-03-09 16:56 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2012-03-09 16:56 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2012-03-09 16:56 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys

2012-03-09 16:21 . 2012-03-09 16:21 -------- d-----w- c:\program files (x86)\Microsoft.NET

2012-03-09 16:05 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll

2012-03-09 16:05 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-09 16:05 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll

2012-03-09 16:05 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-09 16:05 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\programdata\ATI

2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\programdata\AMD

2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files (x86)\AMD AVT

2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files (x86)\AMD APP

2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files\Common Files\ATI Technologies

2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2012-03-09 15:44 . 2012-03-09 15:44 -------- d-----w- c:\program files (x86)\ATI Technologies

2012-03-09 15:44 . 2012-03-09 15:44 -------- d-----w- c:\program files\ATI

2012-03-09 15:44 . 2012-03-09 15:46 -------- d-----w- c:\program files\ATI Technologies

2012-03-09 15:43 . 2012-03-09 15:43 -------- d-----w- C:\AMD

2012-03-09 15:32 . 2012-02-23 08:18 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-03-09 15:10 . 2012-03-01 12:21 8643640 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C71759E0-5BC3-4538-997B-F17AFD634FED}\mpengine.dll

2012-03-09 15:09 . 2012-03-09 15:09 -------- d-----w- c:\program files\Ventrilo

2012-03-09 15:07 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe

2012-03-09 14:56 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-03-09 14:56 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-03-09 14:43 . 2012-03-13 14:26 -------- d-----w- c:\users\herb

2012-03-09 14:40 . 2012-03-09 14:40 -------- d-----w- C:\Recovery

2012-02-15 03:48 . 2012-02-15 03:48 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-02-15 03:21 . 2012-02-15 03:21 25839104 ----a-w- c:\windows\system32\atio6axx.dll

2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2012-02-15 03:18 . 2012-02-15 03:18 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-02-15 03:17 . 2012-02-15 03:17 957952 ----a-w- c:\windows\system32\aticfx64.dll

2012-02-15 03:13 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-02-15 03:13 . 2012-02-15 03:13 496128 ----a-w- c:\windows\system32\atieclxx.exe

2012-02-15 03:13 . 2012-02-15 03:13 235520 ----a-w- c:\windows\system32\atiesrxx.exe

2012-02-15 03:11 . 2012-02-15 03:11 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-02-15 03:10 . 2012-02-15 03:10 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-02-15 03:07 . 2012-02-15 03:07 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-02-15 02:41 . 2012-02-15 02:41 1113088 ----a-w- c:\windows\system32\atiumd6v.dll

2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll

2012-02-15 02:40 . 2012-02-15 02:40 4958208 ----a-w- c:\windows\system32\atiumd6a.dll

2012-02-15 02:34 . 2012-02-15 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-02-15 02:34 . 2012-02-15 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-02-15 02:34 . 2012-02-15 02:34 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-02-15 02:34 . 2012-02-15 02:34 13859840 ----a-w- c:\windows\system32\aticaldd64.dll

2012-02-15 02:29 . 2012-02-15 02:29 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-02-15 02:25 . 2012-02-15 02:25 7551488 ----a-w- c:\windows\system32\atiumd64.dll

2012-02-15 02:16 . 2012-02-15 02:16 58880 ----a-w- c:\windows\system32\coinst.dll

2012-02-15 02:14 . 2012-02-15 02:14 512000 ----a-w- c:\windows\system32\atiadlxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-02-15 02:13 . 2012-02-15 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll

2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-02-15 02:12 . 2012-02-15 02:12 43008 ----a-w- c:\windows\system32\atiuxp64.dll

2012-02-15 02:12 . 2012-02-15 02:12 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-02-15 02:12 . 2012-02-15 02:12 39936 ----a-w- c:\windows\system32\atiu9p64.dll

2012-02-15 02:12 . 2012-02-15 02:12 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll

2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll

2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2012-02-14 21:05 . 2012-02-14 21:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-02-14 21:05 . 2012-02-14 21:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-02-14 21:05 . 2012-02-14 21:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll

2012-02-14 21:05 . 2012-02-14 21:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-02-14 21:05 . 2012-02-14 21:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll

2012-02-14 21:04 . 2012-02-14 21:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-09 18:12 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2012-03-09 18:12 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2012-02-15 02:52 . 2009-07-13 21:59 7646208 ----a-w- c:\windows\system32\atidxx64.dll

2012-01-31 05:02 . 2012-01-31 05:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll

2012-01-31 05:00 . 2012-01-31 05:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

.

c:\users\herb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 RTL8187B;Belkin Wireless G USB Network Adapter;c:\windows\system32\DRIVERS\rtl8187B.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 X6va006;X6va006;c:\users\herb\AppData\Local\Temp\0064386.tmp [x]

S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2011-10-11 616400]

S2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-03-13 342480]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]

S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-10-11 463824]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [x]

S3 SaiH8000;SaiH8000;c:\windows\system32\DRIVERS\SaiH8000.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3638853225-1990997699-2437280156-1000Core.job

- c:\users\herb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09 14:48]

.

2012-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3638853225-1990997699-2437280156-1000UA.job

- c:\users\herb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09 14:48]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-BitTorrent - c:\program files (x86)\BitTorrent\BitTorrent.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]

"ImagePath"="\??\c:\users\herb\AppData\Local\Temp\0064386.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-03-13 23:57:00

ComboFix-quarantined-files.txt 2012-03-13 22:56

ComboFix2.txt 2012-03-13 04:04

.

Pre-Run: 16,506,994,688 bytes free

Post-Run: 16,221,315,072 bytes free

.

- - End Of File - - E400782127CF142C74F70C1E5FA51C65

[my malwarebytes keeps on blocking several ip addresses (type: outgoing)..]

Google o.O a sec ago avira FW shows Deny all IP packets" has blocked a packet from IP:192.168.1.1" thats my IP!! what is going oN ?? thanks for your time

[my malwarebytes keeps on blocking several ip addresses (type: outgoing)..]

Malwarebytes Anti-Malware (PRO) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.13.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

herb :: HERB-PC [administrator]

Protection: Enabled

3/13/2012 11:24:27 PM

mbam-log-2012-03-13 (23-24-27).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 186942

Time elapsed: 1 minute(s), 45 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[my malwarebytes keeps on blocking several ip addresses (type: outgoing)..]

uninstalled bittorrent restarted pc and avira firewall still says "The rule: "Deny all IP packets" has blocked a packet from IP:74.125.232.229" and other IP 74.125.232.229 i think there is more difrent IPs

i made mistake other ip is 74.125.232.193

[my malwarebytes keeps on blocking several ip addresses (type: outgoing)..]

uninstalled bittorrent restarted pc and avira firewall still says "The rule: "Deny all IP packets" has blocked a packet from IP:74.125.232.229" and other IP 74.125.232.229 i think there is more difrent IPs

[my malwarebytes keeps on blocking several ip addresses (type: outgoing)..]

it seems like every time i open port (torrent, online game) something is slowing my internet, i mean really slowing 1kb/s is speed, ping in game 5000, cant even post with 1st try, pages need 3min to load etc... when "working" torrent speed goes to 300 than to 0 and my max download speed should be 420. last night i turned off my antivirus and firewall and disconected pc from internet and when i woke up internet was so slow, practicly i didn't have it. i did restore point and things is like few days ago, malwarebytes blocking traffic outgoing, and avira firewall also block some packets i spotted one strange IP 192.168.1.1 (mine IP acured by router) i hope some one will help soon, am thinking about reinstall OS becose i can use my internet for another day without problem... thanks for your time

[my malwarebytes keeps on blocking several ip addresses (type: outgoing)..]

also i did format whole hdd with active kill disc and problem is still here, OS reinstall does not help.. after 24h max its back! non of antiviruses detect any kind of malware or virus [eset ss 4, avira, microsoft essentials, avg]! avira firewall also detect bloced pakets on every 10-15min

[A short film animation painted on public walls]

[my malwarebytes keeps on blocking several ip addresses (type: outgoing)..]

Malwarebytes Anti-Malware (PRO) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.12.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

herb :: HERB-PC [administrator]

Protection: Enabled

3/12/2012 3:23:11 AM

mbam-log-2012-03-12 (03-23-11).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 186303

Time elapsed: 3 minute(s), 13 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[my malwarebytes keeps on blocking several ip addresses (type: outgoing)..]

ComboFix 12-03-09.05 - herb 03/10/2012 5:05.2.2 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2335 [GMT 1:00]

Running from: c:\users\herb\Downloads\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

FW: FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-02-10 to 2012-03-10 )))))))))))))))))))))))))))))))

.

.

2012-03-10 04:15 . 2012-03-10 04:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-10 03:11 . 2012-03-10 03:11 -------- d-----w- c:\program files (x86)\BitTorrent

2012-03-10 02:34 . 2012-03-10 02:34 -------- d-----w- c:\programdata\Malwarebytes

2012-03-10 02:34 . 2012-03-10 02:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-10 02:34 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-10 02:26 . 2012-03-10 02:26 -------- d-----w- c:\program files (x86)\Webteh

2012-03-09 23:34 . 2012-03-09 23:34 0 ----a-w- c:\windows\ativpsrm.bin

2012-03-09 23:31 . 2012-03-09 23:36 -------- d-----w- c:\windows\Panther

2012-03-09 23:31 . 2012-03-09 18:20 -------- d-----w- C:\Boot

2012-03-09 19:00 . 2012-03-09 19:00 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-09 19:00 . 2012-03-09 19:00 -------- d-----w- c:\windows\SysWow64\Macromed

2012-03-09 19:00 . 2012-03-09 19:00 -------- d-----w- c:\windows\system32\Macromed

2012-03-09 18:40 . 2012-03-09 18:40 -------- d-----w- c:\programdata\Avira

2012-03-09 18:40 . 2012-03-09 18:40 -------- d-----w- c:\program files (x86)\Avira

2012-03-09 18:40 . 2011-10-11 13:53 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2012-03-09 18:40 . 2011-10-11 13:53 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-03-09 18:40 . 2011-10-11 13:53 139512 ----a-w- c:\windows\system32\drivers\avfwot.sys

2012-03-09 18:40 . 2011-10-11 13:53 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-03-09 18:40 . 2011-10-11 13:53 113768 ----a-w- c:\windows\system32\drivers\avfwim.sys

2012-03-09 17:33 . 2012-03-09 17:33 -------- d-----w- c:\windows\system32\SPReview

2012-03-09 17:32 . 2012-03-09 17:32 -------- d-----w- c:\windows\system32\EventProviders

2012-03-09 17:20 . 2010-11-20 13:27 244224 ----a-w- c:\windows\system32\spp.dll

2012-03-09 17:19 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll

2012-03-09 17:19 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll

2012-03-09 17:19 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll

2012-03-09 17:19 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll

2012-03-09 17:18 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll

2012-03-09 17:18 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll

2012-03-09 17:18 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll

2012-03-09 17:15 . 2012-03-09 17:15 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd

2012-03-09 17:14 . 2012-03-09 17:14 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2012-03-09 17:14 . 2012-03-09 17:17 -------- d-----w- c:\programdata\Logishrd

2012-03-09 17:14 . 2012-03-09 17:14 -------- d-----w- c:\program files\Logitech

2012-03-09 17:03 . 2012-03-09 17:14 -------- d-----w- c:\program files\Common Files\Logishrd

2012-03-09 16:57 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-03-09 16:57 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll

2012-03-09 16:57 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll

2012-03-09 16:57 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys

2012-03-09 16:57 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys

2012-03-09 16:57 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys

2012-03-09 16:57 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys

2012-03-09 16:57 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys

2012-03-09 16:57 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys

2012-03-09 16:57 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe

2012-03-09 16:57 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe

2012-03-09 16:56 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2012-03-09 16:56 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2012-03-09 16:56 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys

2012-03-09 16:56 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2012-03-09 16:56 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2012-03-09 16:56 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2012-03-09 16:56 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys

2012-03-09 16:21 . 2012-03-09 16:21 -------- d-----w- c:\program files (x86)\Microsoft.NET

2012-03-09 16:05 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll

2012-03-09 16:05 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-09 16:05 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll

2012-03-09 16:05 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-09 16:05 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2012-03-09 15:49 . 2012-03-09 15:49 -------- d-----w- c:\program files (x86)\uTorrent

2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\programdata\ATI

2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\programdata\AMD

2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files (x86)\AMD AVT

2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files (x86)\AMD APP

2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files\Common Files\ATI Technologies

2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2012-03-09 15:44 . 2012-03-09 15:44 -------- d-----w- c:\program files (x86)\ATI Technologies

2012-03-09 15:44 . 2012-03-09 15:44 -------- d-----w- c:\program files\ATI

2012-03-09 15:44 . 2012-03-09 15:46 -------- d-----w- c:\program files\ATI Technologies

2012-03-09 15:43 . 2012-03-09 15:43 -------- d-----w- C:\AMD

2012-03-09 15:32 . 2012-02-23 08:18 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-03-09 15:10 . 2012-03-01 12:21 8643640 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C71759E0-5BC3-4538-997B-F17AFD634FED}\mpengine.dll

2012-03-09 15:09 . 2012-03-09 15:09 -------- d-----w- c:\program files\Ventrilo

2012-03-09 15:07 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe

2012-03-09 14:56 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-03-09 14:56 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-03-09 14:43 . 2012-03-09 14:43 -------- d-----w- c:\users\herb

2012-03-09 14:40 . 2012-03-09 14:40 -------- d-----w- C:\Recovery

2012-02-15 03:48 . 2012-02-15 03:48 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-02-15 03:21 . 2012-02-15 03:21 25839104 ----a-w- c:\windows\system32\atio6axx.dll

2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2012-02-15 03:18 . 2012-02-15 03:18 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-02-15 03:17 . 2012-02-15 03:17 957952 ----a-w- c:\windows\system32\aticfx64.dll

2012-02-15 03:13 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-02-15 03:13 . 2012-02-15 03:13 496128 ----a-w- c:\windows\system32\atieclxx.exe

2012-02-15 03:13 . 2012-02-15 03:13 235520 ----a-w- c:\windows\system32\atiesrxx.exe

2012-02-15 03:11 . 2012-02-15 03:11 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-02-15 03:10 . 2012-02-15 03:10 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-02-15 03:07 . 2012-02-15 03:07 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-02-15 02:41 . 2012-02-15 02:41 1113088 ----a-w- c:\windows\system32\atiumd6v.dll

2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll

2012-02-15 02:40 . 2012-02-15 02:40 4958208 ----a-w- c:\windows\system32\atiumd6a.dll

2012-02-15 02:34 . 2012-02-15 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-02-15 02:34 . 2012-02-15 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-02-15 02:34 . 2012-02-15 02:34 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-02-15 02:34 . 2012-02-15 02:34 13859840 ----a-w- c:\windows\system32\aticaldd64.dll

2012-02-15 02:29 . 2012-02-15 02:29 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-02-15 02:25 . 2012-02-15 02:25 7551488 ----a-w- c:\windows\system32\atiumd64.dll

2012-02-15 02:16 . 2012-02-15 02:16 58880 ----a-w- c:\windows\system32\coinst.dll

2012-02-15 02:14 . 2012-02-15 02:14 512000 ----a-w- c:\windows\system32\atiadlxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-02-15 02:13 . 2012-02-15 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll

2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-02-15 02:12 . 2012-02-15 02:12 43008 ----a-w- c:\windows\system32\atiuxp64.dll

2012-02-15 02:12 . 2012-02-15 02:12 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-02-15 02:12 . 2012-02-15 02:12 39936 ----a-w- c:\windows\system32\atiu9p64.dll

2012-02-15 02:12 . 2012-02-15 02:12 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll

2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll

2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2012-02-14 21:05 . 2012-02-14 21:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-02-14 21:05 . 2012-02-14 21:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-02-14 21:05 . 2012-02-14 21:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll

2012-02-14 21:05 . 2012-02-14 21:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-09 18:12 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2012-03-09 18:12 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2012-02-15 02:52 . 2009-07-13 21:59 7646208 ----a-w- c:\windows\system32\atidxx64.dll

2012-01-31 05:02 . 2012-01-31 05:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll

2012-01-31 05:00 . 2012-01-31 05:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-03-10_03.44.41 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-03-10 04:14 . 2012-03-10 04:14 66048 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\a9a494047cfbd13fd4a155c77a258a0a\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper.ni.dll

+ 2012-03-10 04:14 . 2012-03-10 04:14 64000 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\90b3ba2f1de795690641228b63586965\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.ni.dll

+ 2012-03-10 04:13 . 2012-03-10 04:13 65536 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\f8f0b08845fb76dfcf57e00d86fc13fc\Microsoft.MediaCenter.iTv.Hosting.ni.dll

+ 2012-03-10 04:13 . 2012-03-10 04:13 49664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUPnP\50cda8ab4cd566b222342c3da14302d3\ehiUPnP.ni.dll

+ 2012-03-10 04:13 . 2012-03-10 04:13 93184 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiTVMSMusic\4089bf2cec6e1a1539076c5bd6d95ce7\ehiTVMSMusic.ni.dll

+ 2012-03-10 04:12 . 2012-03-10 04:12 28672 c:\windows\assembly\NativeImages_v2.0.50727_64\dfsvc\7de9a8137a33d06dad01c8405d960037\dfsvc.ni.exe

+ 2012-03-10 04:10 . 2012-03-10 04:10 33280 c:\windows\assembly\NativeImages_v2.0.50727_64\AuditPolicyGPManage#\320d4f45d6463976ce238f654e706926\AuditPolicyGPManagedStubs.Interop.ni.dll

+ 2012-03-10 03:49 . 2012-03-10 03:49 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\94a173b39fa90956937b41c775ac66d7\dfsvc.ni.exe

+ 2012-03-10 04:12 . 2012-03-10 04:12 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\9880905a6fde778e564adf54b2afbaa5\System.Messaging.ni.dll

+ 2012-03-10 04:12 . 2012-03-10 04:12 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\2ba95581264a766410a6dbbe767c5ed8\System.IdentityModel.Selectors.ni.dll

+ 2012-03-10 04:12 . 2012-03-10 04:12 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\823bd996cb5aefd6c2b2fa7e19e0ef40\SMDiagnostics.ni.dll

+ 2012-03-10 04:15 . 2012-03-10 04:15 376832 c:\windows\assembly\NativeImages_v2.0.50727_64\SecurityAuditPolici#\b92e9816d6f35ffb11dc27e00dfa9f98\SecurityAuditPoliciesSnapIn.ni.dll

+ 2012-03-10 04:14 . 2012-03-10 04:14 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\b94e1c9115d8e37e734b27b48f54d236\MMCFxCommon.ni.dll

+ 2012-03-10 04:15 . 2012-03-10 04:15 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\cb1c199305d00b2424e707311eb9dcfd\Microsoft.Vsa.ni.dll

+ 2012-03-10 04:14 . 2012-03-10 04:14 235008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\593d4852da5730b2745a902cb765bf9b\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.ni.dll

+ 2012-03-10 04:14 . 2012-03-10 04:14 275456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\2bd4bf486059581106a5d16bd9fe853f\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager.ni.dll

+ 2012-03-10 04:16 . 2012-03-10 04:16 416768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\99bb7896ddbe74236efaa97733c63cbc\Microsoft.PowerShell.Commands.Diagnostics.ni.dll

+ 2012-03-10 04:13 . 2012-03-10 04:13 522240 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\ddd2f252bea1cce14bb498257992635a\Microsoft.MediaCenter.Interop.ni.dll

+ 2012-03-10 04:15 . 2012-03-10 04:15 164864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\cf9be66d53dddbf49b75cead76ef3cea\Microsoft.MediaCenter.Mheg.ni.dll

+ 2012-03-10 04:13 . 2012-03-10 04:13 152576 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\a743124afb874ab00d713ab50a7d850d\Microsoft.MediaCenter.ITVVM.ni.dll

+ 2012-03-10 04:14 . 2012-03-10 04:14 219648 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\7de5318ee2be8e2b8fcffde83c79ab7c\Microsoft.MediaCenter.iTv.Media.ni.dll

+ 2012-03-10 04:13 . 2012-03-10 04:13 370176 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\55172dec8f1353d1a8d9cdc4c0b9fac0\Microsoft.MediaCenter.Playback.ni.dll

+ 2012-03-10 04:13 . 2012-03-10 04:13 965632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\5495e7eca3dac7eee473e30a3611f178\Microsoft.MediaCenter.Sports.ni.dll

+ 2012-03-10 04:14 . 2012-03-10 04:14 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\35ce662c1368782ede0852134106ea43\Microsoft.MediaCenter.iTv.ni.dll

+ 2012-03-10 04:14 . 2012-03-10 04:14 798720 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\505549b05e5c3ceccd26ad9c398381e8\Microsoft.ManagementConsole.ni.dll

+ 2012-03-10 04:15 . 2012-03-10 04:15 618496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.GroupPoli#\b232ba7650e5449bb5dfa5c1818763ef\Microsoft.GroupPolicy.AdmTmplEditor.ni.dll

+ 2012-03-10 04:15 . 2012-03-10 04:15 399360 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.GroupPoli#\6380c4a4aa90e1047f6b160077983dbb\Microsoft.GroupPolicy.Interop.ni.dll

+ 2012-03-10 04:15 . 2012-03-10 04:15 244736 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\f356844d3667b88d03bde2ae524659b6\Microsoft.Build.Utilities.v3.5.ni.dll

+ 2012-03-10 04:15 . 2012-03-10 04:15 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\86f7fa65013864ae7da2fba058199dae\Microsoft.Build.Utilities.ni.dll

+ 2012-03-10 04:15 . 2012-03-10 04:15 142336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\9f5bcff6a0b169efa6b607efd8789ea9\Microsoft.Build.Framework.ni.dll

+ 2012-03-10 04:15 . 2012-03-10 04:15 121344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\0ef8fa5e835e9ae9fd9a20e5d5058460\Microsoft.Build.Framework.ni.dll

+ 2012-03-10 04:14 . 2012-03-10 04:14 423424 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Applicati#\6a6fa7724d13030a9e6fa097b8bf2e81\Microsoft.ApplicationId.Framework.ni.dll

+ 2012-03-10 04:14 . 2012-03-10 04:14 727040 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Applicati#\4ad25d1d04dc7511507cc7c7f2863e65\Microsoft.ApplicationId.RuleWizard.ni.dll

+ 2012-03-10 04:14 . 2012-03-10 04:14 107008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft-Windows-H#\77b758c083ce18f7ff9c262e4f6291e4\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.ni.dll

+ 2012-03-10 04:14 . 2012-03-10 04:14 380928 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\304068df803748d7743a6a4dc344915f\Mcx2Dvcs.ni.dll

+ 2012-03-10 04:14 . 2012-03-10 04:14 547328 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\fb79aad0c745ff7b45151bc58b4dc8e9\mcupdate.ni.exe

+ 2012-03-10 04:13 . 2012-03-10 04:13 533504 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\4a29229fecf805779bee25b756d78a0d\mcstoredb.ni.dll

+ 2012-03-10 04:14 . 2012-03-10 04:14 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\8affc4346a86b80727282966ce58662b\mcplayerinterop.ni.dll

+ 2012-03-10 04:14 . 2012-03-10 04:14 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\756a74d6b322877662a0f6da4bc7d8e6\mcGlidHostObj.ni.dll

+ 2012-03-10 04:14 . 2012-03-10 04:14 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\956ca0e08e881df7f16f7d6d1381f71d\EventViewer.ni.dll

+ 2012-03-10 04:12 . 2012-03-10 04:12 969216 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\307ca4b67db79b05b4781634ea8ec0d7\ehRecObj.ni.dll

+ 2012-03-10 04:13 . 2012-03-10 04:13 661504 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiWUapi\87f11d95ab10469f888fd76c45f9fceb\ehiWUapi.ni.dll

+ 2012-03-10 04:13 . 2012-03-10 04:13 933888 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiwmp\a24c79d19a6d2a3e8ca587ecddd3e735\ehiwmp.ni.dll

+ 2012-03-10 04:12 . 2012-03-10 04:12 145408 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUserXp\0de7a02857c6041bc2c86c1db3ca8c23\ehiUserXp.ni.dll

+ 2012-03-10 04:13 . 2012-03-10 04:13 196096 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiiTv\421eb174f94249cf6a3b9e517baa82f8\ehiiTv.ni.dll

+ 2012-03-10 04:13 . 2012-03-10 04:13 397824 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtens\d5bf6f8e9e3d08d407ed68b714c268ae\ehiExtens.ni.dll

+ 2012-03-10 04:13 . 2012-03-10 04:13 110080 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiBmlDataCarousel\b55c3bb24dda0acda2bc332cc3016f75\ehiBmlDataCarousel.ni.dll

+ 2012-03-10 04:13 . 2012-03-10 04:13 125440 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiActivScp\fa493e64ca63def1a404a0d4b44cdefc\ehiActivScp.ni.dll

+ 2012-03-10 04:12 . 2012-03-10 04:12 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\5f53457f49927ecf00156d20466cc5a6\ehExtHost.ni.exe

+ 2012-03-10 04:12 . 2012-03-10 04:12 313856 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\b49168b11f5f60ddafed2ab1fdd4540f\ehCIR.ni.dll

+ 2012-03-10 04:12 . 2012-03-10 04:12 348672 c:\windows\assembly\NativeImages_v2.0.50727_64\CustomMarshalers\1e040217cf674c6cf528fbfe18c4c2f8\CustomMarshalers.ni.dll

+ 2012-03-10 04:10 . 2012-03-10 04:10 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\f2808fb3389d3e28e2b0223dcd654e02\ComSvcConfig.ni.exe

+ 2012-03-10 04:10 . 2012-03-10 04:10 971264 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\45af2aab82a69a1a6fe0f7cef4024673\BDATunePIA.ni.dll

+ 2012-03-10 03:49 . 2012-03-10 03:49 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\a717cdb44ec0d3238c621efa420a9956\System.Messaging.ni.dll

+ 2012-03-10 03:49 . 2012-03-10 03:49 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\8b0dc9405f292a93ddd52eb76bb88169\System.IdentityModel.Selectors.ni.dll

+ 2012-03-10 03:48 . 2012-03-10 03:48 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\281b67b96a2dd473dad4d222da0ca514\SMDiagnostics.ni.dll

+ 2012-03-10 03:49 . 2012-03-10 03:49 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\6a07aa6df4d45d1485b6a2749647a3aa\ehExtHost32.ni.exe

+ 2012-03-10 03:49 . 2012-03-10 03:49 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\2c2215e99c21daeec6bf697cf7bcf103\CustomMarshalers.ni.dll

+ 2012-03-10 04:12 . 2012-03-10 04:12 3073536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\f99728bbb535157b904873158379dc67\System.Runtime.Serialization.ni.dll

+ 2012-03-10 04:15 . 2012-03-10 04:15 1472000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\6860203a3f244d4c6b89ff38a9c9cadb\System.Management.ni.dll

+ 2012-03-10 04:12 . 2012-03-10 04:12 1444352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\3fae8a8515a716f1fae4a64a7f2a4b05\System.IdentityModel.ni.dll

+ 2012-03-10 04:16 . 2012-03-10 04:16 3315200 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\9e59bc2c8cf98cd315468ca01f68663c\System.Core.ni.dll

+ 2012-03-10 04:14 . 2012-03-10 04:14 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\77c418992d39a8c1ce569194f9b1ff1e\MIGUIControls.ni.dll

+ 2012-03-10 04:12 . 2012-03-10 04:12 1598976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\11bd9381aca79215bc01b45a5e7bddce\Microsoft.Transactions.Bridge.ni.dll

+ 2012-03-10 04:16 . 2012-03-10 04:16 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\8d5a4862d0e61fdd2e958fc989df3cca\Microsoft.PowerShell.Commands.Utility.ni.dll

+ 2012-03-10 04:16 . 2012-03-10 04:16 1131008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\09516cb547f50c165051c5512c0770d3\Microsoft.PowerShell.Commands.Management.ni.dll

+ 2012-03-10 04:12 . 2012-03-10 04:12 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\d7d03c116e282c198f398652dbddc074\Microsoft.MediaCenter.ni.dll

+ 2012-03-10 04:12 . 2012-03-10 04:12 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\bf5f76b58c88f17410effc17059685a8\Microsoft.MediaCenter.UI.ni.dll

+ 2012-03-10 04:13 . 2012-03-10 04:13 1142784 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\b54d398a06452904630482f2f83d21dd\Microsoft.MediaCenter.Shell.ni.dll

+ 2012-03-10 04:13 . 2012-03-10 04:13 1170432 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\5f69561da0086365718db46e1172d204\Microsoft.MediaCenter.TV.Tuners.Interop.ni.dll

+ 2012-03-10 04:15 . 2012-03-10 04:15 3213312 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\551b383e39b9fedb84e25c9fc7d763ee\Microsoft.JScript.ni.dll

+ 2012-03-10 04:15 . 2012-03-10 04:15 5054976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.GroupPoli#\7c9b82506032312a1cbc644fffa73b17\Microsoft.GroupPolicy.Reporting.ni.dll

+ 2012-03-10 04:15 . 2012-03-10 04:15 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\4ccd2dddff73b52cd77ecaed30075b09\Microsoft.Build.Tasks.ni.dll

+ 2012-03-10 04:15 . 2012-03-10 04:15 2682880 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\35cee0a531b3136b21b2c7e2ff56b5eb\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2012-03-10 04:15 . 2012-03-10 04:15 2544640 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\a22f83fa561173b77ee1215e0dfd7a76\Microsoft.Build.Engine.ni.dll

+ 2012-03-10 04:15 . 2012-03-10 04:15 1137152 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\5cd9b4020f38edbdc2718884fe3e68f0\Microsoft.Build.Engine.ni.dll

+ 2012-03-10 04:13 . 2012-03-10 04:13 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\0217b5f9a72020bee3d0291bbae125ff\mcstore.ni.dll

+ 2012-03-10 04:13 . 2012-03-10 04:13 4088320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcepg\905166e37a4a5f45a7d1672fb756d96e\mcepg.ni.dll

+ 2012-03-10 04:13 . 2012-03-10 04:13 2165248 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\e6a702f8ccd27dcdcf09008531ab40e5\ehiVidCtl.ni.dll

+ 2012-03-10 04:12 . 2012-03-10 04:12 1201664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\17d0b71391bf67c5a663b140b9a7a936\ehiProxy.ni.dll

+ 2012-03-10 03:49 . 2012-03-10 03:49 2347008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bc96c5c6e644452270ff7c3d066ff713\System.Runtime.Serialization.ni.dll

+ 2012-03-10 03:49 . 2012-03-10 03:49 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\d939fca96c3645bb8806ea8ae43cc0ca\System.IdentityModel.ni.dll

+ 2012-03-10 03:49 . 2012-03-10 03:49 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1a6921bcfb8ade6652efb9f095b275f1\Microsoft.Transactions.Bridge.ni.dll

+ 2012-03-10 03:49 . 2012-03-10 03:49 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\03d64144ed3ea21cbeea0c872ece14b6\Microsoft.MediaCenter.ni.dll

+ 2012-03-10 04:11 . 2012-03-10 04:11 23913984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\0b51b0626d95de7446d132c73edd77cc\System.ServiceModel.ni.dll

+ 2012-03-10 04:16 . 2012-03-10 04:16 11900928 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\e18dbed9e34d7d56cc7e2f683de12237\System.Management.Automation.ni.dll

+ 2012-03-10 04:14 . 2012-03-10 04:14 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\089d0fee0e702f9b9a611f761cb3bd8a\ehshell.ni.dll

+ 2012-03-10 03:48 . 2012-03-10 03:48 17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\b74950292d5681795d9d2c1a72a79952\System.ServiceModel.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2012-03-10 6410096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

c:\users\herb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 X6va006;X6va006;c:\users\herb\AppData\Local\Temp\006BD59.tmp [x]

S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2011-10-11 616400]

S2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-10-11 342480]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]

S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-10-11 463824]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]

S3 SaiH8000;SaiH8000;c:\windows\system32\DRIVERS\SaiH8000.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3638853225-1990997699-2437280156-1000Core.job

- c:\users\herb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09 14:48]

.

2012-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3638853225-1990997699-2437280156-1000UA.job

- c:\users\herb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09 14:48]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 192.168.1.1

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]

"ImagePath"="\??\c:\users\herb\AppData\Local\Temp\006BD59.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-03-10 05:34:17

ComboFix-quarantined-files.txt 2012-03-10 04:34

ComboFix2.txt 2012-03-10 04:00

.

Pre-Run: 25,204,334,592 bytes free

Post-Run: 24,410,750,976 bytes free

.

- - End Of File - - 12F900DCF776031FEE00EAABF0B9F6AE

[my malwarebytes keeps on blocking several ip addresses (type: outgoing)..]

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by herb at 21:31:06 on 2012-03-11

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2839 [GMT 1:00]

.

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\BitTorrent\BitTorrent.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Users\herb\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\herb\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\herb\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [bitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AMLDEV~1.LNK - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{52A2726C-FD97-421D-9203-CBD2DA6A5A85} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{6AC69217-9567-4CB4-BFFF-1AF9454FE20C} : DhcpNameServer = 192.168.1.1

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

============= SERVICES / DRIVERS ===============

.

R1 avfwot;avfwot;C:\Windows\system32\DRIVERS\avfwot.sys --> C:\Windows\system32\DRIVERS\avfwot.sys [?]

R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AntiVirFirewallService;Avira FireWall;C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2012-3-9 616400]

R2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-3-9 342480]

R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-3-9 86224]

R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-3-9 110032]

R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2012-3-9 463824]

R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-10 652360]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 avfwim;AvFw Packet Filter Miniport;C:\Windows\system32\DRIVERS\avfwim.sys --> C:\Windows\system32\DRIVERS\avfwim.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]

R3 SaiH8000;SaiH8000;C:\Windows\system32\DRIVERS\SaiH8000.sys --> C:\Windows\system32\DRIVERS\SaiH8000.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 RTL8187B;Belkin Wireless G USB Network Adapter;C:\Windows\system32\DRIVERS\rtl8187B.sys --> C:\Windows\system32\DRIVERS\rtl8187B.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

.

=============== Created Last 30 ================

.

2012-03-11 19:39:47 388096 ----a-r- C:\Users\herb\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-03-11 19:39:46 -------- d-----w- C:\Program Files (x86)\ht

2012-03-11 17:52:31 -------- d-sh--w- C:\$RECYCLE.BIN

2012-03-11 15:15:24 -------- d-----w- C:\CFLog

2012-03-10 14:49:25 446976 ----a-w- C:\Windows\System32\drivers\rtl8187B.sys

2012-03-10 14:49:25 446976 ----a-w- C:\Windows\system\rtl8187B.sys

2012-03-10 14:49:25 -------- d-----w- C:\Windows\OPTIONS

2012-03-10 14:48:53 451072 ----a-w- C:\Windows\SysWow64\ISSRemoveSP.exe

2012-03-10 14:48:53 -------- d-----w- C:\Program Files (x86)\Belkin

2012-03-10 14:10:36 -------- d-----w- C:\Users\herb\AppData\Local\NFS Underground 2

2012-03-10 13:47:14 -------- d-----w- C:\Program Files (x86)\ESET

2012-03-10 03:32:29 98816 ----a-w- C:\Windows\sed.exe

2012-03-10 03:32:29 518144 ----a-w- C:\Windows\SWREG.exe

2012-03-10 03:32:29 256000 ----a-w- C:\Windows\PEV.exe

2012-03-10 03:32:29 208896 ----a-w- C:\Windows\MBR.exe

2012-03-10 03:11:36 -------- d-----w- C:\Program Files (x86)\BitTorrent

2012-03-10 03:10:27 -------- d-----w- C:\Users\herb\AppData\Roaming\BitTorrent

2012-03-10 02:34:25 -------- d-----w- C:\Users\herb\AppData\Roaming\Malwarebytes

2012-03-10 02:34:18 -------- d-----w- C:\ProgramData\Malwarebytes

2012-03-10 02:34:17 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-10 02:34:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-03-10 02:26:48 -------- d-----w- C:\Users\herb\AppData\Roaming\BSplayer PRO

2012-03-10 02:26:47 -------- d-----w- C:\Program Files (x86)\Webteh

2012-03-09 23:34:15 0 ----a-w- C:\Windows\ativpsrm.bin

2012-03-09 23:31:36 -------- d-----w- C:\Windows\Panther

2012-03-09 23:31:22 -------- d-----w- C:\Boot

2012-03-09 19:00:46 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-09 18:40:47 -------- d-----w- C:\Users\herb\AppData\Roaming\Avira

2012-03-09 18:40:12 97312 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

2012-03-09 18:40:12 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys

2012-03-09 18:40:12 139512 ----a-w- C:\Windows\System32\drivers\avfwot.sys

2012-03-09 18:40:12 113768 ----a-w- C:\Windows\System32\drivers\avfwim.sys

2012-03-09 18:40:12 -------- d-----w- C:\ProgramData\Avira

2012-03-09 18:40:12 -------- d-----w- C:\Program Files (x86)\Avira

2012-03-09 17:33:04 -------- d-----w- C:\Windows\System32\SPReview

2012-03-09 17:32:46 -------- d-----w- C:\Windows\System32\EventProviders

2012-03-09 17:20:59 762880 ----a-w- C:\Windows\SysWow64\azroles.dll

2012-03-09 17:19:56 189952 ----a-w- C:\Windows\SysWow64\sqmapi.dll

2012-03-09 17:19:49 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll

2012-03-09 17:19:49 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll

2012-03-09 17:19:49 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll

2012-03-09 17:18:54 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2012-03-09 17:18:54 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll

2012-03-09 17:18:50 244736 ----a-w- C:\Windows\System32\sqmapi.dll

2012-03-09 17:15:02 53248 ----a-r- C:\Users\herb\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2012-03-09 17:14:54 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys

2012-03-09 16:56:54 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys

2012-03-09 16:56:54 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2012-03-09 16:56:54 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys

2012-03-09 16:56:53 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys

2012-03-09 16:56:53 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys

2012-03-09 16:56:53 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys

2012-03-09 16:56:53 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys

2012-03-09 16:05:55 1139200 ----a-w- C:\Windows\System32\FntCache.dll

2012-03-09 16:05:54 902656 ----a-w- C:\Windows\System32\d2d1.dll

2012-03-09 16:05:54 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2012-03-09 16:05:54 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-03-09 16:05:54 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-03-09 15:49:36 -------- d-----w- C:\Program Files (x86)\uTorrent

2012-03-09 15:49:16 -------- d-----w- C:\Users\herb\AppData\Roaming\uTorrent

2012-03-09 15:46:44 -------- d-----w- C:\Users\herb\AppData\Local\ATI

2012-03-09 15:46:33 -------- d-----w- C:\ProgramData\AMD

2012-03-09 15:46:32 -------- d-----w- C:\Program Files (x86)\AMD AVT

2012-03-09 15:46:30 -------- d-----w- C:\Program Files (x86)\AMD APP

2012-03-09 15:46:24 -------- d-----w- C:\Program Files\Common Files\ATI Technologies

2012-03-09 15:46:24 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies

2012-03-09 15:44:54 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2012-03-09 15:44:50 -------- d-----w- C:\Program Files\ATI

2012-03-09 15:44:12 -------- d-----w- C:\Program Files\ATI Technologies

2012-03-09 15:43:28 -------- d-----w- C:\AMD

2012-03-09 15:32:53 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-03-09 15:10:20 8643640 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C71759E0-5BC3-4538-997B-F17AFD634FED}\mpengine.dll

2012-03-09 15:09:11 -------- d-----w- C:\Program Files\Ventrilo

2012-03-09 15:07:55 2871808 ----a-w- C:\Windows\explorer.exe

2012-03-09 14:56:44 77312 ----a-w- C:\Windows\System32\packager.dll

2012-03-09 14:56:44 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2012-03-09 14:48:35 -------- d-----w- C:\Users\herb\AppData\Local\Google

2012-03-09 14:48:22 -------- d-----w- C:\Users\herb\AppData\Local\Deployment

2012-03-09 14:48:22 -------- d-----w- C:\Users\herb\AppData\Local\Apps

2012-03-09 14:47:23 -------- d-----w- C:\Users\herb\AppData\Local\Diagnostics

2012-03-09 14:40:26 -------- d-----w- C:\Recovery

2012-02-15 03:48:32 10856960 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2012-02-15 03:21:24 25839104 ----a-w- C:\Windows\System32\atio6axx.dll

2012-02-15 03:18:56 159744 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-02-15 03:18:40 791040 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2012-02-15 03:17:04 957952 ----a-w- C:\Windows\System32\aticfx64.dll

2012-02-15 03:13:56 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2012-02-15 03:13:40 496128 ----a-w- C:\Windows\System32\atieclxx.exe

2012-02-15 03:13:00 235520 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-02-15 03:11:42 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-02-15 03:10:58 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-02-15 03:10:54 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2012-02-15 03:10:48 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2012-02-15 03:07:44 6200320 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2012-02-15 02:58:56 19392000 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-02-15 02:41:28 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll

2012-02-15 02:40:54 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll

2012-02-15 02:40:42 4958208 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-02-15 02:34:56 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2012-02-15 02:34:54 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-02-15 02:34:46 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-02-15 02:34:44 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2012-02-15 02:34:36 5954048 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-02-15 02:34:30 13859840 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-02-15 02:29:52 5062656 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2012-02-15 02:29:50 11561984 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2012-02-15 02:25:06 7551488 ----a-w- C:\Windows\System32\atiumd64.dll

2012-02-15 02:16:38 58880 ----a-w- C:\Windows\System32\coinst.dll

2012-02-15 02:14:00 512000 ----a-w- C:\Windows\System32\atiadlxx.dll

2012-02-15 02:13:50 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2012-02-15 02:13:36 17408 ----a-w- C:\Windows\System32\atig6pxx.dll

2012-02-15 02:13:32 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2012-02-15 02:13:32 14336 ----a-w- C:\Windows\System32\atiglpxx.dll

2012-02-15 02:13:28 39936 ----a-w- C:\Windows\System32\atig6txx.dll

2012-02-15 02:13:20 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2012-02-15 02:13:12 327680 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2012-02-15 02:12:22 43008 ----a-w- C:\Windows\System32\atiuxp64.dll

2012-02-15 02:12:14 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2012-02-15 02:12:08 39936 ----a-w- C:\Windows\System32\atiu9p64.dll

2012-02-15 02:12:00 30208 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2012-02-15 02:11:22 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\atimpc64.dll

2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\amdpcom64.dll

2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2012-02-14 21:05:32 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-02-14 21:05:26 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-02-14 21:05:20 61952 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-02-14 21:05:16 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-02-14 21:05:08 16507904 ----a-w- C:\Windows\System32\amdocl64.dll

2012-02-14 21:04:26 13238272 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-02-14 21:03:44 54272 ----a-w- C:\Windows\System32\OpenCL.dll

2012-02-14 21:03:38 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll

.

==================== Find3M ====================

.

2012-03-09 18:12:49 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2012-03-09 18:12:48 175616 ----a-w- C:\Windows\System32\msclmd.dll

2012-02-15 02:52:28 7646208 ----a-w- C:\Windows\System32\atidxx64.dll

2012-01-31 05:02:26 21504 ----a-w- C:\Windows\System32\kdbsdk64.dll

2012-01-31 05:00:24 16896 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll

2012-01-14 04:06:27 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl

2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys

2011-12-16 08:46:06 634880 ----a-w- C:\Windows\System32\msvcrt.dll

2011-12-16 07:52:58 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll

2011-12-13 17:27:30 4718952 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys

2011-12-13 15:58:20 1560168 ----a-w- C:\Windows\System32\RTSnMg64.cpl

2011-12-13 10:01:00 1698408 ----a-w- C:\Windows\RtlExUpd.dll

.

============= FINISH: 21:31:52.51 ===============

[my malwarebytes keeps on blocking several ip addresses (type: outgoing)..]

please help me.. im not good at computer stuffs and im kinda worried.. my malwarebytes keeps on blocking several ip addresses (type: outgoing).. what does this means? is someone trying to hack my system? but i ran anti virus and anti malware and it seems okay... do i need to do further action? did i miss something? please instruct me what to do... your help would be highly appreciated. Thanks

2012/03/11 03:01:44 +0100 HERB-PC herb IP-BLOCK 212.36.9.157 (Type: outgoing, Port: 59238, Process: avwebgrd.exe)

2012/03/11 03:01:44 +0100 HERB-PC herb IP-BLOCK 212.36.9.157 (Type: outgoing, Port: 59239, Process: avwebgrd.exe)

2012/03/11 03:01:44 +0100 HERB-PC herb IP-BLOCK 212.36.9.157 (Type: outgoing, Port: 59241, Process: avwebgrd.exe)

2012/03/11 03:08:32 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 60750, Process: avwebgrd.exe)

2012/03/11 03:34:34 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 63141, Process: avwebgrd.exe)

2012/03/11 03:44:43 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 64209, Process: avwebgrd.exe)

2012/03/11 03:45:23 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 03:45:31 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 03:45:31 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 64348, Process: bittorrent.exe)

2012/03/11 03:45:40 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 03:47:00 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 64498, Process: bittorrent.exe)

2012/03/11 03:47:16 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 03:47:16 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 03:51:25 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 03:51:25 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 64780, Process: bittorrent.exe)

2012/03/11 03:51:33 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 03:57:02 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 65192, Process: avwebgrd.exe)

2012/03/11 03:57:10 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 03:57:27 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 03:57:27 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 65298, Process: bittorrent.exe)

2012/03/11 03:57:27 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 03:58:07 +0100 HERB-PC herb IP-BLOCK 195.216.189.66 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 03:58:23 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 03:58:23 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 65355, Process: bittorrent.exe)

2012/03/11 03:58:31 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 03:59:35 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 65389, Process: bittorrent.exe)

2012/03/11 04:00:00 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 04:00:08 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 04:07:13 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 49171, Process: avwebgrd.exe)

2012/03/11 04:14:01 +0100 HERB-PC herb IP-BLOCK 218.7.226.66 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 04:27:30 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 49424, Process: avwebgrd.exe)

2012/03/11 04:59:40 +0100 HERB-PC herb IP-BLOCK 94.102.56.139 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 05:07:33 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 50100, Process: avwebgrd.exe)

2012/03/11 05:14:37 +0100 HERB-PC herb IP-BLOCK 89.28.98.66 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 06:15:12 +0100 HERB-PC herb IP-BLOCK 203.93.109.188 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 06:15:20 +0100 HERB-PC herb IP-BLOCK 79.135.149.98 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 06:27:45 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 50751, Process: avwebgrd.exe)

2012/03/11 06:44:10 +0100 HERB-PC herb IP-BLOCK 195.161.7.1 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 07:59:09 +0100 HERB-PC herb IP-BLOCK 46.182.104.43 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 08:31:35 +0100 HERB-PC herb IP-BLOCK 61.139.126.180 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 09:04:36 +0100 HERB-PC herb IP-BLOCK 61.139.126.180 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 09:06:04 +0100 HERB-PC herb IP-BLOCK 91.188.46.33 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 09:07:48 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 52497, Process: avwebgrd.exe)

2012/03/11 09:18:05 +0100 HERB-PC herb IP-BLOCK 194.165.0.8 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 09:33:01 +0100 HERB-PC herb IP-BLOCK 46.182.104.43 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 09:49:02 +0100 HERB-PC herb IP-BLOCK 91.188.33.97 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 10:02:39 +0100 HERB-PC herb IP-BLOCK 80.67.13.105 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 11:18:34 +0100 HERB-PC herb IP-BLOCK 212.117.179.122 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 11:18:34 +0100 HERB-PC herb IP-BLOCK 222.65.100.98 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 11:48:43 +0100 HERB-PC herb IP-BLOCK 213.186.119.120 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 11:58:59 +0100 HERB-PC herb IP-BLOCK 89.28.6.125 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 14:01:21 +0100 HERB-PC herb IP-BLOCK 218.7.16.117 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 14:28:19 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 57242, Process: avwebgrd.exe)

2012/03/11 14:45:56 +0100 HERB-PC herb IP-BLOCK 58.241.117.105 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 15:13:17 +0100 HERB-PC herb IP-BLOCK 31.31.77.117 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 15:29:34 +0100 HERB-PC herb IP-BLOCK 121.125.133.24 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 15:44:07 +0100 HERB-PC herb IP-BLOCK 89.28.40.246 (Type: outgoing, Port: 50738, Process: bittorrent.exe)