[mbam blocks outgoing svchost.exe connection to bosnia]

Hi Gringo,

Thank you very much for providing me with your expert support. I have been reading more about internet security because of your tips. I've decided to further enhance my system's security software. I'm currently contemplating about purchasing MBAM Pro. Anyway, once again thank you very much. Your assistance is much appreciated. Please go ahead and close this thread.

Best Regards,

The Communicator

[mbam blocks outgoing svchost.exe connection to bosnia]

So far so good, nothing was found!

[mbam blocks outgoing svchost.exe connection to bosnia]

svchost.exe doesn't try to access potentially malicious IPs anymore according to MBAM. Today's the last day of the trial I hope it doesnt come back til I get the pro version.

Also, would you mind telling me what you found in the other logs? As far as I know there were some registry items detected by adwcleaner, if I understand correctly. Thanks Gringo.

Anyway here are the logs:

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.09.03

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Atong :: ATONG-PC [administrator]

Protection: Enabled

1/9/2013 5:59:06 PM

mbam-log-2013-01-09 (17-59-06).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 219536

Time elapsed: 8 minute(s), 46 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 6:15:59 PM, on 1/9/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Sandboxie\SbieCtrl.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\MSI Afterburner\MSIAfterburner.exe

C:\Program Files\MSI Afterburner\Bundle\OSDServer\RTSS.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\StikyNot.exe

C:\Windows\system32\taskmgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\VideoLAN\VLC\vlc.exe

C:\Windows\notepad.exe

C:\Users\Atong\Desktop\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\taskeng.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL

O2 - BHO: Microsoft SPFS Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe ARM] "c:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe

O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll

O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll

O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL

O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - c:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe

O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

--

End of file - 7139 bytes

[mbam blocks outgoing svchost.exe connection to bosnia]

Also I should mention around two weeks ago my browsers kept playing this song We are the Party by the Ex Girlfriends featuring Lupe Fuentes, in the background. I believe what caused this was running my browser without a script blocker. Tried closing all webpages and restarting both browsers but it wasn't isolated to either firefox or chrome. Ran full scans with avira, super antispyware and mbam. No detections with avira and mbam but super antispyware detected various items and the problem disappeared.

Note: When the problem appeared only avira was installed, it was a time when I just formatted the computer so I haven't installed mbam and sas.

Anyway, here's the log of combofix with the clear java cache script:

ComboFix 13-01-08.01 - Atong 01/09/2013 2:26.2.4 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3071.2113 [GMT 8:00]

Running from: c:\users\Atong\Desktop\ComboFix.exe

Command switches used :: c:\users\Atong\Desktop\CFScript.txt

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-12-08 to 2013-01-08 )))))))))))))))))))))))))))))))

.

.

2013-01-08 18:33 . 2013-01-08 18:33 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-05 23:52 . 2013-01-05 23:52 -------- d-----w- c:\program files\Creative

2013-01-05 23:52 . 2002-06-06 06:38 139264 ----a-w- c:\windows\system32\eax.dll

2013-01-05 23:52 . 1998-10-29 08:45 306688 ----a-w- c:\windows\IsUninst.exe

2013-01-05 22:37 . 2013-01-05 22:47 -------- d-----w- C:\Root

2013-01-05 22:37 . 2013-01-05 22:37 -------- d-----w- c:\program files\Activision

2013-01-01 13:53 . 2013-01-01 13:53 -------- d-----w- c:\program files\Sleeping.Dogs-1.7+North.Point.DLC

2012-12-26 20:15 . 2012-12-26 20:15 -------- d-----w- c:\programdata\Malwarebytes

2012-12-26 20:15 . 2012-12-14 08:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-26 20:15 . 2012-12-28 08:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-12-26 20:12 . 2012-12-26 20:13 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-12-26 20:12 . 2012-12-26 20:12 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-12-25 22:53 . 2010-08-12 03:46 758784 ----a-w- c:\windows\system32\cohelper.dll

2012-12-25 22:53 . 2010-08-09 14:33 11164 ----a-w- c:\windows\system32\drivers\nvphy.bin

2012-12-25 22:50 . 2012-12-25 22:50 -------- d-----w- c:\program files\Microsoft Silverlight

2012-12-25 19:45 . 2012-12-25 19:45 -------- d-----w- c:\program files\Common Files\Steam

2012-12-25 19:45 . 2013-01-08 17:44 -------- d-----w- c:\program files\Steam

2012-12-25 16:30 . 2012-12-25 22:53 -------- d-----w- c:\program files\NVIDIA Corporation

2012-12-25 16:23 . 2012-12-25 16:24 -------- d-----w- c:\program files\FreeArc

2012-12-25 15:56 . 2012-12-25 16:38 -------- d-----w- c:\program files\Mass Effect 3

2012-12-25 14:46 . 2011-03-25 02:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys

2012-12-25 14:46 . 2011-03-25 02:58 284672 ----a-w- c:\windows\system32\drivers\usbport.sys

2012-12-25 14:46 . 2011-03-25 02:58 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2012-12-25 14:46 . 2011-03-25 02:57 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys

2012-12-25 14:46 . 2011-03-25 02:57 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys

2012-12-25 14:46 . 2011-03-25 02:57 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2012-12-25 14:46 . 2011-03-25 02:57 5888 ----a-w- c:\windows\system32\drivers\usbd.sys

2012-12-25 14:41 . 2011-03-11 05:39 148864 ----a-w- c:\windows\system32\drivers\storport.sys

2012-12-25 14:41 . 2011-03-11 05:39 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys

2012-12-25 14:41 . 2011-03-11 05:39 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys

2012-12-25 14:41 . 2011-03-11 05:38 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys

2012-12-25 14:41 . 2011-03-11 05:38 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys

2012-12-25 14:41 . 2011-03-11 05:38 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys

2012-12-25 14:41 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\system32\esent.dll

2012-12-25 14:41 . 2011-03-11 05:31 74240 ----a-w- c:\windows\system32\fsutil.exe

2012-12-25 12:45 . 2012-12-25 12:50 -------- d-----w- c:\program files\SAMSUNG

2012-12-25 12:44 . 2012-12-25 12:44 -------- d-----w- c:\programdata\Samsung

2012-12-24 12:34 . 2012-12-24 12:35 -------- d-----w- c:\program files\foobar2000

2012-12-24 10:48 . 2012-12-23 18:57 -------- d-----w- c:\windows\Panther

2012-12-24 10:48 . 2012-12-24 10:48 -------- d-----w- C:\Boot

2012-12-24 01:43 . 2012-12-24 01:44 -------- d-----w- c:\users\Mama

2012-12-23 22:17 . 2012-12-23 22:17 -------- d-----w- c:\programdata\Ubisoft

2012-12-23 21:23 . 2012-12-23 21:23 189248 ----a-w- c:\windows\system32\PnkBstrB.exe

2012-12-23 21:23 . 2012-12-23 21:23 75136 ----a-w- c:\windows\system32\PnkBstrA.exe

2012-12-23 21:21 . 2008-10-14 22:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll

2012-12-23 21:21 . 2008-10-14 22:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll

2012-12-23 21:21 . 2008-10-14 22:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll

2012-12-23 21:10 . 2013-01-05 22:47 -------- d--h--w- c:\program files\InstallShield Installation Information

2012-12-23 20:38 . 2012-12-23 20:38 -------- d-----w- c:\program files\Common Files\Adobe

2012-12-23 20:38 . 2012-12-23 20:38 -------- d-----w- c:\program files\7-Zip

2012-12-23 20:37 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-12-23 20:37 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-12-23 20:37 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-12-23 20:36 . 2012-12-23 20:36 -------- d-----w- c:\program files\uTorrent

2012-12-23 20:36 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-12-23 20:36 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-12-23 20:36 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe

2012-12-23 20:36 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-12-23 20:36 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll

2012-12-23 20:36 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-12-23 20:36 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-12-23 20:34 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll

2012-12-23 20:33 . 2012-12-23 20:33 -------- d-----w- c:\program files\CCleaner

2012-12-23 20:32 . 2013-01-08 17:44 -------- d-----w- c:\program files\MSI Afterburner

2012-12-23 20:31 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2012-12-23 20:31 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2012-12-23 20:25 . 2012-12-23 21:17 -------- d-----w- c:\program files\CPUID

2012-12-23 20:16 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll

2012-12-23 20:16 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-23 20:16 . 2010-09-30 06:47 70656 ----a-w- c:\windows\system32\fontsub.dll

2012-12-23 20:07 . 2012-12-23 20:07 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-12-23 20:06 . 2012-12-23 20:11 -------- d-----w- c:\programdata\Western Digital

2012-12-23 20:05 . 2012-12-23 20:05 -------- d-----w- c:\program files\Western Digital

2012-12-23 19:47 . 2012-12-23 19:47 -------- d-----w- C:\NVIDIA

2012-12-23 19:43 . 2012-12-23 19:43 -------- d-----w- c:\windows\system32\Wat

2012-12-23 19:31 . 2012-06-06 05:05 1019904 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2012-12-23 19:31 . 2012-06-06 05:03 805376 ----a-w- c:\windows\system32\cdosys.dll

2012-12-23 19:31 . 2012-06-06 05:05 143360 ----a-w- c:\program files\Common Files\System\ado\msjro.dll

2012-12-23 19:31 . 2012-06-06 05:05 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

2012-12-23 19:31 . 2012-06-06 05:05 57344 ----a-w- c:\program files\Common Files\System\ado\msador15.dll

2012-12-23 19:31 . 2012-06-06 05:05 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll

2012-12-23 19:31 . 2012-06-06 05:05 212992 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

2012-12-23 19:31 . 2012-06-02 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2012-12-23 19:31 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\system32\crypt32.dll

2012-12-23 19:31 . 2012-06-02 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll

2012-12-23 19:29 . 2012-12-26 19:07 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-23 19:29 . 2012-12-26 19:07 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-23 19:29 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll

2012-12-23 19:29 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-12-23 19:29 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-12-23 19:29 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-12-23 19:29 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-12-23 19:29 . 2012-12-23 19:29 -------- d-----w- c:\program files\Microsoft Analysis Services

2012-12-23 19:27 . 2011-07-09 02:30 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2012-12-23 19:27 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2012-12-23 19:27 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2012-12-23 19:27 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll

2012-12-23 19:27 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2012-12-23 19:27 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll

2012-12-23 19:27 . 2011-11-17 05:35 314880 ----a-w- c:\windows\system32\webio.dll

2012-12-23 19:27 . 2011-11-17 05:34 15872 ----a-w- c:\windows\system32\sspisrv.dll

2012-12-23 19:27 . 2011-11-17 05:34 100352 ----a-w- c:\windows\system32\sspicli.dll

2012-12-23 19:27 . 2011-11-17 05:34 22016 ----a-w- c:\windows\system32\secur32.dll

2012-12-23 19:27 . 2011-11-17 05:29 22528 ----a-w- c:\windows\system32\lsass.exe

2012-12-23 19:26 . 2012-12-23 19:26 -------- d-----w- c:\windows\system32\Macromed

2012-12-23 19:26 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\system32\msxml6.dll

2012-12-23 19:26 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\system32\msxml3.dll

2012-12-23 19:26 . 2010-06-26 03:24 2048 ----a-w- c:\windows\system32\msxml3r.dll

2012-12-23 19:26 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll

2012-12-23 19:26 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll

2012-12-23 19:26 . 2012-08-24 16:57 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-12-23 19:26 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll

2012-12-23 19:22 . 2012-12-23 19:22 -------- d-----w- c:\program files\PowerISO

2012-12-23 19:22 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-12-23 19:21 . 2012-11-09 04:42 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-23 19:21 . 2012-12-23 19:29 -------- d-----w- c:\program files\Google

2012-12-23 19:20 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\system32\mfc42u.dll

2012-12-23 19:20 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\system32\mfc42.dll

2012-12-23 19:20 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-12-23 19:20 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll

2012-12-23 19:20 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe

2012-12-23 19:20 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-12-23 19:20 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-12-23 19:20 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-12-23 19:20 . 2012-09-25 22:47 78336 ----a-w- c:\windows\system32\synceng.dll

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-16 07:39 . 2012-12-23 20:35 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-11-29 08:27 . 2012-12-23 20:07 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2012-06-23 10:19 2042504 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2012-06-23 10:19 2042504 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2012-06-23 10:19 2042504 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-08-25 545552]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-12-23 969104]

"Steam"="c:\program files\Steam\Steam.exe" [2012-11-19 1348944]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 4763008]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-25 348664]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-9-8 5185536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;c:\users\Atong\Desktop\aida64extreme_build_2232_nwj7tfz9dl\kerneld.x32 [x]

R3 cpuz135;cpuz135;c:\users\Atong\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]

S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]

S2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [x]

S2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 RTCore32;RTCore32;c:\program files\MSI Afterburner\RTCore32.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - RTCORE32

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

GPSvcGroup REG_MULTI_SZ GPSvc

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-23 19:21]

.

2013-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-23 19:21]

.

2013-01-08 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 37d57356-491d-4780-ae9c-e1905f19a63a.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

.

------- Supplementary Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office15\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL

FF - ProfilePath - c:\users\Atong\AppData\Roaming\Mozilla\Firefox\Profiles\iw9xst90.default\

FF - ExtSQL: 2012-12-27 03:57; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Atong\AppData\Roaming\Mozilla\Firefox\Profiles\iw9xst90.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

FF - ExtSQL: 2013-01-07 01:07; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\Atong\AppData\Roaming\Mozilla\Firefox\Profiles\iw9xst90.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AIDA64Driver]

"ImagePath"="\??\c:\users\Atong\Desktop\aida64extreme_build_2232_nwj7tfz9dl\kerneld.x32"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(620)

c:\windows\system32\dssenh.dll

.

- - - - - - - > 'Explorer.exe'(4768)

c:\program files\MSI Afterburner\Bundle\OSDServer\RTSSHooks.dll

.

Completion time: 2013-01-09 02:38:57

ComboFix-quarantined-files.txt 2013-01-08 18:38

ComboFix2.txt 2013-01-08 17:39

.

Pre-Run: 26,378,362,880 bytes free

Post-Run: 26,337,587,200 bytes free

.

- - End Of File - - 7892C27542A561E17B5B05CAEDD07E7E

[mbam blocks outgoing svchost.exe connection to bosnia]

I just checked mbam protection logs and the incoming/outgoing connections by svchost.exe to the said IP address stopped 3 hours ago, before we even started troubleshooting. That's odd, anyway here's the log from combofix

ComboFix 13-01-08.01 - Atong 01/09/2013 1:32.1.4 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3071.2208 [GMT 8:00]

Running from: c:\users\Atong\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-12-08 to 2013-01-08 )))))))))))))))))))))))))))))))

.

.

2013-01-08 17:38 . 2013-01-08 17:38 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-05 23:52 . 2013-01-05 23:52 -------- d-----w- c:\program files\Creative

2013-01-05 23:52 . 2002-06-06 06:38 139264 ----a-w- c:\windows\system32\eax.dll

2013-01-05 23:52 . 1998-10-29 08:45 306688 ----a-w- c:\windows\IsUninst.exe

2013-01-05 22:37 . 2013-01-05 22:47 -------- d-----w- C:\Root

2013-01-05 22:37 . 2013-01-05 22:37 -------- d-----w- c:\program files\Activision

2013-01-01 13:53 . 2013-01-01 13:53 -------- d-----w- c:\program files\Sleeping.Dogs-1.7+North.Point.DLC

2012-12-26 20:15 . 2012-12-26 20:15 -------- d-----w- c:\programdata\Malwarebytes

2012-12-26 20:15 . 2012-12-14 08:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-26 20:15 . 2012-12-28 08:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-12-26 20:12 . 2012-12-26 20:13 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-12-26 20:12 . 2012-12-26 20:12 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-12-25 22:53 . 2010-08-12 03:46 758784 ----a-w- c:\windows\system32\cohelper.dll

2012-12-25 22:53 . 2010-08-09 14:33 11164 ----a-w- c:\windows\system32\drivers\nvphy.bin

2012-12-25 22:50 . 2012-12-25 22:50 -------- d-----w- c:\program files\Microsoft Silverlight

2012-12-25 19:45 . 2012-12-25 19:45 -------- d-----w- c:\program files\Common Files\Steam

2012-12-25 19:45 . 2013-01-08 17:10 -------- d-----w- c:\program files\Steam

2012-12-25 16:30 . 2012-12-25 22:53 -------- d-----w- c:\program files\NVIDIA Corporation

2012-12-25 16:23 . 2012-12-25 16:24 -------- d-----w- c:\program files\FreeArc

2012-12-25 15:56 . 2012-12-25 16:38 -------- d-----w- c:\program files\Mass Effect 3

2012-12-25 14:46 . 2011-03-25 02:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys

2012-12-25 14:46 . 2011-03-25 02:58 284672 ----a-w- c:\windows\system32\drivers\usbport.sys

2012-12-25 14:46 . 2011-03-25 02:58 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2012-12-25 14:46 . 2011-03-25 02:57 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys

2012-12-25 14:46 . 2011-03-25 02:57 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys

2012-12-25 14:46 . 2011-03-25 02:57 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2012-12-25 14:46 . 2011-03-25 02:57 5888 ----a-w- c:\windows\system32\drivers\usbd.sys

2012-12-25 14:41 . 2011-03-11 05:39 148864 ----a-w- c:\windows\system32\drivers\storport.sys

2012-12-25 14:41 . 2011-03-11 05:39 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys

2012-12-25 14:41 . 2011-03-11 05:39 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys

2012-12-25 14:41 . 2011-03-11 05:38 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys

2012-12-25 14:41 . 2011-03-11 05:38 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys

2012-12-25 14:41 . 2011-03-11 05:38 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys

2012-12-25 14:41 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\system32\esent.dll

2012-12-25 14:41 . 2011-03-11 05:31 74240 ----a-w- c:\windows\system32\fsutil.exe

2012-12-25 12:45 . 2012-12-25 12:50 -------- d-----w- c:\program files\SAMSUNG

2012-12-25 12:44 . 2012-12-25 12:44 -------- d-----w- c:\programdata\Samsung

2012-12-24 12:34 . 2012-12-24 12:35 -------- d-----w- c:\program files\foobar2000

2012-12-24 10:48 . 2012-12-23 18:57 -------- d-----w- c:\windows\Panther

2012-12-24 10:48 . 2012-12-24 10:48 -------- d-----w- C:\Boot

2012-12-24 01:43 . 2012-12-24 01:44 -------- d-----w- c:\users\Mama

2012-12-23 22:17 . 2012-12-23 22:17 -------- d-----w- c:\programdata\Ubisoft

2012-12-23 21:23 . 2012-12-23 21:23 189248 ----a-w- c:\windows\system32\PnkBstrB.exe

2012-12-23 21:23 . 2012-12-23 21:23 75136 ----a-w- c:\windows\system32\PnkBstrA.exe

2012-12-23 21:21 . 2008-10-14 22:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll

2012-12-23 21:21 . 2008-10-14 22:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll

2012-12-23 21:21 . 2008-10-14 22:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll

2012-12-23 21:10 . 2013-01-05 22:47 -------- d--h--w- c:\program files\InstallShield Installation Information

2012-12-23 20:38 . 2012-12-23 20:38 -------- d-----w- c:\program files\Common Files\Adobe

2012-12-23 20:38 . 2012-12-23 20:38 -------- d-----w- c:\program files\7-Zip

2012-12-23 20:37 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-12-23 20:37 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-12-23 20:37 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-12-23 20:36 . 2012-12-23 20:36 -------- d-----w- c:\program files\uTorrent

2012-12-23 20:36 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-12-23 20:36 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-12-23 20:36 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe

2012-12-23 20:36 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-12-23 20:36 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll

2012-12-23 20:36 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-12-23 20:36 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-12-23 20:34 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll

2012-12-23 20:33 . 2012-12-23 20:33 -------- d-----w- c:\program files\CCleaner

2012-12-23 20:32 . 2013-01-08 17:12 -------- d-----w- c:\program files\MSI Afterburner

2012-12-23 20:31 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2012-12-23 20:31 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2012-12-23 20:25 . 2012-12-23 21:17 -------- d-----w- c:\program files\CPUID

2012-12-23 20:16 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll

2012-12-23 20:16 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-23 20:16 . 2010-09-30 06:47 70656 ----a-w- c:\windows\system32\fontsub.dll

2012-12-23 20:07 . 2012-12-23 20:07 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-12-23 20:06 . 2012-12-23 20:11 -------- d-----w- c:\programdata\Western Digital

2012-12-23 20:05 . 2012-12-23 20:05 -------- d-----w- c:\program files\Western Digital

2012-12-23 19:47 . 2012-12-23 19:47 -------- d-----w- C:\NVIDIA

2012-12-23 19:43 . 2012-12-23 19:43 -------- d-----w- c:\windows\system32\Wat

2012-12-23 19:31 . 2012-06-06 05:05 1019904 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2012-12-23 19:31 . 2012-06-06 05:03 805376 ----a-w- c:\windows\system32\cdosys.dll

2012-12-23 19:31 . 2012-06-06 05:05 143360 ----a-w- c:\program files\Common Files\System\ado\msjro.dll

2012-12-23 19:31 . 2012-06-06 05:05 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

2012-12-23 19:31 . 2012-06-06 05:05 57344 ----a-w- c:\program files\Common Files\System\ado\msador15.dll

2012-12-23 19:31 . 2012-06-06 05:05 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll

2012-12-23 19:31 . 2012-06-06 05:05 212992 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

2012-12-23 19:31 . 2012-06-02 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2012-12-23 19:31 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\system32\crypt32.dll

2012-12-23 19:31 . 2012-06-02 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll

2012-12-23 19:29 . 2012-12-26 19:07 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-23 19:29 . 2012-12-26 19:07 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-23 19:29 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll

2012-12-23 19:29 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-12-23 19:29 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-12-23 19:29 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-12-23 19:29 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-12-23 19:29 . 2012-12-23 19:29 -------- d-----w- c:\program files\Microsoft Analysis Services

2012-12-23 19:27 . 2011-07-09 02:30 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2012-12-23 19:27 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2012-12-23 19:27 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2012-12-23 19:27 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll

2012-12-23 19:27 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2012-12-23 19:27 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll

2012-12-23 19:27 . 2011-11-17 05:35 314880 ----a-w- c:\windows\system32\webio.dll

2012-12-23 19:27 . 2011-11-17 05:34 15872 ----a-w- c:\windows\system32\sspisrv.dll

2012-12-23 19:27 . 2011-11-17 05:34 100352 ----a-w- c:\windows\system32\sspicli.dll

2012-12-23 19:27 . 2011-11-17 05:34 22016 ----a-w- c:\windows\system32\secur32.dll

2012-12-23 19:27 . 2011-11-17 05:29 22528 ----a-w- c:\windows\system32\lsass.exe

2012-12-23 19:26 . 2012-12-23 19:26 -------- d-----w- c:\windows\system32\Macromed

2012-12-23 19:26 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\system32\msxml6.dll

2012-12-23 19:26 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\system32\msxml3.dll

2012-12-23 19:26 . 2010-06-26 03:24 2048 ----a-w- c:\windows\system32\msxml3r.dll

2012-12-23 19:26 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll

2012-12-23 19:26 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll

2012-12-23 19:26 . 2012-08-24 16:57 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-12-23 19:26 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll

2012-12-23 19:22 . 2012-12-23 19:22 -------- d-----w- c:\program files\PowerISO

2012-12-23 19:22 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-12-23 19:21 . 2012-11-09 04:42 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-23 19:21 . 2012-12-23 19:29 -------- d-----w- c:\program files\Google

2012-12-23 19:20 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\system32\mfc42u.dll

2012-12-23 19:20 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\system32\mfc42.dll

2012-12-23 19:20 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-12-23 19:20 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll

2012-12-23 19:20 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe

2012-12-23 19:20 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-12-23 19:20 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-12-23 19:20 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-12-23 19:20 . 2012-09-25 22:47 78336 ----a-w- c:\windows\system32\synceng.dll

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-16 07:39 . 2012-12-23 20:35 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-11-29 08:27 . 2012-12-23 20:07 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2012-06-23 10:19 2042504 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2012-06-23 10:19 2042504 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2012-06-23 10:19 2042504 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-08-25 545552]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-12-23 969104]

"Steam"="c:\program files\Steam\Steam.exe" [2012-11-19 1348944]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 4763008]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-25 348664]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-9-8 5185536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R3 cpuz135;cpuz135;c:\users\Atong\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]

S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]

S2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [x]

S2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [x]

S3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;c:\users\Atong\Desktop\aida64extreme_build_2232_nwj7tfz9dl\kerneld.x32 [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - AIDA64DRIVER

*NewlyCreated* - TRUESIGHT

*Deregistered* - RTCore32

*Deregistered* - TrueSight

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

GPSvcGroup REG_MULTI_SZ GPSvc

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-23 19:21]

.

2013-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-23 19:21]

.

2013-01-08 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 37d57356-491d-4780-ae9c-e1905f19a63a.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

.

------- Supplementary Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office15\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL

FF - ProfilePath - c:\users\Atong\AppData\Roaming\Mozilla\Firefox\Profiles\iw9xst90.default\

FF - ExtSQL: 2012-12-27 03:57; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Atong\AppData\Roaming\Mozilla\Firefox\Profiles\iw9xst90.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

FF - ExtSQL: 2013-01-07 01:07; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\Atong\AppData\Roaming\Mozilla\Firefox\Profiles\iw9xst90.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe

AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AIDA64Driver]

"ImagePath"="\??\c:\users\Atong\Desktop\aida64extreme_build_2232_nwj7tfz9dl\kerneld.x32"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-01-09 01:39:18

ComboFix-quarantined-files.txt 2013-01-08 17:39

.

Pre-Run: 26,507,628,544 bytes free

Post-Run: 26,467,000,320 bytes free

.

- - End Of File - - E8B3DF74CE56F554EA010039930590CA

[mbam blocks outgoing svchost.exe connection to bosnia]

Thanks for the reply Gringo, here's the logs you requested. I hope we can resolve this within 24 hours since this is the last day of my trial. I'm thinking of purchasing mbam pro but for the meantime if we don't resolve this while the trial's still active I'm considering reformatting my pc. Cheers!

-Security Check-

Results of screen317's Security Check version 0.99.56

Windows 7 Service Pack 1 x86 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Avira Desktop

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

SUPERAntiSpyware

Malwarebytes Anti-Malware version 1.70.0.1100

CCleaner

Adobe Flash Player 11.5.502.135

Adobe Reader XI

Mozilla Firefox (17.0.1)

Google Chrome 23.0.1271.97

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

-AdwCleaner-

# AdwCleaner v2.105 - Logfile created 01/09/2013 at 01:07:06

# Updated 08/01/2013 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (32 bits)

# User : Atong - ATONG-PC

# Boot Mode : Normal

# Running from : C:\Users\Atong\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKLM\Software\PIP

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\Atong\AppData\Roaming\Mozilla\Firefox\Profiles\iw9xst90.default\prefs.js

[OK] File is clean.

File : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\yvyd0a19.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Atong\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [1099 octets] - [09/01/2013 01:07:06]

########## EOF - C:\AdwCleaner[s1].txt - [1159 octets] ##########

--RogueKiller--

RogueKiller V8.4.2 [Jan 6 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User : Atong [Admin rights]

Mode : Remove -- Date : 01/09/2013 01:13:57

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤

[TASK][sUSP PATH] AIDA64 AutoStart : C:\Users\Atong\Desktop\aida64extreme_build_2232_nwj7tfz9dl\aida64.exe -> DELETED

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

SSDT[84] : NtCreateSection @ 0x82C7706D -> HOOKED (Unknown @ 0x8E598E6E)

SSDT[299] : NtRequestWaitReplyPort @ 0x82C91A63 -> HOOKED (Unknown @ 0x8E598E78)

SSDT[316] : NtSetContextThread @ 0x82D31745 -> HOOKED (Unknown @ 0x8E598E73)

SSDT[347] : NtSetSecurityObject @ 0x82C55742 -> HOOKED (Unknown @ 0x8E598E7D)

SSDT[368] : NtSystemDebugControl @ 0x82CD96BC -> HOOKED (Unknown @ 0x8E598E82)

SSDT[370] : NtTerminateProcess @ 0x82CAEBFB -> HOOKED (Unknown @ 0x8E598E0F)

S_SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8E598E96)

S_SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8E598E9B)

_INLINE_ : NtRequestWaitReplyPort -> HOOKED (Unknown @ 0x93B44D40)

_INLINE_ : NtTraceEvent -> HOOKED (Unknown @ 0x93B44C00)

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721616PLA SCSI Disk Device +++++

--- User ---

[MBR] 0e72e808fb52d60069398d6c824fa084

[bSP] f818b93c8192b8078bbb924b61f322ab : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10310 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21116928 | Size: 68969 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 162365440 | Size: 73346 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[2]_D_01092013_02d0113.txt >>

RKreport[1]_S_01092013_02d0113.txt ; RKreport[2]_D_01092013_02d0113.txt

[mbam blocks outgoing svchost.exe connection to bosnia]

Good day, mbam keeps blocking outgoing connections from svchost.exe to this IP 77.78.242.118 which appears to be located in bosnia. this started just around 16 hours ago.

attach.txt

dds.txt