Jump to content

Search the Community

Showing results for tags 'IP Blocks'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 5 results

  1. Hi, Malwarebytes has been blocking some IPs for a few days and I have seen a strange behaviour in my browser ()FF) that sometimes redirects from my wordpress account to this address: http://ti-emme.net/traf.php?action=spam&c=11 The first time it happened - a fewe days ago - I followed the instructions here: http://forums.malwarebytes.org/index.php?showtopic=120105 as it was the same IP blocked. I ran a complete scan with Malwarebytes the first time, and it blocked a few things. I ran a scan with Adwcleaner that deleted a few things, and then with Rogue Killer, and then with ComboFix. After that I ran another scan with Malwarebytes but nothing malicious was found. I also cleaned my wordpress account using a plugin and it found a couple of things. I changed my wordpress/FTP/php passwords. Everything has been fine for a couple of days but since yesterday Malwarebytes has started blocking some IPs again - the same ones it was blocking a few days ago - and another my wordpress account has redirected again to http://ti-emme.net/traf.php?action=spam&c=11 Malwarebytes, Adwcleaner, RogueKiller and ComboFix don't find anything suspicious. I also use Microsoft Security Essential and Windows Firewall but they never caught anything. I scan my wordpress account with a couple of security plugins but none of them found anything. The IPs blocked are: 109.236.82.186 94.242.251.103 77.95.229.44 I don't know whether my computer is infected or not, why nothing is found by all the above, and why the redirections happen with my wordpress account. Could you please help? DDS.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.10.2 Run by mamaalda at 20:25:10 on 2013-01-14 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3793.2079 [GMT 0:00] . AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\ibmpmsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Prey\platform\windows\cronsvc.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\ProgramData\MobileBrServ\mbbservice.exe C:\Windows\SysWOW64\NLSSRV32.EXE C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\TpShocks.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe C:\Windows\system32\rundll32.exe C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\system32\rundll32.exe C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.ottimizzazione-pc.it/ BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll mRun: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 192.168.1.1 192.168.1.1 TCP: Interfaces\{1F01351A-F5B8-4D6C-9A5A-D559156A65E4} : DHCPNameServer = 192.168.1.1 192.168.1.1 TCP: Interfaces\{2517369C-5DA8-42FE-BD24-917F513AF335} : DHCPNameServer = 192.168.1.1 192.168.1.1 TCP: Interfaces\{C20D406B-E079-437C-9FCB-C426F672D9F8} : DHCPNameServer = 192.168.1.1 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> LSA: Notification Packages = scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll x64-Run: [intelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe" x64-Run: [intelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe" x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [TpShocks] TpShocks.exe x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\mamaalda\AppData\Roaming\Mozilla\Firefox\Profiles\fah2c9yj.default\ FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/ FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Users\mamaalda\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2012-12-18 18:04; firebug@software.joehewitt.com; C:\Users\mamaalda\AppData\Roaming\Mozilla\Firefox\Profiles\fah2c9yj.default\extensions\firebug@software.joehewitt.com.xpi FF - ExtSQL: 2012-12-18 18:05; {e3f6c2cc-d8db-498c-af6c-499fb211db97}; C:\Users\mamaalda\AppData\Roaming\Mozilla\Firefox\Profiles\fah2c9yj.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} FF - ExtSQL: 2012-12-18 18:07; {c45c406e-ab73-11d8-be73-000a95be3b12}; C:\Users\mamaalda\AppData\Roaming\Mozilla\Firefox\Profiles\fah2c9yj.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi FF - ExtSQL: 2012-12-18 18:07; yslow@yahoo-inc.com; C:\Users\mamaalda\AppData\Roaming\Mozilla\Firefox\Profiles\fah2c9yj.default\extensions\yslow@yahoo-inc.com.xpi FF - ExtSQL: 2012-12-18 18:15; {B17C1C5A-04B1-11DB-9804-B622A1EF5492}; C:\Users\mamaalda\AppData\Roaming\Mozilla\Firefox\Profiles\fah2c9yj.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi FF - ExtSQL: 2013-01-08 13:23; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; C:\Users\mamaalda\AppData\Roaming\Mozilla\Firefox\Profiles\fah2c9yj.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi . ============= SERVICES / DRIVERS =============== . R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2012-10-11 29512] R0 Fastboot;Fastboot;C:\Windows\System32\drivers\Fastboot.sys [2012-10-11 70416] R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-1-9 19224] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768] R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-12-29 25416] R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2012-3-26 33344] R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2012-11-28 23552] R2 FastbootService;FastbootService;C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [2012-10-11 169776] R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2012-10-11 58224] R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2012-12-21 127072] R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-10-11 61296] R2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2012-10-11 179568] R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-12-21 136288] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-9 398184] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-9 682344] R2 Mobile Broadband HL Service;Mobile Broadband HL Service;C:\ProgramData\MobileBrServ\mbbService.exe [2012-11-24 230240] R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-11-8 70152] R2 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2012-10-11 101888] R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2012-12-21 145808] R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2013-1-5 125504] R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-4-19 84080] R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-6-25 3325232] R3 5U877;5U877;C:\Windows\System32\drivers\5U877.sys [2012-11-24 216704] R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-1-5 169752] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-12-21 342528] R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-1-9 356632] R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-1-9 789272] R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-4-20 25528] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-9 24176] R3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2012-10-11 1666112] R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2012-12-21 44344] R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2012-2-7 40248] R3 tvtvcamd;ThinkVantage Virtual Camera;C:\Windows\System32\drivers\tvtvcamd.sys [2012-10-11 27432] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2012-5-29 144992] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944] S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-10-11 163368] S3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2012-10-11 594472] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-10-11 39976] S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2013-1-5 320576] S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-4-20 35256] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896] S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2012-10-11 1665088] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-10 19456] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-10 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-10 30208] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-25 1255736] S4 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448] S4 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-10-11 161560] S4 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-10-11 363800] . =============== Created Last 30 ================ . 2013-01-14 15:09:31 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A5CD3F06-7BDF-4814-B2CD-D2E70B920F1E}\mpengine.dll 2013-01-13 20:12:18 9125352 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-01-13 14:12:49 -------- d-----w- C:\Users\mamaalda\AppData\Local\VS Revo Group 2013-01-12 20:47:19 -------- d-sh--w- C:\$RECYCLE.BIN 2013-01-12 17:26:48 -------- d-----w- C:\Users\mamaalda\.thumbnails 2013-01-12 14:04:33 98816 ----a-w- C:\Windows\sed.exe 2013-01-12 14:04:33 256000 ----a-w- C:\Windows\PEV.exe 2013-01-12 14:04:33 208896 ----a-w- C:\Windows\MBR.exe 2013-01-09 17:42:01 750592 ----a-w- C:\Windows\System32\win32spl.dll 2013-01-09 17:42:01 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-01-09 17:41:47 2002432 ----a-w- C:\Windows\System32\msxml6.dll 2013-01-09 17:41:46 1882624 ----a-w- C:\Windows\System32\msxml3.dll 2013-01-09 17:41:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll 2013-01-09 17:41:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2013-01-09 17:41:44 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2013-01-09 17:41:44 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2013-01-09 17:41:20 68608 ----a-w- C:\Windows\System32\taskhost.exe 2013-01-09 17:41:19 3149824 ----a-w- C:\Windows\System32\win32k.sys 2013-01-09 17:38:19 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8FAEBE92-B1EE-473D-A596-8E6C3BDC672E}\gapaengine.dll 2013-01-09 17:30:16 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2013-01-09 17:30:12 -------- d-----w- C:\Program Files\Microsoft Security Client 2013-01-09 17:28:55 -------- d-----w- C:\Users\mamaalda\AppData\Roaming\Malwarebytes 2013-01-09 17:28:49 -------- d-----w- C:\ProgramData\Malwarebytes 2013-01-09 17:28:48 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-01-09 17:28:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-01-09 15:59:00 -------- d-----w- C:\Users\mamaalda\AppData\Local\WinZip 2013-01-09 13:06:17 -------- d-----w- C:\Dell 2013-01-09 12:25:05 -------- d-----w- C:\ProgramData\DriverGenius 2013-01-09 12:24:49 -------- d-----w- C:\Program Files (x86)\Driver-Soft 2013-01-09 12:10:36 41984 ----a-w- C:\Windows\System32\drivers\USB3Ver.dll 2013-01-09 12:10:35 789272 ----a-w- C:\Windows\System32\drivers\iusb3xhc.sys 2013-01-09 12:10:35 356632 ----a-w- C:\Windows\System32\drivers\iusb3hub.sys 2013-01-09 12:10:34 19224 ----a-w- C:\Windows\System32\drivers\iusb3hcs.sys 2013-01-08 10:21:27 -------- d-----w- C:\Program Files (x86)\Common Files\Intel 2013-01-08 10:20:15 -------- d-----w- C:\Program Files\IDCC.5.5.1.84 2013-01-08 10:09:13 -------- d-----w- C:\Program Files\Intel®_USB_3.0_eXtensible_Host_Controller_Driver 2013-01-08 09:50:31 -------- d-----w- C:\Users\mamaalda\AppData\Roaming\Software Informer 2013-01-08 09:50:31 -------- d-----w- C:\Program Files (x86)\Software Informer 2013-01-08 09:49:44 -------- d-----w- C:\Program Files\Artensoft Tilt Shift Generator 2013-01-07 20:32:48 -------- d-----w- C:\Program Files (x86)\Auslogics 2013-01-07 11:15:47 0 ----a-w- C:\Windows\SysWow64\FAPA150.tmp 2013-01-07 11:15:46 0 ----a-w- C:\Windows\SysWow64\FAP9EDD.tmp 2013-01-07 11:14:56 0 ----a-w- C:\Windows\SysWow64\FAPD89F.tmp 2013-01-07 11:14:35 0 ----a-w- C:\Windows\SysWow64\FAP882C.tmp 2013-01-07 11:13:54 0 ----a-w- C:\Windows\SysWow64\FAPE871.tmp 2013-01-07 11:11:46 0 ----a-w- C:\Windows\SysWow64\FAPF51B.tmp 2013-01-07 11:11:38 0 ----a-w- C:\Windows\SysWow64\FAPD690.tmp 2013-01-07 10:54:13 0 ----a-w- C:\Windows\SysWow64\FAPE175.tmp 2013-01-07 10:54:13 0 ----a-w- C:\Windows\SysWow64\FAPE163.tmp 2013-01-07 10:54:13 0 ----a-w- C:\Windows\SysWow64\FAPE121.tmp 2013-01-05 21:42:10 -------- d-----w- C:\Intel 2013-01-05 20:41:15 53248 ----a-r- C:\Users\mamaalda\AppData\Roaming\Microsoft\Installer\{0369F866-2CE0-4EB9-B426-88FA122C6E82}\ARPPRODUCTICON.exe 2013-01-05 20:41:11 53248 ----a-r- C:\Users\mamaalda\AppData\Roaming\Microsoft\Installer\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}\ARPPRODUCTICON.exe 2013-01-05 20:39:17 72048 ----a-w- C:\Windows\System32\ibmpmctl.exe 2013-01-05 20:39:17 60272 ----a-w- C:\Windows\System32\ibmpmsvc.exe 2013-01-05 20:39:17 42824 ----a-w- C:\Windows\System32\drivers\ibmpmdrv.sys 2013-01-05 20:39:17 39792 ----a-w- C:\Windows\System32\tpinspm.dll 2013-01-05 20:15:47 -------- d-----w- C:\Program Files (x86)\Cisco 2013-01-05 12:23:57 0 ----a-w- C:\Windows\SysWow64\FAP2420.tmp 2013-01-05 12:23:32 0 ----a-w- C:\Windows\SysWow64\FAPC53B.tmp 2013-01-05 12:23:32 0 ----a-w- C:\Windows\SysWow64\FAPC1B0.tmp 2013-01-03 12:40:00 -------- d-----r- C:\Users\mamaalda\Dropbox 2013-01-02 16:47:56 859072 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-01-02 16:47:56 779704 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-01-02 16:47:53 95184 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-01-02 12:30:57 -------- d-----w- C:\Program Files\CCleaner 2013-01-02 09:47:38 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9E946B09-4D1A-46A8-99B7-1665516FD764}\mpengine.dll 2013-01-01 20:13:22 -------- d-----w- C:\Users\mamaalda\AppData\Roaming\SumatraPDF 2013-01-01 20:13:19 -------- d-----w- C:\Program Files (x86)\SumatraPDF 2013-01-01 19:33:09 -------- d-----w- C:\Users\mamaalda\AppData\Roaming\Auslogics 2013-01-01 11:29:10 -------- d-----w- C:\Users\mamaalda\AppData\Local\Programs 2013-01-01 11:21:52 -------- d-----w- C:\Windows\AutoKMS 2013-01-01 10:56:32 -------- d-----w- C:\Program Files (x86)\Belarc 2012-12-31 17:22:25 -------- d-----w- C:\ProgramData\BlueSprig 2012-12-31 14:57:32 -------- d-----w- C:\Users\mamaalda\AppData\Roaming\BlueSprig 2012-12-31 14:57:29 -------- d-----w- C:\Program Files (x86)\BlueSprig 2012-12-30 22:46:41 -------- d-----w- C:\Users\mamaalda\AppData\Roaming\EurekaLog 2012-12-30 18:02:13 -------- d-----w- C:\Program Files (x86)\Everything 2012-12-28 22:50:08 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat 2012-12-28 22:27:28 -------- d-----w- C:\Prey 2012-12-28 17:56:21 -------- d-----w- C:\Users\mamaalda\AppData\Roaming\Unity 2012-12-28 13:14:40 277640 ----a-w- C:\Windows\SysWow64\IntelCpHeciSvc.exe 2012-12-28 13:14:40 172168 ----a-w- C:\Windows\System32\igfxtray.exe 2012-12-28 13:14:38 512136 ----a-w- C:\Windows\System32\igfxsrvc.exe 2012-12-28 13:14:38 441992 ----a-w- C:\Windows\System32\igfxpers.exe 2012-12-28 13:14:38 400008 ----a-w- C:\Windows\System32\hkcmd.exe 2012-12-28 13:14:38 255112 ----a-w- C:\Windows\System32\igfxext.exe 2012-12-28 13:14:36 5906056 ----a-w- C:\Windows\System32\GfxUI.exe 2012-12-28 13:14:36 185992 ----a-w- C:\Windows\System32\difx64.exe 2012-12-27 18:24:36 -------- d-----w- C:\Users\mamaalda\AppData\Local\Unity 2012-12-22 13:15:56 -------- d-----w- C:\ProgramData\Hagel Technologies 2012-12-21 22:43:04 56832 ----a-w- C:\Windows\System32\Intel_OpenCL_ICD64.dll 2012-12-21 22:43:04 56320 ----a-w- C:\Windows\SysWow64\Intel_OpenCL_ICD32.dll 2012-12-21 22:43:04 116224 ----a-w- C:\Windows\System32\igfxCoIn_v2843.dll 2012-12-21 22:43:03 216064 ----a-w- C:\Windows\System32\iglhcp64.dll 2012-12-21 22:43:03 180224 ----a-w- C:\Windows\SysWow64\iglhcp32.dll 2012-12-21 22:43:02 9007616 ----a-w- C:\Windows\System32\igfxress.dll 2012-12-21 22:43:02 384512 ----a-w- C:\Windows\System32\igfxpph.dll 2012-12-21 22:42:51 342528 ----a-w- C:\Windows\System32\drivers\IntcDAud.sys 2012-12-21 22:42:51 16896 ----a-w- C:\Windows\System32\IntcDAuC.dll 2012-12-21 22:40:20 -------- d-----w- C:\ProgramData\Intel.sav 2012-12-21 22:39:07 -------- d-----w- C:\DRIVERS 2012-12-21 22:38:03 460600 ----a-w- C:\Windows\System32\drivers\SynTP.sys 2012-12-21 22:38:03 229176 ----a-w- C:\Windows\System32\SynTPAPI.dll 2012-12-21 22:38:03 177976 ----a-w- C:\Windows\System32\SynTPCo14.dll 2012-12-21 22:38:03 113976 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll 2012-12-21 22:38:01 44344 ----a-w- C:\Windows\System32\drivers\Smb_driver_Intel.sys 2012-12-21 16:48:46 -------- d-----w- C:\Users\mamaalda\AppData\Local\Microsoft Games 2012-12-21 14:58:22 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-21 14:58:22 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-21 14:58:22 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-21 14:58:21 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-21 13:10:10 -------- d-----w- C:\Users\mamaalda\AppData\Roaming\addpcs 2012-12-21 09:13:30 -------- d-----w- C:\Users\mamaalda\AppData\Roaming\PCDr 2012-12-21 09:13:23 -------- d-----w- C:\temp 2012-12-18 23:25:46 -------- d-----w- C:\Users\mamaalda\AppData\Local\Microsoft Corporation 2012-12-16 21:55:05 424960 ----a-w- C:\Windows\System32\KernelBase.dll 2012-12-16 21:54:50 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-12-16 21:54:50 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-12-16 21:54:11 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-12-16 21:54:11 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll . ==================== Find3M ==================== . 2013-01-10 13:05:29 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-10 13:05:29 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-12-13 16:23:46 116224 ----a-w- C:\Windows\System32\igfxCoIn_v2932.dll 2012-12-12 16:45:56 3581440 ----a-w- C:\Windows\System32\igdbcl64.dll 2012-12-12 16:45:54 27664896 ----a-w- C:\Windows\System32\igdrcl64.dll 2012-12-12 16:45:44 241664 ----a-w- C:\Windows\System32\IntelOpenCL64.dll 2012-12-12 16:45:20 2898944 ----a-w- C:\Windows\SysWow64\igdbcl32.dll 2012-12-12 16:45:18 27643904 ----a-w- C:\Windows\SysWow64\igdrcl32.dll 2012-12-12 16:45:12 196096 ----a-w- C:\Windows\SysWow64\IntelOpenCL32.dll 2012-12-12 16:45:06 12858368 ----a-w- C:\Windows\System32\igd10umd64.dll 2012-12-12 16:44:44 27457536 ----a-w- C:\Windows\System32\igdfcl64.dll 2012-12-12 16:44:04 11174912 ----a-w- C:\Windows\SysWow64\igd10umd32.dll 2012-12-12 16:42:44 410112 ----a-w- C:\Windows\System32\igfxTMM.dll 2012-12-12 16:42:44 28672 ----a-w- C:\Windows\System32\igfxexps.dll 2012-12-12 16:42:42 21850112 ----a-w- C:\Windows\SysWow64\igdfcl32.dll 2012-12-12 16:42:36 126976 ----a-w- C:\Windows\System32\igfxcpl.cpl 2012-12-12 16:42:36 12615680 ----a-w- C:\Windows\System32\igdumd64.dll 2012-12-12 16:42:34 142336 ----a-w- C:\Windows\System32\igfxdo.dll 2012-12-12 16:42:28 64000 ----a-w- C:\Windows\System32\igfxsrvc.dll 2012-12-12 16:42:28 5353888 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys 2012-12-12 16:42:24 80384 ----a-w- C:\Windows\System32\igdde64.dll 2012-12-12 16:42:06 110592 ----a-w- C:\Windows\System32\hccutils.dll 2012-12-12 16:41:56 9728 ----a-w- C:\Windows\System32\IGFXDEVLib.dll 2012-12-12 16:41:56 175104 ----a-w- C:\Windows\System32\gfxSrvc.dll 2012-12-12 16:41:54 442880 ----a-w- C:\Windows\System32\igfxdev.dll 2012-12-12 16:41:38 11049472 ----a-w- C:\Windows\SysWow64\igdumd32.dll 2012-12-12 16:41:26 286208 ----a-w- C:\Windows\System32\igfxrenu.lrc 2012-12-12 16:41:24 64512 ----a-w- C:\Windows\SysWow64\igdde32.dll 2012-12-12 16:40:42 25088 ----a-w- C:\Windows\SysWow64\igfxexps32.dll 2012-12-12 16:40:14 8621056 ----a-w- C:\Windows\SysWow64\ig7icd32.dll 2012-12-12 16:40:08 330752 ----a-w- C:\Windows\SysWow64\igfxdv32.dll 2012-12-12 16:39:30 11633152 ----a-w- C:\Windows\System32\ig7icd64.dll 2012-12-12 16:38:20 640512 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll 2012-12-12 16:38:20 518656 ----a-w- C:\Windows\System32\igfxcmrt64.dll 2012-12-12 16:38:18 483840 ----a-w- C:\Windows\System32\igfx11cmrt64.dll 2012-12-12 16:38:18 459264 ----a-w- C:\Windows\SysWow64\igfx11cmrt32.dll 2012-12-12 16:38:18 3511296 ----a-w- C:\Windows\System32\igfxcmjit64.dll 2012-12-12 16:38:18 3121152 ----a-w- C:\Windows\SysWow64\igfxcmjit32.dll 2012-12-12 16:38:16 754652 ----a-w- C:\Windows\SysWow64\igcodeckrng700.bin 2012-12-12 16:38:16 754652 ----a-w- C:\Windows\System32\igcodeckrng700.bin 2012-12-12 16:38:16 598384 ----a-w- C:\Windows\SysWow64\igvpkrng700.bin 2012-12-12 16:38:16 598384 ----a-w- C:\Windows\System32\igvpkrng700.bin 2012-12-08 11:13:52 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll 2012-11-26 11:38:22 129784 ------w- C:\Windows\SysWow64\pxafs.dll 2012-11-26 11:38:22 118520 ------w- C:\Windows\SysWow64\pxinsi64.exe 2012-11-26 11:38:22 116472 ------w- C:\Windows\SysWow64\pxcpyi64.exe 2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-11-08 18:08:50 70152 ----a-w- C:\Windows\SysWow64\NLSSRV32.EXE 2012-11-02 15:38:36 862664 ----a-w- C:\Windows\SysWow64\msvcr110.dll 2012-11-02 15:38:36 828872 ----a-w- C:\Windows\System32\msvcr110.dll 2012-11-02 15:38:36 661448 ----a-w- C:\Windows\System32\msvcp110.dll 2012-11-02 15:38:36 534480 ----a-w- C:\Windows\SysWow64\msvcp110.dll 2012-11-02 15:38:36 50856 ----a-w- C:\Windows\System32\drivers\point64.sys 2012-11-02 15:38:36 354264 ----a-w- C:\Windows\System32\vccorlib110.dll 2012-11-02 15:38:36 251864 ----a-w- C:\Windows\SysWow64\vccorlib110.dll 2012-11-02 15:38:36 2177704 ----a-w- C:\Windows\System32\coin92.dll 2012-11-02 15:38:36 1795952 ----a-w- C:\Windows\System32\WdfCoInstaller01011.dll 2012-10-30 22:51:07 41224 ----a-w- C:\Windows\avastSS.scr 2012-10-17 23:19:10 539960 ----a-w- C:\Windows\SysWow64\SynCOM.dll 2012-10-17 23:19:08 1048376 ----a-w- C:\Windows\System32\SynCOM.dll . ============= FINISH: 20:25:45.20 =============== I'm not sure if I need to attach the attach.txt log. Thanks
  2. Hello, Full scans with Avira and mbam show nothing. About six months ago I had a similar problem and opted in the end to reset the system factory settings using the recovery partition in the laptop, since scans indicated a previous ZeroAccess rootkit infection. I'd again prefer to reformat the drives and reset the OS to factory settings by using the recovery partition, but I'm wondering if the hard drive recovery partition can be -or was- compromised earlier. I regrettably don't have a separate dvd backup of the partition that predates the infection. Last time: http://forums.malwar...l=&fromsearch=1 Blocks: 94.242.251.103 (Type: outgoing, Port: 53363, Process: chrome.exe) 2012/12/27 20:21:32 +0200 DONALD-PC normi IP-BLOCK 109.236.82.186 (Type: outgoing, Port: 54803, Process: chrome.exe) 2012/12/27 20:21:32 +0200 DONALD-PC normi IP-BLOCK 94.242.251.103 (Type: outgoing, Port: 54804, Process: chrome.exe) DDS: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 Run by Donald at 5:14:11 on 2012-12-28 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.358.1035.18.4008.2063 [GMT 2:00] . AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44- DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\FBAgent.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Program Files (x86)\Atheros\Bluetooth Suite\adminservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Intel\TurboBoost\TurboBoost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe C:\Program Files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\AsScrPro.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Elantech\ETDCtrlHelper.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://asus.msn.com uDefault_Page_URL = hxxp://asus.msn.com mStart Page = hxxp://asus.msn.com mWinlogon: Userinit = userinit.exe BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C: \ProgramData\Partner\Partner.dll BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live \WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F- 1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion \companioncore.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C: \Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint \MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go \MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media \DMedia.exe mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey \HControlUser.exe mRun: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus \SonicFocusTray.exe mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup \ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup \FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B- FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D- 65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion \companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB- E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer \WriterBrowserExtension.dll IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601- 11AC1FDF8126} - C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll TCP: NameServer = 192.168.254.254 192.168.254.254 TCP: Interfaces\{5BFECA8C-2C50-4D21-84A5-BC2F322CCCB6} : DHCPNameServer = 192.168.254.254 192.168.254.254 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll SSODL: WebCheck - <orphaned> x64-mStart Page = hxxp://asus.msn.com x64-BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C: \ProgramData\Partner\Partner64.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC- 5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live \WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C: \Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage \SERVICE\AsusWSService.exe x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel \TurboBoost\RunTBGadgetOnce.vbs" x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Atheros\Bluetooth Suite \BtvStack.exe" x64-Run: [AthBtTray] "C:\Program Files (x86)\Atheros\Bluetooth Suite \AthBtTray.exe" x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe x64-Run: [setwallpaper] c:\programdata\SetWallpaper.cmd x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-10-8 30056] R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package \ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024] R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2012-12-14 27800] R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2011-3-23 379520] R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira \AntiVir Desktop\sched.exe [2012-12-14 85280] R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira \AntiVir Desktop\avguard.exe [2012-12-14 109344] R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX \ASMMAP64.sys [2009-7-3 15416] R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Atheros\Bluetooth Suite \AdminService.exe [2010-11-26 52896] R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2012-12-14 99912] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti- Malware\mbamscheduler.exe [2012-12-14 399432] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti- Malware\mbamservice.exe [2012-12-14 676936] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers \TurboB.sys [2010-4-17 13832] R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files \Intel\TurboBoost\TurboBoost.exe [2010-4-17 134928] R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2010-11-26 28832] R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-12-13 138024] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-14 317440] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012- 12-14 25928] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-23 333928] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers \btath_flt.sys [2010-11-26 36000] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers \btath_a2dp.sys [2010-11-26 298144] S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers \btath_hcrp.sys [2010-11-26 201376] S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers \btath_lwflt.sys [2010-11-26 55456] S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers \btath_rcp.sys [2010-11-26 154272] S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2010-11-26 275616] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-3-23 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2011 -3-23 332272] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows \System32\drivers\rdpvideominiport.sys [2012-12-14 19456] S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows \System32\drivers\rtsuvstor.sys [2011-3-23 290920] S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows \System32\drivers\SiSG664.sys [2009-6-10 56832] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-14 57856] S3 WatAdminSvc;Windowsin aktivointitekniikoiden palvelu;C:\Windows \System32\Wat\WatAdminSvc.exe [2012-12-13 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files \Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184] . =============== Created Last 30 ================ . 2012-12-27 18:30:28 -------- d-----w- C: \TDSSKiller_Quarantine 2012-12-22 12:43:47 46080 ----a-w- C:\Windows \System32\atmlib.dll 2012-12-22 12:43:47 367616 ----a-w- C:\Windows \System32\atmfd.dll 2012-12-22 12:43:47 34304 ----a-w- C:\Windows \SysWow64\atmlib.dll 2012-12-22 12:43:46 295424 ----a-w- C:\Windows \SysWow64\atmfd.dll 2012-12-15 11:22:52 -------- d-----w- C:\files 2012-12-14 12:50:50 -------- d-----w- C:\downloads 2012-12-14 01:21:14 -------- d-----w- C:\Users\Donald \AppData\Roaming\Malwarebytes 2012-12-14 01:21:06 -------- d-----w- C:\ProgramData \Malwarebytes 2012-12-14 01:21:05 25928 ----a-w- C:\Windows\System32\drivers \mbam.sys 2012-12-14 01:21:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-12-14 00:48:26 96768 ----a-w- C:\Windows \SysWow64\sspicli.dll 2012-12-14 00:47:22 245760 ----a-w- C:\Windows \System32\OxpsConverter.exe 2012-12-13 23:50:54 -------- d-----w- C:\Windows \System32\SPReview 2012-12-13 23:50:27 -------- d-----w- C:\Windows \System32\EventProviders 2012-12-13 23:37:59 982912 ----a-w- C:\Windows\System32\drivers \dxgkrnl.sys 2012-12-13 23:36:59 70656 ----a-w- C:\Windows \SysWow64\amstream.dll 2012-12-13 23:34:57 529408 ----a-w- C:\Windows \System32\wbemcomn.dll 2012-12-13 23:34:57 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll 2012-12-13 23:34:51 244736 ----a-w- C:\Windows \System32\sqmapi.dll 2012-12-13 22:42:59 -------- d-----w- C:\Users\Donald \AppData\Roaming\Avira 2012-12-13 22:40:07 -------- d-----w- C:\Users\Donald \AppData\Local\APN 2012-12-13 22:40:02 99912 ----a-w- C:\Windows\System32\drivers \avgntflt.sys 2012-12-13 22:40:02 27800 ----a-w- C:\Windows\System32\drivers \avkmgr.sys 2012-12-13 22:40:01 -------- d-----w- C:\ProgramData\Avira 2012-12-13 22:40:01 -------- d-----w- C:\Program Files (x86)\Avira 2012-12-13 22:27:42 902656 ----a-w- C:\Windows\System32\d2d1.dll 2012-12-13 22:27:42 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2012-12-13 22:27:42 1139200 ----a-w- C:\Windows \System32\FntCache.dll 2012-12-13 21:50:13 -------- d-----w- C:\Windows \SysWow64\Wat 2012-12-13 21:50:13 -------- d-----w- C:\Windows \System32\Wat 2012-12-13 21:33:20 9125352 ----a-w- C:\ProgramData\Microsoft \Windows Defender\Definition Updates\{F89374FA-520B-42AB-82DC- 4BB82AFBE426}\mpengine.dll 2012-12-13 21:21:44 2560 ----a-w- C:\Windows\System32\drivers \sv-SE\wdf01000.sys.mui 2012-12-13 21:21:44 2560 ----a-w- C:\Windows\System32\drivers \nb-NO\wdf01000.sys.mui 2012-12-13 21:21:44 2560 ----a-w- C:\Windows\System32\drivers \fi-FI\wdf01000.sys.mui 2012-12-13 21:21:44 2560 ----a-w- C:\Windows\System32\drivers \en-US\wdf01000.sys.mui 2012-12-13 21:21:44 2560 ----a-w- C:\Windows\System32\drivers \da-DK\wdf01000.sys.mui 2012-12-13 21:21:43 9728 ----a-w- C:\Windows \System32\Wdfres.dll 2012-12-13 21:21:43 785512 ----a-w- C:\Windows\System32\drivers \Wdf01000.sys 2012-12-13 21:21:43 54376 ----a-w- C:\Windows\System32\drivers \WdfLdr.sys 2012-12-13 21:13:04 294912 ----a-w- C:\Windows \System32\browserchoice.exe 2012-12-13 21:07:18 87040 ----a-w- C:\Windows\System32\drivers \WUDFPf.sys 2012-12-13 21:07:18 198656 ----a-w- C:\Windows\System32\drivers \WUDFRd.sys 2012-12-13 21:07:17 84992 ----a-w- C:\Windows \System32\WUDFSvc.dll 2012-12-13 21:07:17 744448 ----a-w- C:\Windows \System32\WUDFx.dll 2012-12-13 21:07:17 45056 ----a-w- C:\Windows \System32\WUDFCoinstaller.dll 2012-12-13 21:07:17 229888 ----a-w- C:\Windows \System32\WUDFHost.exe 2012-12-13 21:07:17 194048 ----a-w- C:\Windows \System32\WUDFPlatform.dll 2012-12-13 21:06:17 81408 ----a-w- C:\Windows \System32\imagehlp.dll 2012-12-13 21:06:17 23408 ----a-w- C:\Windows\System32\drivers \fs_rec.sys 2012-12-13 21:06:17 159232 ----a-w- C:\Windows \SysWow64\imagehlp.dll 2012-12-13 21:06:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-12-13 21:06:16 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-12-13 21:05:14 1659760 ----a-w- C:\Windows\System32\drivers \ntfs.sys 2012-12-13 21:05:09 1544704 ----a-w- C:\Windows \System32\DWrite.dll 2012-12-13 21:05:09 1077248 ----a-w- C:\Windows \SysWow64\DWrite.dll 2012-12-13 21:03:59 850944 ----a-w- C:\Windows\SysWow64\sbe.dll 2012-12-13 21:02:59 3216384 ----a-w- C:\Windows\System32\msi.dll 2012-12-13 20:50:51 -------- d-----w- C:\Users\Donald \AppData\Local\Google 2012-12-13 20:36:51 2622464 ----a-w- C:\Windows \System32\wucltux.dll 2012-12-13 20:36:47 99840 ----a-w- C:\Windows \System32\wudriver.dll 2012-12-13 20:36:45 36864 ----a-w- C:\Windows \System32\wuapp.exe 2012-12-13 20:36:45 186752 ----a-w- C:\Windows \System32\wuwebv.dll 2012-12-13 19:31:27 -------- d-----w- C:\Users\Donald \AppData\Roaming\Asus WebStorage 2012-12-13 19:31:09 -------- d-----w- C:\Users\Donald \AppData\Local\BMExplorer . ==================== Find3M ==================== . 2012-12-14 00:39:29 45056 ----a-w- C:\Windows \System32\acovcnt.exe 2012-12-14 00:24:12 175616 ----a-w- C:\Windows \System32\msclmd.dll 2012-12-14 00:24:12 152576 ----a-w- C:\Windows \SysWow64\msclmd.dll 2012-11-22 03:26:40 3149824 ----a-w- C:\Windows \System32\win32k.sys 2012-11-09 05:45:09 2048 ----a-w- C:\Windows \System32\tzres.dll 2012-11-09 04:42:49 2048 ----a-w- C:\Windows \SysWow64\tzres.dll 2012-11-02 05:59:11 478208 ----a-w- C:\Windows \System32\dpnet.dll 2012-11-02 05:11:31 376832 ----a-w- C:\Windows \SysWow64\dpnet.dll 2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch \AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch \AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch \AcLayers.dll 2012-10-09 18:17:13 55296 ----a-w- C:\Windows \System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows \System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows \SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows \SysWow64\dhcpcore6.dll 2012-10-04 17:46:16 362496 ----a-w- C:\Windows \System32\wow64win.dll 2012-10-04 17:46:15 243200 ----a-w- C:\Windows \System32\wow64.dll 2012-10-04 17:46:15 13312 ----a-w- C:\Windows \System32\wow64cpu.dll 2012-10-04 17:45:55 215040 ----a-w- C:\Windows \System32\winsrv.dll 2012-10-04 17:43:28 16384 ----a-w- C:\Windows \System32\ntvdm64.dll 2012-10-04 17:41:16 424960 ----a-w- C:\Windows \System32\KernelBase.dll 2012-10-04 16:47:41 5120 ----a-w- C:\Windows \SysWow64\wow32.dll 2012-10-04 16:47:41 274944 ----a-w- C:\Windows \SysWow64\KernelBase.dll 2012-10-04 15:21:55 338432 ----a-w- C:\Windows \System32\conhost.exe 2012-10-04 14:46:46 7680 ----a-w- C:\Windows \SysWow64\instnm.exe 2012-10-04 14:46:46 25600 ----a-w- C:\Windows \SysWow64\setup16.exe 2012-10-04 14:46:44 14336 ----a-w- C:\Windows \SysWow64\ntvdm64.dll 2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms- win-security-base-l1-1-0.dll 2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms- win-core-threadpool-l1-1-0.dll 2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms- win-core-xstate-l1-1-0.dll 2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms- win-core-util-l1-1-0.dll 2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers \tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\Windows \System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\Windows \System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\Windows \System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\Windows \System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\Windows \System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\Windows \SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\Windows \SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers \tcpipreg.sys 2012-10-02 19:51:15 3536817 ----a-w- C:\Windows \System32\nvcoproc.bin 2012-10-02 19:51:11 3293544 ----a-w- C:\Windows \System32\nvsvc64.dll 2012-10-02 19:51:04 6200680 ----a-w- C:\Windows \System32\nvcpl.dll 2012-10-02 19:50:57 891240 ----a-w- C:\Windows \System32\nvvsvc.exe 2012-10-02 19:50:57 866664 ----a-w- C:\Windows \System32\nv3dappshext.dll 2012-10-02 19:50:57 63336 ----a-w- C:\Windows \System32\nvshext.dll 2012-10-02 19:50:57 55144 ----a-w- C:\Windows \System32\nv3dappshextr.dll 2012-10-02 19:50:57 2557800 ----a-w- C:\Windows \System32\nvsvcr.dll 2012-10-02 19:50:57 118120 ----a-w- C:\Windows \System32\nvmctray.dll . ============= FINISH: 5:14:32,91 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 13.12.2012 21:29:08 System Uptime: 27.12.2012 21:40:43 (8 hours ago) . Motherboard: ASUSTeK Computer Inc. | | K53SV Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz | CPU 1 | 782/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 444 GiB total, 408,75 GiB free. E: is CDROM (UDF) . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . ASUS AI Recovery ASUS FancyStart ASUS K3 Series ScreenSaver ASUS LifeFrame3 ASUS Live Update ASUS Power4Gear Hybrid ASUS SmartLogon ASUS Splendid Video Enhancement Technology ASUS WebStorage ASUS Virtual Camera AsusVibe2.0 Atheros WLAN and Bluetooth Client Installation Program ATK Package Avira Free Antivirus Bluetooth Win7 Suite (64) Bookworm Deluxe Cooking Dash CyberLink LabelPrint CyberLink Power2Go D3DX10 ETDWare PS/2-X64 8.0.5.0_WHQL Fast Boot Game Park Console Google Chrome Google Toolbar for Internet Explorer Google Update Helper Governor of Poker Hotel Dash Suite Success Intel® Control Center Intel® Processor Graphics Intel® Turbo Boost Technology Monitor Jewel Quest 3 Junk Mail filter update Luxor 3 Mahjongg dimensions Malwarebytes Anti-Malware versio 1.65.1.1000 Mesh Runtime Messenger Companion Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile FIN Language Pack Microsoft .NET Framework 4 Client Profilen suomen kielipaketti Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MSVCRT MSVCRT_amd64 MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB973685) Nuance PDF Reader NVIDIA-ohjauspaneeli 306.97 NVIDIA-päivitykset 1.10.8 NVIDIA Grafiikkaohjain 306.97 NVIDIA Install Application NVIDIA Optimus 1.10.8 NVIDIA Update Components Plants vs Zombies Realtek Ethernet Controller Driver For Windows 7 Realtek High Definition Audio Driver Realtek USB 2.0 Reader Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Sonic Focus syncables desktop SE Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinFlash Wireless Console 3 World of Goo . ==== End Of File ===========================
  3. Guest

    Rising pc doctor

    Hello. I installed the Rising pc doctor today http://www.rising-global.com/products/rising-pc-doctor.html Since then malwarebytes have popped up some boxes about blocked ip addressess, like these: IP-BLOCK 204.188.205.14 (Type: outgoing) IP-BLOCK 222.76.95.78 (Type: outgoing) So i scanned the rising pc doctor installer with virustotal it was detected by clamav as W32.Trojan.Genome-14 https://www.virustotal.com/file/36380f2e6016ee787115e38a7b0310a357e7b485b22f5ad319260af577feebf4/analysis/1339313054/ My question really is that is it safe to use this program? Many say that it's a good program.
  4. I got a virus last week, and was getting help over at the techspot forums for it...Malwarebytes was one of the programs they recommended to help remove the critter I was infected with, and I was apparently clean. However, in spite of all the scans (malwarebytes, avast, bitdefender and eset online scanners, mcafee before I got rid of it in favor of comodo and avast.) now showing clean, Mbam is blocking several outgoing connections to a handful of IP addresses. I understand that in Vista or higher, I'd be able to tell which program was initiating the connections...Almost (but not quite..) enough to make me wish I was running vista. As it is, here are my DDS logs. My Malwarebytes trial is expired, and I do wish to purchase the full version, but I'm afraid to do anything that might risk my credit card info. I've been very careful to not do anything online that might expose any of my financial stuff since I got the virus, and want to be sure I'm clean before I do so. As you can imagine, this is a pain in, well, some region probably better left unmentioned, since I normally do bank and buy things online! dds.txt attach.txt
  5. I would be grateful if you could please provide some assistance. I have been having repeated pop-up alerts from MWB regarding a malicious IP address – I have searched through all of the various messages and threads on this forum, and have carried out all of the suggestions and recommendations that have been made – however, none of these have resolved the problem. MalwareBytes pop up appears from system tray on a round a 5-minute basis – this happens either when I am simply surfing the net, or even if the machine is not being used for anything. The following message is shown “Malwarebytes Successfully blocked access to a potentially malicious website 208.73.210.125 Type Outgoing” I have checked out the IP address that is shown, and it seems to be the home for some fairly nasty stuff, so really don’t want my machine to keep connecting to this site. The details are as follows: I am running Windows XP, Windows Firewall. All security updates up to date. I am not running Skype or any other P2P applications. I have AVG free installed. I have run a full scan using AVG, and no issues were found. I am using MWB Free, fully updated. I have run a full scan, and nothing found. I have done full reboots and re-run. I have also downloaded a copy of SuperAntiSpyware, ran a full scan, and nothing found. The following MWB log files are created (there are lots of these) 2012/03/19 21:41:56 GMT (my ID) Administrator IP-BLOCK 208.73.210.125 (Type: outgoing) 2012/03/19 21:42:09 GMT (my ID) Administrator IP-BLOCK 208.73.210.125 (Type: outgoing) 2012/03/19 21:42:12 GMT (my ID) Administrator IP-BLOCK 208.73.210.125 (Type: outgoing) 2012/03/19 21:42:18 GMT (my ID) Administrator IP-BLOCK 208.73.210.125 (Type: outgoing) This issue has cropped up for the last week. No significant event happened that should have caused it to happen. I downloaded the utility TCPView and ran it on my machine. When an incident occurred, and I checked that log file, the following entry was shown avgnsx.exe 3224 TCP (my IP) 4781 208.73.210.125 80 SYN_SENT This should cover most of the info that has been requested for similar logs. I don’t know whether to just ignore this message, or what it could be on my machine that could be causing this. Any help, much appreciated.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.