Jump to content

Constant incoming Ip block


Recommended Posts

I haven't been making a lot of changes to my com and I don't think I visited any malicious site yesterday, but I been getting a lot of incoming ip block since yesterday from this ip address 204.16.193.41. So I wonder if my com is infected or what because this is certainly the 1st time ever my com been infected by malware. I already did a scan with Malwarebyte and Avira, both in safe mode and without safe mode but no detection found.

Can anyone tell me what should I do next? Should I just reformat my whole com?

protection log

012/08/05 19:27:49 -0400 IP-BLOCK 204.16.193.41 (Type: incoming, Port: 57167, Process: pmb.exe)

2012/08/05 19:27:49 -0400 IP-BLOCK 204.16.193.41 (Type: incoming, Port: 57167, Process: pmb.exe)

2012/08/05 19:27:57 -0400 IP-BLOCK 204.16.193.41 (Type: incoming, Port: 57167, Process: pmb.exe)

2012/08/05 19:28:21 -0400 IP-BLOCK 204.16.193.41 (Type: incoming, Port: 57167, Process: pmb.exe)

2012/08/05 19:28:29 -0400 IP-BLOCK 204.16.193.41 (Type: incoming, Port: 57167, Process: pmb.exe)

2012/08/05 19:28:29 -0400 IP-BLOCK 204.16.193.41 (Type: incoming, Port: 57167, Process: pmb.exe)

2012/08/05 20:04:26 -0400 IP-BLOCK 204.16.193.41 (Type: incoming, Port: 57167, Process: pmb.exe)

2012/08/05 20:04:34 -0400 IP-BLOCK 204.16.193.41 (Type: incoming, Port: 57167, Process: pmb.exe)

2012/08/05 20:04:42 -0400 IP-BLOCK 204.16.193.41 (Type: incoming, Port: 57167, Process: pmb.exe)

2012/08/05 20:36:26 -0400 IP-BLOCK 204.16.193.41 (Type: incoming, Port: 57167, Process: pmb.exe)

2012/08/05 20:36:34 -0400 IP-BLOCK 204.16.193.41 (Type: incoming, Port: 57167, Process: pmb.exe)

2012/08/05 20:51:01 -0400 IP-BLOCK 109.236.81.183 (Type: outgoing, Port: 52874, Process: firefox.exe)

2012/08/05 21:08:42 -0400 IP-BLOCK 204.16.193.41 (Type: incoming, Port: 57167, Process: pmb.exe)

2012/08/05 21:08:42 -0400 IP-BLOCK 204.16.193.41 (Type: incoming, Port: 57167, Process: pmb.exe)

2012/08/05 21:08:50 -0400 IP-BLOCK 204.16.193.41 (Type: incoming, Port: 57167, Process: pmb.exe)

2012/08/05 21:24:16 -0400 Wen MESSAGE Starting protection

2012/08/05 21:24:17 -0400 Wen MESSAGE Protection started successfully

2012/08/05 21:24:20 -0400 Wen MESSAGE Starting IP protection

2012/08/05 21:24:24 -0400 MESSAGE IP Protection started successfully

2012/08/05 21:39:23 -0400 IP-BLOCK 109.236.81.183 (Type: outgoing, Port: 49552, Process: firefox.exe)

2012/08/05 21:49:44 -0400 IP-BLOCK 204.16.193.41 (Type: incoming, Port: 57167, Process: svchost.exe)

2012/08/05 21:49:52 -0400 IP-BLOCK 204.16.193.41 (Type: incoming, Port: 57167, Process: svchost.exe)

2012/08/05 21:50:00 -0400 IP-BLOCK 204.16.193.41 (Type: incoming, Port: 57167, Process: svchost.exe)

2012/08/05 22:07:49 -0400 MESSAGE Starting database refresh

2012/08/05 22:07:49 -0400 MESSAGE Stopping IP protection

2012/08/05 23:00:33 -0400 MESSAGE Starting protection

2012/08/05 23:00:34 -0400 MESSAGE Executing scheduled update: Daily

2012/08/05 23:00:34 -0400 MESSAGE Database already up-to-date

2012/08/05 23:00:35 -0400 MESSAGE Protection started successfully

2012/08/05 23:00:38 -0400 MESSAGE Starting IP protection

2012/08/05 23:00:42 -0400 MESSAGE IP Protection started successfully

2012/08/05 23:55:49 -0400 IP-BLOCK 204.16.193.41 (Type: incoming, Port: 57167, Process: svchost.exe)

2012/08/05 23:55:49 -0400 IP-BLOCK 204.16.193.41 (Type: incoming, Port: 57167, Process: svchost.exe)

2012/08/05 23:55:57 -0400 IP-BLOCK 204.16.193.41 (Type: incoming, Port: 57167, Process: svchost.exe)

Link to post
Share on other sites

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

Hello, I just did the scanning and here's the result.

RK Report

RogueKiller V7.6.5 [08/03/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Wen [Admin rights]

Mode: Scan -- Date: 08/06/2012 12:56:38

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721010CLA SCSI Disk Device +++++

--- User ---

[MBR] 4807cd45923d3064881767827ab8d0d1

[bSP] 3a8996086261ddbf25e5256e2620e61c : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953766 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

DDS txt

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_33

Run by Wen at 13:38:27 on 2012-08-06

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4094.3102 [GMT -4:00]

.

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\MagicTune Premium\GammaTray.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\D-Link\DWA-130 revE\wirelesscm.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\DllHost.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMMAT~1.LNK - C:\Program Files\MagicTune Premium\GammaTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WIRELE~1.LNK - C:\Program Files (x86)\D-Link\DWA-130 revE\wirelesscm.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{9AA4C6D2-BCE7-4E17-AB60-EF7E0C388013} : DhcpNameServer = 192.168.0.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Wen\AppData\Roaming\Mozilla\Firefox\Profiles\8o8ilxhl.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Windows\system32\npdeployJava1.dll

FF - plugin: C:\Windows\system32\npmproxy.dll

FF - plugin: C:\Windows\system32\npOGPPlugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - plugin: C:\Windows\SysWOW64\npOGPPlugin.dll

.

============= SERVICES / DRIVERS ===============

.

R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]

R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-6-26 361984]

R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-4-30 86224]

R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-4-30 110032]

R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]

R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-26 655944]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 WlanWpsSvc;WlanWpsSvc;C:\Program Files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe [2011-10-10 167936]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-24 136176]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-24 136176]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-10 4925184]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-08-06 16:55:15 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6D1BB0F2-A526-48AF-BD29-5BD175839B83}\offreg.dll

2012-08-06 15:49:32 -------- d-----w- C:\Users\Wen\AppData\Local\{F7B15D82-34E1-4BA5-8E85-AB99453F4A1A}

2012-08-06 15:49:21 -------- d-----w- C:\Users\Wen\AppData\Local\{9DCD61BF-D3BC-4F32-A2BC-A5C36159A22A}

2012-08-06 03:48:55 -------- d-----w- C:\Users\Wen\AppData\Local\{B0F53586-55D2-426C-8F36-55AF765CEFB3}

2012-08-06 03:48:45 -------- d-----w- C:\Users\Wen\AppData\Local\{645DB6C7-9610-43BD-AE6F-7099E5F49C3C}

2012-08-05 23:19:29 2232832 ----a-w- C:\LaTale_9.0.exe

2012-08-05 23:18:30 -------- d-----w- C:\Program Files (x86)\OGPlanet

2012-08-05 15:19:46 -------- d-----w- C:\Users\Wen\AppData\Local\{0D2EB0AB-E599-4F5D-A766-DE25EE1546CA}

2012-08-05 15:19:35 -------- d-----w- C:\Users\Wen\AppData\Local\{C2DB7607-BB11-460B-BCC7-BCFB5B9D706E}

2012-08-05 03:42:43 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-05 01:48:17 -------- d-----w- C:\Users\Wen\AppData\Local\{966F3450-C4D2-477D-AB2A-A1C1CBF984BA}

2012-08-05 01:48:06 -------- d-----w- C:\Users\Wen\AppData\Local\{0EF541DC-D689-4607-8126-517F3ECEA14B}

2012-08-04 13:47:42 -------- d-----w- C:\Users\Wen\AppData\Local\{2B0C58C6-20A2-46CA-A331-058A06C50C43}

2012-08-04 13:47:31 -------- d-----w- C:\Users\Wen\AppData\Local\{7D059CA0-C9A3-48F1-8C15-C7619B782F06}

2012-08-04 02:04:57 -------- d-----w- C:\Users\Wen\AppData\Roaming\DarkBlood ServiceNa

2012-08-03 16:17:30 -------- d-----w- C:\Users\Wen\AppData\Local\{8820BF0F-F091-4DC2-AB60-7867BDEC726C}

2012-08-03 16:17:20 -------- d-----w- C:\Users\Wen\AppData\Local\{BC9A6594-4707-4336-A371-E5D8F135FACA}

2012-08-03 13:58:37 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6D1BB0F2-A526-48AF-BD29-5BD175839B83}\mpengine.dll

2012-08-02 17:52:33 -------- d-----w- C:\Users\Wen\AppData\Local\{6C7F7FEC-DBAA-4611-8E20-B7345547E871}

2012-08-02 17:52:23 -------- d-----w- C:\Users\Wen\AppData\Local\{C892B7F0-0E65-4482-847E-1FE88A47B432}

2012-08-02 03:30:04 -------- d-----w- C:\Users\Wen\AppData\Local\{771F6715-505E-4250-BC39-AB68663DE65B}

2012-08-02 03:29:52 -------- d-----w- C:\Users\Wen\AppData\Local\{F6DBCB8E-9BA5-4EE1-89DF-141B44A9DC67}

2012-08-01 14:11:56 -------- d-----w- C:\Users\Wen\AppData\Local\{352A17BD-B86C-40BA-BD93-9CD8CCC112B9}

2012-08-01 14:11:46 -------- d-----w- C:\Users\Wen\AppData\Local\{ABEE6606-71C8-4FBF-B83E-869247D70CDA}

2012-08-01 02:11:20 -------- d-----w- C:\Users\Wen\AppData\Local\{08B5182E-46B1-464D-A2B3-6E3FC619ACFB}

2012-08-01 02:11:09 -------- d-----w- C:\Users\Wen\AppData\Local\{2E5CE41E-7575-41A8-A9FF-ED28A7CF206C}

2012-07-31 13:50:09 -------- d-----w- C:\Users\Wen\AppData\Local\{7FE97142-ADD7-447F-AF18-526651D15D80}

2012-07-31 13:49:59 -------- d-----w- C:\Users\Wen\AppData\Local\{E3A5F1AD-C404-4DD6-B200-95D064C5E95E}

2012-07-30 19:30:54 -------- d-----w- C:\Users\Wen\AppData\Local\{73FD8285-8F90-4078-8D75-8A6E1E1B919C}

2012-07-30 19:30:43 -------- d-----w- C:\Users\Wen\AppData\Local\{81FD043B-B340-469F-88DD-1AF89743947D}

2012-07-29 13:00:46 -------- d-----w- C:\Users\Wen\AppData\Local\{AA58420B-BAB9-4A61-873C-7EE7388DD5D6}

2012-07-29 13:00:36 -------- d-----w- C:\Users\Wen\AppData\Local\{7275E54A-0D9C-4AFC-B531-C39C221619B0}

2012-07-28 16:49:12 -------- d-----w- C:\Users\Wen\AppData\Local\{BD51AE0B-4AF7-4741-9DE9-ED0B7C7EAA81}

2012-07-28 16:49:01 -------- d-----w- C:\Users\Wen\AppData\Local\{00C1DB42-D686-458E-B0FD-526896C7128F}

2012-07-27 16:03:50 -------- d-----w- C:\Users\Wen\AppData\Local\{7730EF71-E53A-46D7-A4EF-0C6871995A96}

2012-07-27 16:03:40 -------- d-----w- C:\Users\Wen\AppData\Local\{D9A1B9B2-D8D5-4496-BBF2-605227F3FEDD}

2012-07-26 19:41:56 -------- d-----w- C:\Users\Wen\AppData\Roaming\Malwarebytes

2012-07-26 19:41:45 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-26 19:41:45 -------- d-----w- C:\ProgramData\Malwarebytes

2012-07-26 19:41:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-26 16:07:02 -------- d-----w- C:\Users\Wen\AppData\Local\{25B295F8-F917-4184-9DFD-075C3CEF44CE}

2012-07-26 16:06:51 -------- d-----w- C:\Users\Wen\AppData\Local\{0DA9A5C7-7DC1-4777-B6CA-F6F7554FE5B0}

2012-07-25 15:09:33 -------- d-----w- C:\Users\Wen\AppData\Local\{496A4769-C65F-447D-AC1B-BF631528EF27}

2012-07-25 15:09:23 -------- d-----w- C:\Users\Wen\AppData\Local\{322C599B-35C1-48C2-8D02-8D689AF07F8B}

2012-07-24 17:43:34 -------- d-----w- C:\Users\Wen\AppData\Local\{18A919CC-1E96-4991-AD1E-DE6EF71DA372}

2012-07-24 17:43:23 -------- d-----w- C:\Users\Wen\AppData\Local\{48977D2E-F007-4FE1-B8CE-9FB73AA6FC31}

2012-07-23 16:32:15 -------- d-----w- C:\Users\Wen\AppData\Local\{0221C826-2DDB-4DD3-9226-BDA582E820CB}

2012-07-23 16:32:04 -------- d-----w- C:\Users\Wen\AppData\Local\{14098883-3AB9-4ED5-816A-CF613A0408A2}

2012-07-23 03:15:27 -------- d-----w- C:\Users\Wen\AppData\Local\{C789CD53-C105-4F52-9E9D-CD7BC8420EC9}

2012-07-23 03:15:17 -------- d-----w- C:\Users\Wen\AppData\Local\{33566148-E7EE-44D7-B7F7-6CB37B54611C}

2012-07-22 14:34:46 -------- d-----w- C:\Users\Wen\AppData\Local\{1FAD35E3-E99D-43D1-A532-DE6CAB0C82A5}

2012-07-22 14:34:36 -------- d-----w- C:\Users\Wen\AppData\Local\{63F94E92-93A2-461C-B18C-94C65EEBDB76}

2012-07-21 15:26:23 -------- d-----w- C:\Users\Wen\AppData\Local\{15473F18-65B2-41E4-8969-67A24C0EA2B4}

2012-07-21 15:26:13 -------- d-----w- C:\Users\Wen\AppData\Local\{8306F922-28ED-448F-B7E4-39BD2A88453A}

2012-07-20 15:16:17 -------- d-----w- C:\Users\Wen\AppData\Local\{A37DA9EE-512F-4124-93FC-4445FE873DA5}

2012-07-20 15:16:07 -------- d-----w- C:\Users\Wen\AppData\Local\{5D52A7D3-7A69-43B9-8814-531F7622A4A3}

2012-07-19 17:11:45 -------- d-----w- C:\Users\Wen\AppData\Local\{DD10626A-C014-4A10-AE66-2CF3A11873D9}

2012-07-19 17:11:35 -------- d-----w- C:\Users\Wen\AppData\Local\{0FD61201-D3E7-4E3E-BF06-F28DD27F3F29}

2012-07-18 14:39:51 -------- d-----w- C:\Users\Wen\AppData\Local\{B0D1FB45-80B1-409B-ADA4-9D225555C6C0}

2012-07-18 14:39:40 -------- d-----w- C:\Users\Wen\AppData\Local\{2ACE0BE8-1421-4AE9-A22D-E796CA67F26C}

2012-07-17 14:45:00 -------- d-----w- C:\Users\Wen\AppData\Local\{E3B0595E-30AD-4955-A596-D6C7F5FE8041}

2012-07-17 14:44:50 -------- d-----w- C:\Users\Wen\AppData\Local\{A199A23A-72B5-4570-8887-AE08A922A6A4}

2012-07-16 23:24:23 -------- d-----w- C:\Users\Wen\AppData\Local\{4393F51E-F927-406F-91B7-5A948364BB52}

2012-07-16 23:24:13 -------- d-----w- C:\Users\Wen\AppData\Local\{E10D3784-146B-4F07-AD92-615E4662ACDB}

2012-07-15 15:41:06 -------- d-----w- C:\Users\Wen\AppData\Local\{78192953-D5EF-40B7-B779-32436ABE0F35}

2012-07-15 15:40:55 -------- d-----w- C:\Users\Wen\AppData\Local\{B9554784-AA88-40DE-833B-15F746095985}

2012-07-15 01:37:24 -------- d-----w- C:\Users\Wen\AppData\Local\{508A549D-2F14-448C-9E85-E69DA8B31DDF}

2012-07-15 01:37:13 -------- d-----w- C:\Users\Wen\AppData\Local\{D6F206B7-A522-4922-BF84-BB74D1C36094}

2012-07-14 02:03:34 -------- d-----w- C:\Users\Wen\AppData\Local\{4A108272-2977-422E-9AE3-17A7B414D799}

2012-07-14 02:03:24 -------- d-----w- C:\Users\Wen\AppData\Local\{DCE26CBC-65AB-499F-A3BB-2692A16A909B}

2012-07-13 13:55:32 -------- d-----w- C:\Users\Wen\AppData\Local\{3333CEF7-1EC7-45B2-954A-169F9F5A1BFE}

2012-07-13 13:55:22 -------- d-----w- C:\Users\Wen\AppData\Local\{1DD28ED6-EF38-40F9-B4EF-58029811D501}

2012-07-13 00:59:27 -------- d-----w- C:\Users\Wen\AppData\Local\{9A74C2C6-3C24-439B-9592-267D08237357}

2012-07-13 00:59:16 -------- d-----w- C:\Users\Wen\AppData\Local\{D75B4ACD-0B4E-47E0-9DA6-A01FBBA58B67}

2012-07-12 12:58:51 -------- d-----w- C:\Users\Wen\AppData\Local\{4F297A67-51D9-4D17-9AB4-D68A82CE2F9B}

2012-07-12 12:58:40 -------- d-----w- C:\Users\Wen\AppData\Local\{F122C27F-B832-4562-822C-A1E6E02B845A}

2012-07-12 01:12:19 -------- d-----w- C:\ProgramData\Ask

2012-07-12 01:11:32 476936 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-07-11 14:31:24 -------- d-----w- C:\Users\Wen\AppData\Local\{A38E55D2-AE63-4D2B-BEDF-F7664DC5F630}

2012-07-11 14:31:14 -------- d-----w- C:\Users\Wen\AppData\Local\{EE8F538B-93E8-4646-BA93-7593B7A21F21}

2012-07-11 12:42:55 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-11 02:14:43 -------- d-----w- C:\Users\Wen\AppData\Local\{8CC438B6-5819-40CE-B920-5F0B83FA9E0A}

2012-07-11 02:14:32 -------- d-----w- C:\Users\Wen\AppData\Local\{34DCE64E-93E6-4DF5-BFB5-45E6FAF3AF08}

2012-07-10 13:42:12 -------- d-----w- C:\Users\Wen\AppData\Local\{F8D4C684-6E4D-4946-BA62-BA0F763942DE}

2012-07-10 13:42:01 -------- d-----w- C:\Users\Wen\AppData\Local\{168AE90A-708D-467D-97C5-BF99E15644AB}

2012-07-10 11:45:51 -------- d-----w- C:\Program Files (x86)\AMD APP

2012-07-09 20:58:22 -------- d-----w- C:\Users\Wen\AppData\Local\{D8B15061-3EFD-4DC5-855F-CB6D551FA611}

2012-07-09 20:58:12 -------- d-----w- C:\Users\Wen\AppData\Local\{16A90E71-4683-4886-B3E0-7B6991FCDE57}

2012-07-08 17:06:30 -------- d-----w- C:\Users\Wen\AppData\Local\{628AE1BF-7073-4844-BD71-662767EBC09F}

2012-07-08 17:06:19 -------- d-----w- C:\Users\Wen\AppData\Local\{0C122FB3-B868-4347-A38A-36EBFE428A95}

2012-07-08 03:33:40 -------- d-----w- C:\Users\Wen\AppData\Local\{BCCC949E-AC70-41B5-8F6F-1531327E3DEC}

2012-07-08 03:33:29 -------- d-----w- C:\Users\Wen\AppData\Local\{1646321C-42DA-41FB-97BF-099C3134165C}

.

==================== Find3M ====================

.

2012-07-12 01:11:24 472840 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-06-26 17:36:26 10256384 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2012-06-26 17:32:02 24827392 ----a-w- C:\Windows\System32\atio6axx.dll

2012-06-26 17:01:56 20466176 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-06-26 16:41:18 187392 ----a-w- C:\Windows\System32\clinfo.exe

2012-06-26 16:41:04 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-06-26 16:40:58 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-06-26 16:40:52 63488 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-06-26 16:40:48 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-06-26 16:40:40 16457728 ----a-w- C:\Windows\System32\amdocl64.dll

2012-06-26 16:39:56 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-06-26 16:28:30 163840 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-06-26 16:28:20 930304 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2012-06-26 16:26:22 1101312 ----a-w- C:\Windows\System32\aticfx64.dll

2012-06-26 16:22:48 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2012-06-26 16:22:44 532992 ----a-w- C:\Windows\System32\atieclxx.exe

2012-06-26 16:21:54 239616 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-06-26 16:20:30 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-06-26 16:20:14 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-06-26 16:20:10 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2012-06-26 16:20:02 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2012-06-26 16:19:16 6380032 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2012-06-26 16:17:50 70144 ----a-w- C:\Windows\System32\coinst_8.981.2.dll

2012-06-26 16:02:04 6998016 ----a-w- C:\Windows\System32\atidxx64.dll

2012-06-26 15:44:06 4254208 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-06-26 15:43:36 5530112 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-06-26 15:40:32 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2012-06-26 15:40:30 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-06-26 15:40:24 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-06-26 15:40:22 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2012-06-26 15:40:10 15703040 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-06-26 15:36:16 4734976 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2012-06-26 15:35:58 13277696 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2012-06-26 15:33:54 6674432 ----a-w- C:\Windows\System32\atiumd64.dll

2012-06-26 15:22:58 539136 ----a-w- C:\Windows\System32\atiadlxx.dll

2012-06-26 15:22:48 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2012-06-26 15:22:34 17920 ----a-w- C:\Windows\System32\atig6pxx.dll

2012-06-26 15:22:30 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2012-06-26 15:22:30 14848 ----a-w- C:\Windows\System32\atiglpxx.dll

2012-06-26 15:22:26 41984 ----a-w- C:\Windows\System32\atig6txx.dll

2012-06-26 15:22:18 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2012-06-26 15:22:10 367616 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2012-06-26 15:21:12 55296 ----a-w- C:\Windows\System32\atiuxp64.dll

2012-06-26 15:21:04 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2012-06-26 15:20:56 45056 ----a-w- C:\Windows\System32\atiu9p64.dll

2012-06-26 15:20:48 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2012-06-26 15:20:02 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2012-06-26 15:18:08 56320 ----a-w- C:\Windows\System32\atimpc64.dll

2012-06-26 15:18:08 56320 ----a-w- C:\Windows\System32\amdpcom64.dll

2012-06-26 15:18:04 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2012-06-26 15:18:04 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll

2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-14 06:12:30 96896 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys

2012-05-08 22:04:50 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

.

============= FINISH: 13:38:48.80 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 24/09/2011 6:51:26 AM

System Uptime: 06/08/2012 11:09:36 AM (2 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | M68MT-S2P

Processor: AMD Athlon II X4 640 Processor | Socket M2 | 3000/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 876.156 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP130: 03/08/2012 9:58:04 AM - Windows Update

RP131: 03/08/2012 8:21:22 PM - Installed DarkBloodOnline

RP132: 05/08/2012 7:16:27 PM - Removed DarkBloodOnline

.

==== Installed Programs ======================

.

Adobe Flash Player 10 Plugin

Adobe Reader X (10.1.2)

AMD VISION Engine Control Center

Avira Free Antivirus

Bing Bar

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

D-Link DWA-130 Wireless N USB Adapter

D3DX10

DjVuLibre+DjView

Google Chrome

Google Update Helper

Java Auto Updater

Java 6 Update 33

Junk Mail filter update

MagicTunePremium

Malwarebytes Anti-Malware version 1.62.0.1300

MapleStory

Mesh Runtime

Messenger Companion

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

Nexon Game Manager

Pando Media Booster

Realtek High Definition Audio Driver

Rusty Hearts PWE

SD Gundam Capsule Fighter

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Visual Studio 2008 x64 Redistributables

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

06/08/2012 11:07:45 AM, Error: Service Control Manager [7000] - The AODDriver4.1 service failed to start due to the following error: The system cannot find the file specified.

06/08/2012 1:26:53 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

05/08/2012 10:10:18 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

05/08/2012 10:10:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

05/08/2012 10:10:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

05/08/2012 10:10:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

05/08/2012 10:10:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

05/08/2012 10:10:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

05/08/2012 10:10:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

05/08/2012 10:10:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb avkmgr DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx VWiFiFlt Wanarpv6 WfpLwf

05/08/2012 10:10:06 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

05/08/2012 10:10:06 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

05/08/2012 10:10:06 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

05/08/2012 10:10:06 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

05/08/2012 10:10:06 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

05/08/2012 10:10:06 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

05/08/2012 10:10:06 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

05/08/2012 10:10:06 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

05/08/2012 10:10:06 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

05/08/2012 10:10:06 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

05/08/2012 10:10:06 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

04/08/2012 4:07:53 PM, Error: Service Control Manager [7022] - The AMD FUEL Service service hung on starting.

02/08/2012 6:27:47 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer USER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9AA4C6D2-BCE7-4E17-AB60-EF7E0C388013}. The master browser is stopping or an election is being forced.

.

==== End Of File ===========================

That is all.

Link to post
Share on other sites

Not much showing, lets run some scans.....

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

That scan was clean,,,,,,,,,,,,,,

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

If it's be over 45 minutes, get out of it and try it like this:

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet.

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown: (copy and paste)

"%userprofile%\desktop\combofix.exe" /nombr

See if it will run successfully now. MrC

Link to post
Share on other sites

I still can't seem to get it through after completing stage 49. I turned off malwarebyte and windows defender. Also, when I download my copy of combofix, I downloaded into my download folder and then cut and pasted it back on desktop. I am not sure if that's what halting it from completing the scan, but just to be sure.

I am using window 7 by the way.

Link to post
Share on other sites

Download TFC to your desktop

Close any open windows.

Double click the TFC icon to run the program

TFC will close all open programs itself in order to run,

Click the Start button to begin the process.

Allow TFC to run uninterrupted.

The program should not take long to finish it's job

Once its finished it should automatically reboot your machine,

if it doesn't, manually reboot to ensure a complete clean

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Next......

Download and run Microsoft Windows Malicious Software Removal Tool:

http://www.microsoft...ls.aspx?id=9905

Let me know if it finds anything, MrC

Link to post
Share on other sites

I just did the scan and found no threats or suspicious object either. Could it be that it is a false positive to start with? I don't recall making many big changes to my com that day besides uninstalling the new version of adobe and installing the older version of adobe.

I haven't been getting any ip block since yesterday morning now, where I accidently updated my adobe again in a whim.

Link to post
Share on other sites

Could it be that it is a false positive to start with?

Anything is possible........

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.