Blocking tons of outgoing ips starting today?

[raman559]

2013/04/16 05:35:35 -0700 RAMAN-PC raman MESSAGE Starting protection

2013/04/16 05:35:35 -0700 RAMAN-PC raman MESSAGE Protection started successfully

2013/04/16 05:35:35 -0700 RAMAN-PC raman MESSAGE Starting IP protection

2013/04/16 05:35:36 -0700 RAMAN-PC raman MESSAGE IP Protection started successfully

2013/04/16 11:58:50 -0700 RAMAN-PC raman IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 52856, Process: avastsvc.exe)

2013/04/16 11:58:50 -0700 RAMAN-PC raman IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 52857, Process: avastsvc.exe)

2013/04/16 12:23:49 -0700 RAMAN-PC raman IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 54915, Process: avastsvc.exe)

2013/04/16 12:23:49 -0700 RAMAN-PC raman IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 54917, Process: avastsvc.exe)

2013/04/16 12:23:49 -0700 RAMAN-PC raman IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 54929, Process: avastsvc.exe)

2013/04/16 12:23:49 -0700 RAMAN-PC raman IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 54931, Process: avastsvc.exe)

2013/04/16 13:01:14 -0700 RAMAN-PC raman IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 55367, Process: avastsvc.exe)

2013/04/16 13:01:14 -0700 RAMAN-PC raman IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 55368, Process: avastsvc.exe)

2013/04/16 14:19:06 -0700 RAMAN-PC raman IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 58413, Process: avastsvc.exe)

2013/04/16 14:19:06 -0700 RAMAN-PC raman IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 58414, Process: avastsvc.exe)

2013/04/16 14:19:14 -0700 RAMAN-PC raman IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 58441, Process: avastsvc.exe)

2013/04/16 14:19:14 -0700 RAMAN-PC raman IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 58442, Process: avastsvc.exe)

2013/04/16 14:19:30 -0700 RAMAN-PC raman IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 58466, Process: avastsvc.exe)

2013/04/16 14:19:30 -0700 RAMAN-PC raman IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 58467, Process: avastsvc.exe)

2013/04/16 14:19:46 -0700 RAMAN-PC raman IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 58489, Process: avastsvc.exe)

2013/04/16 14:19:46 -0700 RAMAN-PC raman IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 58491, Process: avastsvc.exe)

2013/04/16 14:19:54 -0700 RAMAN-PC raman IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 58520, Process: avastsvc.exe)

2013/04/16 14:19:54 -0700 RAMAN-PC raman IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 58521, Process: avastsvc.exe)

2013/04/16 14:20:02 -0700 RAMAN-PC raman IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 58543, Process: avastsvc.exe)

2013/04/16 14:20:02 -0700 RAMAN-PC raman IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 58545, Process: avastsvc.exe)

2013/04/16 14:20:10 -0700 RAMAN-PC raman IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 58571, Process: avastsvc.exe)

2013/04/16 14:20:10 -0700 RAMAN-PC raman IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 58572, Process: avastsvc.exe)

2013/04/16 14:20:10 -0700 RAMAN-PC raman IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 58584, Process: avastsvc.exe)

2013/04/16 14:20:10 -0700 RAMAN-PC raman IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 58586, Process: avastsvc.exe)

2013/04/16 14:57:36 -0700 RAMAN-PC raman MESSAGE Starting protection

2013/04/16 14:57:36 -0700 RAMAN-PC raman MESSAGE Protection started successfully

2013/04/16 14:57:36 -0700 RAMAN-PC raman MESSAGE Starting IP protection

2013/04/16 14:57:43 -0700 RAMAN-PC raman MESSAGE IP Protection started successfully

2013/04/16 15:56:45 -0700 RAMAN-PC raman IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 51071, Process: avastsvc.exe)

2013/04/16 15:56:45 -0700 RAMAN-PC raman IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 51073, Process: avastsvc.exe)

2013/04/16 19:21:22 -0700 RAMAN-PC raman IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 53860, Process: avastsvc.exe)

2013/04/16 19:21:22 -0700 RAMAN-PC raman IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 53861, Process: avastsvc.exe)

2013/04/16 19:21:38 -0700 RAMAN-PC raman IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 53919, Process: avastsvc.exe)

2013/04/16 19:21:38 -0700 RAMAN-PC raman IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 53921, Process: avastsvc.exe)

2013/04/16 19:21:54 -0700 RAMAN-PC raman IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 53971, Process: avastsvc.exe)

2013/04/16 19:21:54 -0700 RAMAN-PC raman IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 53972, Process: avastsvc.exe)

2013/04/16 19:21:54 -0700 RAMAN-PC raman IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 53980, Process: avastsvc.exe)

2013/04/16 19:21:54 -0700 RAMAN-PC raman IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 53981, Process: avastsvc.exe)

2013/04/16 19:25:06 -0700 RAMAN-PC raman IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 55017, Process: avastsvc.exe)

2013/04/16 19:25:06 -0700 RAMAN-PC raman IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 55019, Process: avastsvc.exe)

2013/04/16 19:31:39 -0700 RAMAN-PC raman IP-BLOCK 50.97.218.220 (Type: outgoing, Port: 55279, Process: avastsvc.exe)

2013/04/16 19:31:39 -0700 RAMAN-PC raman IP-BLOCK 50.97.218.220 (Type: outgoing, Port: 55280, Process: avastsvc.exe)

2013/04/16 19:34:27 -0700 RAMAN-PC raman IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 55415, Process: avastsvc.exe)

2013/04/16 19:34:27 -0700 RAMAN-PC raman IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 55417, Process: avastsvc.exe)

2013/04/16 21:32:27 -0700 RAMAN-PC raman IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 57307, Process: avastsvc.exe)

2013/04/16 21:32:27 -0700 RAMAN-PC raman IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 57309, Process: avastsvc.exe)

This started happening today. Dont know whats wrong. Did a scan with avast and malewarebytes and it came out clean for both.

Here is the log that you guys require.

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.17.2

Run by raman at 21:52:55 on 2013-04-16

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5368.3215 [GMT -7:00]

.

AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Program Files\AVAST Software\Avast\afwServ.exe

C:\Windows\system32\atieclxx.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Java\jre7\bin\java.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbengine.exe

C:\Windows\System32\vds.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.bing.com

uSearch Bar = hxxp://www.bing.com

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mWinlogon: Userinit = userinit.exe,

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe /a

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{4D866707-6548-4F2B-AF31-4984C18CE5B9} : NameServer = 129.250.35.251,64.192.0.10

TCP: Interfaces\{4D866707-6548-4F2B-AF31-4984C18CE5B9} : DHCPNameServer = 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: viprotocol - <Clsid value has no data>

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>

x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: viprotocol - <Clsid value has no data>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\raman\AppData\Roaming\Mozilla\Firefox\Profiles\yvfsq7wk.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\npsitesafety.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\nphdplg.dll

FF - plugin: C:\Users\raman\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

============= SERVICES / DRIVERS ===============

.

R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2009-10-6 230456]

R0 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-1-1 22600]

R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\System32\drivers\aswNdis.sys [2013-1-1 12368]

R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\System32\drivers\aswNdis2.sys [2013-1-1 263096]

R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-17 65336]

R1 aswFW;avast! TDI Firewall driver;C:\Windows\System32\drivers\aswFW.sys [2013-1-1 127136]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-12-29 1025808]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-12-29 377920]

R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-3-5 39768]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-1-1 283200]

R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-12-30 465216]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-6-28 203264]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-12-29 33400]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-12-29 80816]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-17 45248]

R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2013-3-17 136912]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-30 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-30 701512]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]

R3 KeyScrambler;KeyScrambler;C:\Windows\System32\drivers\keyscrambler.sys [2013-3-8 222232]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-30 25928]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-8-20 239616]

R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2013-2-18 31232]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]

S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [?]

S3 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-17 178624]

S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-1-20 49152]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-2-6 102936]

S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2009-7-24 36208]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-30 19456]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-2-6 203544]

S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-2-12 42184]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-30 57856]

S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2013-2-18 745368]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-29 1255736]

S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-11-13 14544]

.

=============== Created Last 30 ================

.

2013-04-11 05:17:14 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-04-11 05:16:31 1655656 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-11 00:04:37 -------- d-----w- C:\Users\raman\jagexcache5

2013-04-11 00:04:37 -------- d-----w- C:\Users\raman\jagexcache4

2013-04-11 00:04:37 -------- d-----w- C:\Users\raman\jagexcache3

2013-04-11 00:04:37 -------- d-----w- C:\Users\raman\jagexcache2

2013-04-11 00:04:37 -------- d-----w- C:\Users\raman\jagexcache1

2013-04-10 22:39:29 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-04-10 22:39:25 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys

2013-04-10 22:39:21 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-04-10 22:39:20 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-04-10 22:39:20 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-04-10 22:39:19 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-04-10 22:39:19 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-04-10 22:39:19 112640 ----a-w- C:\Windows\System32\smss.exe

2013-04-10 03:23:58 -------- d-----w- C:\Users\raman\AppData\Roaming\.tribot

2013-04-07 17:28:59 27456 ----a-w- C:\Windows\System32\drivers\cpqdfw.sys

2013-04-07 17:26:41 -------- d-----w- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}

2013-04-07 17:25:55 -------- d-----w- C:\Users\raman\AppData\Roaming\hpqLog

2013-04-07 17:25:34 -------- d-----w- C:\swsetup

2013-04-07 17:16:39 -------- d-----w- C:\Users\raman\AppData\Roaming\HP Support Assistant

2013-03-25 20:39:46 4546560 ----a-w- C:\Windows\SysWow64\GPhotos.scr

2013-03-18 14:08:04 -------- d-----w- C:\Users\raman\AppData\Local\AVG Secure Search

.

==================== Find3M ====================

.

2013-04-12 14:47:13 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-04-12 14:47:13 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-04-04 21:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-26 21:40:42 222232 ----a-w- C:\Windows\System32\drivers\keyscrambler.sys

2013-03-15 23:10:32 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2013-03-15 23:10:32 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2013-03-15 23:10:01 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2013-03-15 14:48:41 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2013-03-13 03:56:09 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-03-13 03:56:09 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-03-13 03:56:09 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-03-13 03:56:09 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-03-13 03:56:09 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-03-13 03:56:09 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-03-13 03:55:29 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

2013-03-06 22:33:21 70992 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2013-03-06 22:33:21 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys

2013-03-06 22:33:21 178624 ----a-w- C:\Windows\System32\drivers\aswVmm.sys

2013-03-06 22:33:21 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2013-03-06 22:33:20 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2013-03-06 22:33:20 263096 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys

2013-03-06 22:33:20 22600 ----a-w- C:\Windows\System32\drivers\aswKbd.sys

2013-03-06 22:33:20 127136 ----a-w- C:\Windows\System32\drivers\aswFW.sys

2013-03-06 22:32:51 41664 ----a-w- C:\Windows\avastSS.scr

2013-03-06 04:36:08 39768 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys

2013-03-05 23:02:56 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-05 23:02:55 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-03-05 23:02:55 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-02-12 21:01:36 42184 ----a-w- C:\Windows\System32\drivers\taphss6.sys

2013-02-12 20:51:52 42184 ----a-w- C:\Windows\System32\drivers\hssdrv6.sys

2013-02-11 04:06:25 249856 ------w- C:\Windows\Setup1.exe

2013-02-11 04:06:24 73216 ----a-w- C:\Windows\ST6UNST.EXE

2013-02-06 15:42:10 203544 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys

2013-02-06 15:42:08 102936 ----a-w- C:\Windows\System32\drivers\ssudbus.sys

2013-01-18 15:15:24 550176 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2013-01-18 15:00:28 6390048 ----a-w- C:\Windows\System32\nvcpl.dll

2013-01-18 15:00:28 3460896 ----a-w- C:\Windows\System32\nvsvc64.dll

2013-01-18 15:00:11 884512 ----a-w- C:\Windows\System32\nvvsvc.exe

2013-01-18 15:00:11 63776 ----a-w- C:\Windows\System32\nvshext.dll

2013-01-18 15:00:11 2953448 ----a-w- C:\Windows\System32\nvcoproc.bin

2013-01-18 15:00:11 2558240 ----a-w- C:\Windows\System32\nvsvcr.dll

2013-01-18 15:00:11 118560 ----a-w- C:\Windows\System32\nvmctray.dll

2012-11-25 04:13:23 83 ----a-w- C:\Program Files (x86)\update-FarCry3.bat

.

============= FINISH: 21:53:19.98 ===============

attach.txt

[raman559]

bump

[MrCharlie]

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Make sure you're subscribed to this topic:

Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

Removing malware can be unpredictable

...things can go very wrong!

Backup

any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>

Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>

Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!