69 replies to this topic

[nemanja]

please help me.. im not good at computer stuffs and im kinda worried.. my malwarebytes keeps on blocking several ip addresses (type: outgoing).. what does this means? is someone trying to hack my system? but i ran anti virus and anti malware and it seems okay... do i need to do further action? did i miss something? please instruct me what to do... your help would be highly appreciated. Thanks


2012/03/11 03:01:44 +0100 HERB-PC herb IP-BLOCK 212.36.9.157 (Type: outgoing, Port: 59238, Process: avwebgrd.exe)
2012/03/11 03:01:44 +0100 HERB-PC herb IP-BLOCK 212.36.9.157 (Type: outgoing, Port: 59239, Process: avwebgrd.exe)
2012/03/11 03:01:44 +0100 HERB-PC herb IP-BLOCK 212.36.9.157 (Type: outgoing, Port: 59241, Process: avwebgrd.exe)
2012/03/11 03:08:32 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 60750, Process: avwebgrd.exe)
2012/03/11 03:34:34 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 63141, Process: avwebgrd.exe)
2012/03/11 03:44:43 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 64209, Process: avwebgrd.exe)
2012/03/11 03:45:23 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)
2012/03/11 03:45:31 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)
2012/03/11 03:45:31 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 64348, Process: bittorrent.exe)
2012/03/11 03:45:40 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)
2012/03/11 03:47:00 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 64498, Process: bittorrent.exe)
2012/03/11 03:47:16 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)
2012/03/11 03:47:16 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)
2012/03/11 03:51:25 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)
2012/03/11 03:51:25 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 64780, Process: bittorrent.exe)
2012/03/11 03:51:33 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)
2012/03/11 03:57:02 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 65192, Process: avwebgrd.exe)
2012/03/11 03:57:10 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)
2012/03/11 03:57:27 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)
2012/03/11 03:57:27 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 65298, Process: bittorrent.exe)
2012/03/11 03:57:27 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)
2012/03/11 03:58:07 +0100 HERB-PC herb IP-BLOCK 195.216.189.66 (Type: outgoing, Port: 50738, Process: bittorrent.exe)
2012/03/11 03:58:23 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)
2012/03/11 03:58:23 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 65355, Process: bittorrent.exe)
2012/03/11 03:58:31 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)
2012/03/11 03:59:35 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 65389, Process: bittorrent.exe)
2012/03/11 04:00:00 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)
2012/03/11 04:00:08 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)
2012/03/11 04:07:13 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 49171, Process: avwebgrd.exe)
2012/03/11 04:14:01 +0100 HERB-PC herb IP-BLOCK 218.7.226.66 (Type: outgoing, Port: 50738, Process: bittorrent.exe)
2012/03/11 04:27:30 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 49424, Process: avwebgrd.exe)
2012/03/11 04:59:40 +0100 HERB-PC herb IP-BLOCK 94.102.56.139 (Type: outgoing, Port: 50738, Process: bittorrent.exe)
2012/03/11 05:07:33 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 50100, Process: avwebgrd.exe)
2012/03/11 05:14:37 +0100 HERB-PC herb IP-BLOCK 89.28.98.66 (Type: outgoing, Port: 50738, Process: bittorrent.exe)
2012/03/11 06:15:12 +0100 HERB-PC herb IP-BLOCK 203.93.109.188 (Type: outgoing, Port: 50738, Process: bittorrent.exe)
2012/03/11 06:15:20 +0100 HERB-PC herb IP-BLOCK 79.135.149.98 (Type: outgoing, Port: 50738, Process: bittorrent.exe)
2012/03/11 06:27:45 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 50751, Process: avwebgrd.exe)
2012/03/11 06:44:10 +0100 HERB-PC herb IP-BLOCK 195.161.7.1 (Type: outgoing, Port: 50738, Process: bittorrent.exe)
2012/03/11 07:59:09 +0100 HERB-PC herb IP-BLOCK 46.182.104.43 (Type: outgoing, Port: 50738, Process: bittorrent.exe)
2012/03/11 08:31:35 +0100 HERB-PC herb IP-BLOCK 61.139.126.180 (Type: outgoing, Port: 50738, Process: bittorrent.exe)
2012/03/11 09:04:36 +0100 HERB-PC herb IP-BLOCK 61.139.126.180 (Type: outgoing, Port: 50738, Process: bittorrent.exe)
2012/03/11 09:06:04 +0100 HERB-PC herb IP-BLOCK 91.188.46.33 (Type: outgoing, Port: 50738, Process: bittorrent.exe)
2012/03/11 09:07:48 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 52497, Process: avwebgrd.exe)
2012/03/11 09:18:05 +0100 HERB-PC herb IP-BLOCK 194.165.0.8 (Type: outgoing, Port: 50738, Process: bittorrent.exe)
2012/03/11 09:33:01 +0100 HERB-PC herb IP-BLOCK 46.182.104.43 (Type: outgoing, Port: 50738, Process: bittorrent.exe)
2012/03/11 09:49:02 +0100 HERB-PC herb IP-BLOCK 91.188.33.97 (Type: outgoing, Port: 50738, Process: bittorrent.exe)
2012/03/11 10:02:39 +0100 HERB-PC herb IP-BLOCK 80.67.13.105 (Type: outgoing, Port: 50738, Process: bittorrent.exe)
2012/03/11 11:18:34 +0100 HERB-PC herb IP-BLOCK 212.117.179.122 (Type: outgoing, Port: 50738, Process: bittorrent.exe)
2012/03/11 11:18:34 +0100 HERB-PC herb IP-BLOCK 222.65.100.98 (Type: outgoing, Port: 50738, Process: bittorrent.exe)
2012/03/11 11:48:43 +0100 HERB-PC herb IP-BLOCK 213.186.119.120 (Type: outgoing, Port: 50738, Process: bittorrent.exe)
2012/03/11 11:58:59 +0100 HERB-PC herb IP-BLOCK 89.28.6.125 (Type: outgoing, Port: 50738, Process: bittorrent.exe)
2012/03/11 14:01:21 +0100 HERB-PC herb IP-BLOCK 218.7.16.117 (Type: outgoing, Port: 50738, Process: bittorrent.exe)
2012/03/11 14:28:19 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 57242, Process: avwebgrd.exe)
2012/03/11 14:45:56 +0100 HERB-PC herb IP-BLOCK 58.241.117.105 (Type: outgoing, Port: 50738, Process: bittorrent.exe)
2012/03/11 15:13:17 +0100 HERB-PC herb IP-BLOCK 31.31.77.117 (Type: outgoing, Port: 50738, Process: bittorrent.exe)
2012/03/11 15:29:34 +0100 HERB-PC herb IP-BLOCK 121.125.133.24 (Type: outgoing, Port: 50738, Process: bittorrent.exe)
2012/03/11 15:44:07 +0100 HERB-PC herb IP-BLOCK 89.28.40.246 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

[nemanja]

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by herb at 21:31:06 on 2012-03-11
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2839 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\BitTorrent\BitTorrent.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Users\herb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\herb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\herb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AMLDEV~1.LNK - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{52A2726C-FD97-421D-9203-CBD2DA6A5A85} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6AC69217-9567-4CB4-BFFF-1AF9454FE20C} : DhcpNameServer = 192.168.1.1
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
============= SERVICES / DRIVERS ===============
.
R1 avfwot;avfwot;C:\Windows\system32\DRIVERS\avfwot.sys --> C:\Windows\system32\DRIVERS\avfwot.sys [?]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AntiVirFirewallService;Avira FireWall;C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2012-3-9 616400]
R2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-3-9 342480]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-3-9 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-3-9 110032]
R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2012-3-9 463824]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-10 652360]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 avfwim;AvFw Packet Filter Miniport;C:\Windows\system32\DRIVERS\avfwim.sys --> C:\Windows\system32\DRIVERS\avfwim.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
R3 SaiH8000;SaiH8000;C:\Windows\system32\DRIVERS\SaiH8000.sys --> C:\Windows\system32\DRIVERS\SaiH8000.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RTL8187B;Belkin Wireless G USB Network Adapter;C:\Windows\system32\DRIVERS\rtl8187B.sys --> C:\Windows\system32\DRIVERS\rtl8187B.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
.
=============== Created Last 30 ================
.
2012-03-11 19:39:47 388096 ----a-r- C:\Users\herb\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-11 19:39:46 -------- d-----w- C:\Program Files (x86)\ht
2012-03-11 17:52:31 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-11 15:15:24 -------- d-----w- C:\CFLog
2012-03-10 14:49:25 446976 ----a-w- C:\Windows\System32\drivers\rtl8187B.sys
2012-03-10 14:49:25 446976 ----a-w- C:\Windows\system\rtl8187B.sys
2012-03-10 14:49:25 -------- d-----w- C:\Windows\OPTIONS
2012-03-10 14:48:53 451072 ----a-w- C:\Windows\SysWow64\ISSRemoveSP.exe
2012-03-10 14:48:53 -------- d-----w- C:\Program Files (x86)\Belkin
2012-03-10 14:10:36 -------- d-----w- C:\Users\herb\AppData\Local\NFS Underground 2
2012-03-10 13:47:14 -------- d-----w- C:\Program Files (x86)\ESET
2012-03-10 03:32:29 98816 ----a-w- C:\Windows\sed.exe
2012-03-10 03:32:29 518144 ----a-w- C:\Windows\SWREG.exe
2012-03-10 03:32:29 256000 ----a-w- C:\Windows\PEV.exe
2012-03-10 03:32:29 208896 ----a-w- C:\Windows\MBR.exe
2012-03-10 03:11:36 -------- d-----w- C:\Program Files (x86)\BitTorrent
2012-03-10 03:10:27 -------- d-----w- C:\Users\herb\AppData\Roaming\BitTorrent
2012-03-10 02:34:25 -------- d-----w- C:\Users\herb\AppData\Roaming\Malwarebytes
2012-03-10 02:34:18 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-10 02:34:17 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-10 02:34:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-10 02:26:48 -------- d-----w- C:\Users\herb\AppData\Roaming\BSplayer PRO
2012-03-10 02:26:47 -------- d-----w- C:\Program Files (x86)\Webteh
2012-03-09 23:34:15 0 ----a-w- C:\Windows\ativpsrm.bin
2012-03-09 23:31:36 -------- d-----w- C:\Windows\Panther
2012-03-09 23:31:22 -------- d-----w- C:\Boot
2012-03-09 19:00:46 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-09 18:40:47 -------- d-----w- C:\Users\herb\AppData\Roaming\Avira
2012-03-09 18:40:12 97312 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-03-09 18:40:12 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2012-03-09 18:40:12 139512 ----a-w- C:\Windows\System32\drivers\avfwot.sys
2012-03-09 18:40:12 113768 ----a-w- C:\Windows\System32\drivers\avfwim.sys
2012-03-09 18:40:12 -------- d-----w- C:\ProgramData\Avira
2012-03-09 18:40:12 -------- d-----w- C:\Program Files (x86)\Avira
2012-03-09 17:33:04 -------- d-----w- C:\Windows\System32\SPReview
2012-03-09 17:32:46 -------- d-----w- C:\Windows\System32\EventProviders
2012-03-09 17:20:59 762880 ----a-w- C:\Windows\SysWow64\azroles.dll
2012-03-09 17:19:56 189952 ----a-w- C:\Windows\SysWow64\sqmapi.dll
2012-03-09 17:19:49 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2012-03-09 17:19:49 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2012-03-09 17:19:49 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll
2012-03-09 17:18:54 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2012-03-09 17:18:54 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2012-03-09 17:18:50 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2012-03-09 17:15:02 53248 ----a-r- C:\Users\herb\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-03-09 17:14:54 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-03-09 16:56:54 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2012-03-09 16:56:54 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2012-03-09 16:56:54 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2012-03-09 16:56:53 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2012-03-09 16:56:53 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2012-03-09 16:56:53 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2012-03-09 16:56:53 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2012-03-09 16:05:55 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-03-09 16:05:54 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-03-09 16:05:54 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-03-09 16:05:54 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-09 16:05:54 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-09 15:49:36 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-03-09 15:49:16 -------- d-----w- C:\Users\herb\AppData\Roaming\uTorrent
2012-03-09 15:46:44 -------- d-----w- C:\Users\herb\AppData\Local\ATI
2012-03-09 15:46:33 -------- d-----w- C:\ProgramData\AMD
2012-03-09 15:46:32 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-03-09 15:46:30 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-03-09 15:46:24 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2012-03-09 15:46:24 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2012-03-09 15:44:54 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2012-03-09 15:44:50 -------- d-----w- C:\Program Files\ATI
2012-03-09 15:44:12 -------- d-----w- C:\Program Files\ATI Technologies
2012-03-09 15:43:28 -------- d-----w- C:\AMD
2012-03-09 15:32:53 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-03-09 15:10:20 8643640 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C71759E0-5BC3-4538-997B-F17AFD634FED}\mpengine.dll
2012-03-09 15:09:11 -------- d-----w- C:\Program Files\Ventrilo
2012-03-09 15:07:55 2871808 ----a-w- C:\Windows\explorer.exe
2012-03-09 14:56:44 77312 ----a-w- C:\Windows\System32\packager.dll
2012-03-09 14:56:44 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-03-09 14:48:35 -------- d-----w- C:\Users\herb\AppData\Local\Google
2012-03-09 14:48:22 -------- d-----w- C:\Users\herb\AppData\Local\Deployment
2012-03-09 14:48:22 -------- d-----w- C:\Users\herb\AppData\Local\Apps
2012-03-09 14:47:23 -------- d-----w- C:\Users\herb\AppData\Local\Diagnostics
2012-03-09 14:40:26 -------- d-----w- C:\Recovery
2012-02-15 03:48:32 10856960 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-02-15 03:21:24 25839104 ----a-w- C:\Windows\System32\atio6axx.dll
2012-02-15 03:18:56 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-02-15 03:18:40 791040 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-02-15 03:17:04 957952 ----a-w- C:\Windows\System32\aticfx64.dll
2012-02-15 03:13:56 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-02-15 03:13:40 496128 ----a-w- C:\Windows\System32\atieclxx.exe
2012-02-15 03:13:00 235520 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-02-15 03:11:42 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-02-15 03:10:58 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-02-15 03:10:54 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-02-15 03:10:48 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-02-15 03:07:44 6200320 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-02-15 02:58:56 19392000 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-02-15 02:41:28 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-02-15 02:40:54 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-02-15 02:40:42 4958208 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-02-15 02:34:56 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-02-15 02:34:54 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-02-15 02:34:46 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-02-15 02:34:44 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-02-15 02:34:36 5954048 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-02-15 02:34:30 13859840 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-02-15 02:29:52 5062656 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-02-15 02:29:50 11561984 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-02-15 02:25:06 7551488 ----a-w- C:\Windows\System32\atiumd64.dll
2012-02-15 02:16:38 58880 ----a-w- C:\Windows\System32\coinst.dll
2012-02-15 02:14:00 512000 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-02-15 02:13:50 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-02-15 02:13:36 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-02-15 02:13:32 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-02-15 02:13:32 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-02-15 02:13:28 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2012-02-15 02:13:20 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-02-15 02:13:12 327680 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-02-15 02:12:22 43008 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-02-15 02:12:14 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-02-15 02:12:08 39936 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-02-15 02:12:00 30208 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-02-15 02:11:22 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-02-14 21:05:32 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-02-14 21:05:26 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-02-14 21:05:20 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-02-14 21:05:16 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-02-14 21:05:08 16507904 ----a-w- C:\Windows\System32\amdocl64.dll
2012-02-14 21:04:26 13238272 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-02-14 21:03:44 54272 ----a-w- C:\Windows\System32\OpenCL.dll
2012-02-14 21:03:38 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll
.
==================== Find3M ====================
.
2012-03-09 18:12:49 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-03-09 18:12:48 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-02-15 02:52:28 7646208 ----a-w- C:\Windows\System32\atidxx64.dll
2012-01-31 05:02:26 21504 ----a-w- C:\Windows\System32\kdbsdk64.dll
2012-01-31 05:00:24 16896 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2012-01-14 04:06:27 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-12-16 08:46:06 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2011-12-16 07:52:58 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2011-12-13 17:27:30 4718952 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2011-12-13 15:58:20 1560168 ----a-w- C:\Windows\System32\RTSnMg64.cpl
2011-12-13 10:01:00 1698408 ----a-w- C:\Windows\RtlExUpd.dll
.
============= FINISH: 21:31:52.51 ===============

[nemanja]

ComboFix 12-03-09.05 - herb 03/10/2012 5:05.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2335 [GMT 1:00]
Running from: c:\users\herb\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-10 to 2012-03-10 )))))))))))))))))))))))))))))))
.
.
2012-03-10 04:15 . 2012-03-10 04:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-10 03:11 . 2012-03-10 03:11 -------- d-----w- c:\program files (x86)\BitTorrent
2012-03-10 02:34 . 2012-03-10 02:34 -------- d-----w- c:\programdata\Malwarebytes
2012-03-10 02:34 . 2012-03-10 02:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-10 02:34 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-10 02:26 . 2012-03-10 02:26 -------- d-----w- c:\program files (x86)\Webteh
2012-03-09 23:34 . 2012-03-09 23:34 0 ----a-w- c:\windows\ativpsrm.bin
2012-03-09 23:31 . 2012-03-09 23:36 -------- d-----w- c:\windows\Panther
2012-03-09 23:31 . 2012-03-09 18:20 -------- d-----w- C:\Boot
2012-03-09 19:00 . 2012-03-09 19:00 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-09 19:00 . 2012-03-09 19:00 -------- d-----w- c:\windows\SysWow64\Macromed
2012-03-09 19:00 . 2012-03-09 19:00 -------- d-----w- c:\windows\system32\Macromed
2012-03-09 18:40 . 2012-03-09 18:40 -------- d-----w- c:\programdata\Avira
2012-03-09 18:40 . 2012-03-09 18:40 -------- d-----w- c:\program files (x86)\Avira
2012-03-09 18:40 . 2011-10-11 13:53 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-03-09 18:40 . 2011-10-11 13:53 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-03-09 18:40 . 2011-10-11 13:53 139512 ----a-w- c:\windows\system32\drivers\avfwot.sys
2012-03-09 18:40 . 2011-10-11 13:53 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-03-09 18:40 . 2011-10-11 13:53 113768 ----a-w- c:\windows\system32\drivers\avfwim.sys
2012-03-09 17:33 . 2012-03-09 17:33 -------- d-----w- c:\windows\system32\SPReview
2012-03-09 17:32 . 2012-03-09 17:32 -------- d-----w- c:\windows\system32\EventProviders
2012-03-09 17:20 . 2010-11-20 13:27 244224 ----a-w- c:\windows\system32\spp.dll
2012-03-09 17:19 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll
2012-03-09 17:19 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2012-03-09 17:19 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
2012-03-09 17:19 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2012-03-09 17:18 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-03-09 17:18 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-03-09 17:18 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2012-03-09 17:15 . 2012-03-09 17:15 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2012-03-09 17:14 . 2012-03-09 17:14 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-03-09 17:14 . 2012-03-09 17:17 -------- d-----w- c:\programdata\Logishrd
2012-03-09 17:14 . 2012-03-09 17:14 -------- d-----w- c:\program files\Logitech
2012-03-09 17:03 . 2012-03-09 17:14 -------- d-----w- c:\program files\Common Files\Logishrd
2012-03-09 16:57 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-03-09 16:57 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2012-03-09 16:57 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2012-03-09 16:57 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2012-03-09 16:57 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2012-03-09 16:57 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2012-03-09 16:57 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2012-03-09 16:57 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2012-03-09 16:57 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2012-03-09 16:57 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2012-03-09 16:57 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2012-03-09 16:56 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-03-09 16:56 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-03-09 16:56 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-03-09 16:56 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-03-09 16:56 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-03-09 16:56 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-03-09 16:56 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-03-09 16:21 . 2012-03-09 16:21 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-03-09 16:05 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-03-09 16:05 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-09 16:05 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-03-09 16:05 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-09 16:05 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-03-09 15:49 . 2012-03-09 15:49 -------- d-----w- c:\program files (x86)\uTorrent
2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\programdata\ATI
2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\programdata\AMD
2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files (x86)\AMD AVT
2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files (x86)\AMD APP
2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-03-09 15:44 . 2012-03-09 15:44 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-03-09 15:44 . 2012-03-09 15:44 -------- d-----w- c:\program files\ATI
2012-03-09 15:44 . 2012-03-09 15:46 -------- d-----w- c:\program files\ATI Technologies
2012-03-09 15:43 . 2012-03-09 15:43 -------- d-----w- C:\AMD
2012-03-09 15:32 . 2012-02-23 08:18 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-03-09 15:10 . 2012-03-01 12:21 8643640 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C71759E0-5BC3-4538-997B-F17AFD634FED}\mpengine.dll
2012-03-09 15:09 . 2012-03-09 15:09 -------- d-----w- c:\program files\Ventrilo
2012-03-09 15:07 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2012-03-09 14:56 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-03-09 14:56 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-03-09 14:43 . 2012-03-09 14:43 -------- d-----w- c:\users\herb
2012-03-09 14:40 . 2012-03-09 14:40 -------- d-----w- C:\Recovery
2012-02-15 03:48 . 2012-02-15 03:48 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-02-15 03:21 . 2012-02-15 03:21 25839104 ----a-w- c:\windows\system32\atio6axx.dll
2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-02-15 03:18 . 2012-02-15 03:18 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-02-15 03:17 . 2012-02-15 03:17 957952 ----a-w- c:\windows\system32\aticfx64.dll
2012-02-15 03:13 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-02-15 03:13 . 2012-02-15 03:13 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-02-15 03:13 . 2012-02-15 03:13 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2012-02-15 03:11 . 2012-02-15 03:11 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-02-15 03:10 . 2012-02-15 03:10 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-02-15 03:07 . 2012-02-15 03:07 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-02-15 02:41 . 2012-02-15 02:41 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-02-15 02:40 . 2012-02-15 02:40 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
2012-02-15 02:34 . 2012-02-15 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-02-15 02:34 . 2012-02-15 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-02-15 02:34 . 2012-02-15 02:34 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-02-15 02:34 . 2012-02-15 02:34 13859840 ----a-w- c:\windows\system32\aticaldd64.dll
2012-02-15 02:29 . 2012-02-15 02:29 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-02-15 02:25 . 2012-02-15 02:25 7551488 ----a-w- c:\windows\system32\atiumd64.dll
2012-02-15 02:16 . 2012-02-15 02:16 58880 ----a-w- c:\windows\system32\coinst.dll
2012-02-15 02:14 . 2012-02-15 02:14 512000 ----a-w- c:\windows\system32\atiadlxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-02-15 02:13 . 2012-02-15 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-02-15 02:12 . 2012-02-15 02:12 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-02-15 02:12 . 2012-02-15 02:12 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-02-15 02:12 . 2012-02-15 02:12 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-02-15 02:12 . 2012-02-15 02:12 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-02-14 21:05 . 2012-02-14 21:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-02-14 21:05 . 2012-02-14 21:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-02-14 21:05 . 2012-02-14 21:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-02-14 21:05 . 2012-02-14 21:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-09 18:12 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-03-09 18:12 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-02-15 02:52 . 2009-07-13 21:59 7646208 ----a-w- c:\windows\system32\atidxx64.dll
2012-01-31 05:02 . 2012-01-31 05:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-01-31 05:00 . 2012-01-31 05:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-10_03.44.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-10 04:14 . 2012-03-10 04:14 66048 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\a9a494047cfbd13fd4a155c77a258a0a\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper.ni.dll
+ 2012-03-10 04:14 . 2012-03-10 04:14 64000 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\90b3ba2f1de795690641228b63586965\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.ni.dll
+ 2012-03-10 04:13 . 2012-03-10 04:13 65536 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\f8f0b08845fb76dfcf57e00d86fc13fc\Microsoft.MediaCenter.iTv.Hosting.ni.dll
+ 2012-03-10 04:13 . 2012-03-10 04:13 49664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUPnP\50cda8ab4cd566b222342c3da14302d3\ehiUPnP.ni.dll
+ 2012-03-10 04:13 . 2012-03-10 04:13 93184 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiTVMSMusic\4089bf2cec6e1a1539076c5bd6d95ce7\ehiTVMSMusic.ni.dll
+ 2012-03-10 04:12 . 2012-03-10 04:12 28672 c:\windows\assembly\NativeImages_v2.0.50727_64\dfsvc\7de9a8137a33d06dad01c8405d960037\dfsvc.ni.exe
+ 2012-03-10 04:10 . 2012-03-10 04:10 33280 c:\windows\assembly\NativeImages_v2.0.50727_64\AuditPolicyGPManage#\320d4f45d6463976ce238f654e706926\AuditPolicyGPManagedStubs.Interop.ni.dll
+ 2012-03-10 03:49 . 2012-03-10 03:49 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\94a173b39fa90956937b41c775ac66d7\dfsvc.ni.exe
+ 2012-03-10 04:12 . 2012-03-10 04:12 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\9880905a6fde778e564adf54b2afbaa5\System.Messaging.ni.dll
+ 2012-03-10 04:12 . 2012-03-10 04:12 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\2ba95581264a766410a6dbbe767c5ed8\System.IdentityModel.Selectors.ni.dll
+ 2012-03-10 04:12 . 2012-03-10 04:12 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\823bd996cb5aefd6c2b2fa7e19e0ef40\SMDiagnostics.ni.dll
+ 2012-03-10 04:15 . 2012-03-10 04:15 376832 c:\windows\assembly\NativeImages_v2.0.50727_64\SecurityAuditPolici#\b92e9816d6f35ffb11dc27e00dfa9f98\SecurityAuditPoliciesSnapIn.ni.dll
+ 2012-03-10 04:14 . 2012-03-10 04:14 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\b94e1c9115d8e37e734b27b48f54d236\MMCFxCommon.ni.dll
+ 2012-03-10 04:15 . 2012-03-10 04:15 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\cb1c199305d00b2424e707311eb9dcfd\Microsoft.Vsa.ni.dll
+ 2012-03-10 04:14 . 2012-03-10 04:14 235008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\593d4852da5730b2745a902cb765bf9b\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.ni.dll
+ 2012-03-10 04:14 . 2012-03-10 04:14 275456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\2bd4bf486059581106a5d16bd9fe853f\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager.ni.dll
+ 2012-03-10 04:16 . 2012-03-10 04:16 416768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\99bb7896ddbe74236efaa97733c63cbc\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2012-03-10 04:13 . 2012-03-10 04:13 522240 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\ddd2f252bea1cce14bb498257992635a\Microsoft.MediaCenter.Interop.ni.dll
+ 2012-03-10 04:15 . 2012-03-10 04:15 164864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\cf9be66d53dddbf49b75cead76ef3cea\Microsoft.MediaCenter.Mheg.ni.dll
+ 2012-03-10 04:13 . 2012-03-10 04:13 152576 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\a743124afb874ab00d713ab50a7d850d\Microsoft.MediaCenter.ITVVM.ni.dll
+ 2012-03-10 04:14 . 2012-03-10 04:14 219648 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\7de5318ee2be8e2b8fcffde83c79ab7c\Microsoft.MediaCenter.iTv.Media.ni.dll
+ 2012-03-10 04:13 . 2012-03-10 04:13 370176 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\55172dec8f1353d1a8d9cdc4c0b9fac0\Microsoft.MediaCenter.Playback.ni.dll
+ 2012-03-10 04:13 . 2012-03-10 04:13 965632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\5495e7eca3dac7eee473e30a3611f178\Microsoft.MediaCenter.Sports.ni.dll
+ 2012-03-10 04:14 . 2012-03-10 04:14 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\35ce662c1368782ede0852134106ea43\Microsoft.MediaCenter.iTv.ni.dll
+ 2012-03-10 04:14 . 2012-03-10 04:14 798720 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\505549b05e5c3ceccd26ad9c398381e8\Microsoft.ManagementConsole.ni.dll
+ 2012-03-10 04:15 . 2012-03-10 04:15 618496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.GroupPoli#\b232ba7650e5449bb5dfa5c1818763ef\Microsoft.GroupPolicy.AdmTmplEditor.ni.dll
+ 2012-03-10 04:15 . 2012-03-10 04:15 399360 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.GroupPoli#\6380c4a4aa90e1047f6b160077983dbb\Microsoft.GroupPolicy.Interop.ni.dll
+ 2012-03-10 04:15 . 2012-03-10 04:15 244736 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\f356844d3667b88d03bde2ae524659b6\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-03-10 04:15 . 2012-03-10 04:15 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\86f7fa65013864ae7da2fba058199dae\Microsoft.Build.Utilities.ni.dll
+ 2012-03-10 04:15 . 2012-03-10 04:15 142336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\9f5bcff6a0b169efa6b607efd8789ea9\Microsoft.Build.Framework.ni.dll
+ 2012-03-10 04:15 . 2012-03-10 04:15 121344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\0ef8fa5e835e9ae9fd9a20e5d5058460\Microsoft.Build.Framework.ni.dll
+ 2012-03-10 04:14 . 2012-03-10 04:14 423424 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Applicati#\6a6fa7724d13030a9e6fa097b8bf2e81\Microsoft.ApplicationId.Framework.ni.dll
+ 2012-03-10 04:14 . 2012-03-10 04:14 727040 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Applicati#\4ad25d1d04dc7511507cc7c7f2863e65\Microsoft.ApplicationId.RuleWizard.ni.dll
+ 2012-03-10 04:14 . 2012-03-10 04:14 107008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft-Windows-H#\77b758c083ce18f7ff9c262e4f6291e4\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.ni.dll
+ 2012-03-10 04:14 . 2012-03-10 04:14 380928 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\304068df803748d7743a6a4dc344915f\Mcx2Dvcs.ni.dll
+ 2012-03-10 04:14 . 2012-03-10 04:14 547328 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\fb79aad0c745ff7b45151bc58b4dc8e9\mcupdate.ni.exe
+ 2012-03-10 04:13 . 2012-03-10 04:13 533504 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\4a29229fecf805779bee25b756d78a0d\mcstoredb.ni.dll
+ 2012-03-10 04:14 . 2012-03-10 04:14 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\8affc4346a86b80727282966ce58662b\mcplayerinterop.ni.dll
+ 2012-03-10 04:14 . 2012-03-10 04:14 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\756a74d6b322877662a0f6da4bc7d8e6\mcGlidHostObj.ni.dll
+ 2012-03-10 04:14 . 2012-03-10 04:14 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\956ca0e08e881df7f16f7d6d1381f71d\EventViewer.ni.dll
+ 2012-03-10 04:12 . 2012-03-10 04:12 969216 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\307ca4b67db79b05b4781634ea8ec0d7\ehRecObj.ni.dll
+ 2012-03-10 04:13 . 2012-03-10 04:13 661504 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiWUapi\87f11d95ab10469f888fd76c45f9fceb\ehiWUapi.ni.dll
+ 2012-03-10 04:13 . 2012-03-10 04:13 933888 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiwmp\a24c79d19a6d2a3e8ca587ecddd3e735\ehiwmp.ni.dll
+ 2012-03-10 04:12 . 2012-03-10 04:12 145408 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUserXp\0de7a02857c6041bc2c86c1db3ca8c23\ehiUserXp.ni.dll
+ 2012-03-10 04:13 . 2012-03-10 04:13 196096 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiiTv\421eb174f94249cf6a3b9e517baa82f8\ehiiTv.ni.dll
+ 2012-03-10 04:13 . 2012-03-10 04:13 397824 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtens\d5bf6f8e9e3d08d407ed68b714c268ae\ehiExtens.ni.dll
+ 2012-03-10 04:13 . 2012-03-10 04:13 110080 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiBmlDataCarousel\b55c3bb24dda0acda2bc332cc3016f75\ehiBmlDataCarousel.ni.dll
+ 2012-03-10 04:13 . 2012-03-10 04:13 125440 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiActivScp\fa493e64ca63def1a404a0d4b44cdefc\ehiActivScp.ni.dll
+ 2012-03-10 04:12 . 2012-03-10 04:12 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\5f53457f49927ecf00156d20466cc5a6\ehExtHost.ni.exe
+ 2012-03-10 04:12 . 2012-03-10 04:12 313856 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\b49168b11f5f60ddafed2ab1fdd4540f\ehCIR.ni.dll
+ 2012-03-10 04:12 . 2012-03-10 04:12 348672 c:\windows\assembly\NativeImages_v2.0.50727_64\CustomMarshalers\1e040217cf674c6cf528fbfe18c4c2f8\CustomMarshalers.ni.dll
+ 2012-03-10 04:10 . 2012-03-10 04:10 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\f2808fb3389d3e28e2b0223dcd654e02\ComSvcConfig.ni.exe
+ 2012-03-10 04:10 . 2012-03-10 04:10 971264 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\45af2aab82a69a1a6fe0f7cef4024673\BDATunePIA.ni.dll
+ 2012-03-10 03:49 . 2012-03-10 03:49 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\a717cdb44ec0d3238c621efa420a9956\System.Messaging.ni.dll
+ 2012-03-10 03:49 . 2012-03-10 03:49 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\8b0dc9405f292a93ddd52eb76bb88169\System.IdentityModel.Selectors.ni.dll
+ 2012-03-10 03:48 . 2012-03-10 03:48 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\281b67b96a2dd473dad4d222da0ca514\SMDiagnostics.ni.dll
+ 2012-03-10 03:49 . 2012-03-10 03:49 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\6a07aa6df4d45d1485b6a2749647a3aa\ehExtHost32.ni.exe
+ 2012-03-10 03:49 . 2012-03-10 03:49 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\2c2215e99c21daeec6bf697cf7bcf103\CustomMarshalers.ni.dll
+ 2012-03-10 04:12 . 2012-03-10 04:12 3073536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\f99728bbb535157b904873158379dc67\System.Runtime.Serialization.ni.dll
+ 2012-03-10 04:15 . 2012-03-10 04:15 1472000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\6860203a3f244d4c6b89ff38a9c9cadb\System.Management.ni.dll
+ 2012-03-10 04:12 . 2012-03-10 04:12 1444352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\3fae8a8515a716f1fae4a64a7f2a4b05\System.IdentityModel.ni.dll
+ 2012-03-10 04:16 . 2012-03-10 04:16 3315200 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\9e59bc2c8cf98cd315468ca01f68663c\System.Core.ni.dll
+ 2012-03-10 04:14 . 2012-03-10 04:14 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\77c418992d39a8c1ce569194f9b1ff1e\MIGUIControls.ni.dll
+ 2012-03-10 04:12 . 2012-03-10 04:12 1598976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\11bd9381aca79215bc01b45a5e7bddce\Microsoft.Transactions.Bridge.ni.dll
+ 2012-03-10 04:16 . 2012-03-10 04:16 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\8d5a4862d0e61fdd2e958fc989df3cca\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-03-10 04:16 . 2012-03-10 04:16 1131008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\09516cb547f50c165051c5512c0770d3\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-03-10 04:12 . 2012-03-10 04:12 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\d7d03c116e282c198f398652dbddc074\Microsoft.MediaCenter.ni.dll
+ 2012-03-10 04:12 . 2012-03-10 04:12 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\bf5f76b58c88f17410effc17059685a8\Microsoft.MediaCenter.UI.ni.dll
+ 2012-03-10 04:13 . 2012-03-10 04:13 1142784 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\b54d398a06452904630482f2f83d21dd\Microsoft.MediaCenter.Shell.ni.dll
+ 2012-03-10 04:13 . 2012-03-10 04:13 1170432 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\5f69561da0086365718db46e1172d204\Microsoft.MediaCenter.TV.Tuners.Interop.ni.dll
+ 2012-03-10 04:15 . 2012-03-10 04:15 3213312 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\551b383e39b9fedb84e25c9fc7d763ee\Microsoft.JScript.ni.dll
+ 2012-03-10 04:15 . 2012-03-10 04:15 5054976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.GroupPoli#\7c9b82506032312a1cbc644fffa73b17\Microsoft.GroupPolicy.Reporting.ni.dll
+ 2012-03-10 04:15 . 2012-03-10 04:15 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\4ccd2dddff73b52cd77ecaed30075b09\Microsoft.Build.Tasks.ni.dll
+ 2012-03-10 04:15 . 2012-03-10 04:15 2682880 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\35cee0a531b3136b21b2c7e2ff56b5eb\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-03-10 04:15 . 2012-03-10 04:15 2544640 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\a22f83fa561173b77ee1215e0dfd7a76\Microsoft.Build.Engine.ni.dll
+ 2012-03-10 04:15 . 2012-03-10 04:15 1137152 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\5cd9b4020f38edbdc2718884fe3e68f0\Microsoft.Build.Engine.ni.dll
+ 2012-03-10 04:13 . 2012-03-10 04:13 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\0217b5f9a72020bee3d0291bbae125ff\mcstore.ni.dll
+ 2012-03-10 04:13 . 2012-03-10 04:13 4088320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcepg\905166e37a4a5f45a7d1672fb756d96e\mcepg.ni.dll
+ 2012-03-10 04:13 . 2012-03-10 04:13 2165248 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\e6a702f8ccd27dcdcf09008531ab40e5\ehiVidCtl.ni.dll
+ 2012-03-10 04:12 . 2012-03-10 04:12 1201664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\17d0b71391bf67c5a663b140b9a7a936\ehiProxy.ni.dll
+ 2012-03-10 03:49 . 2012-03-10 03:49 2347008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bc96c5c6e644452270ff7c3d066ff713\System.Runtime.Serialization.ni.dll
+ 2012-03-10 03:49 . 2012-03-10 03:49 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\d939fca96c3645bb8806ea8ae43cc0ca\System.IdentityModel.ni.dll
+ 2012-03-10 03:49 . 2012-03-10 03:49 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1a6921bcfb8ade6652efb9f095b275f1\Microsoft.Transactions.Bridge.ni.dll
+ 2012-03-10 03:49 . 2012-03-10 03:49 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\03d64144ed3ea21cbeea0c872ece14b6\Microsoft.MediaCenter.ni.dll
+ 2012-03-10 04:11 . 2012-03-10 04:11 23913984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\0b51b0626d95de7446d132c73edd77cc\System.ServiceModel.ni.dll
+ 2012-03-10 04:16 . 2012-03-10 04:16 11900928 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\e18dbed9e34d7d56cc7e2f683de12237\System.Management.Automation.ni.dll
+ 2012-03-10 04:14 . 2012-03-10 04:14 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\089d0fee0e702f9b9a611f761cb3bd8a\ehshell.ni.dll
+ 2012-03-10 03:48 . 2012-03-10 03:48 17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\b74950292d5681795d9d2c1a72a79952\System.ServiceModel.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2012-03-10 6410096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\herb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 X6va006;X6va006;c:\users\herb\AppData\Local\Temp\006BD59.tmp [x]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2011-10-11 616400]
S2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-10-11 342480]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-10-11 463824]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
S3 SaiH8000;SaiH8000;c:\windows\system32\DRIVERS\SaiH8000.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3638853225-1990997699-2437280156-1000Core.job
- c:\users\herb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09 14:48]
.
2012-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3638853225-1990997699-2437280156-1000UA.job
- c:\users\herb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09 14:48]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\herb\AppData\Local\Temp\006BD59.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-10 05:34:17
ComboFix-quarantined-files.txt 2012-03-10 04:34
ComboFix2.txt 2012-03-10 04:00
.
Pre-Run: 25,204,334,592 bytes free
Post-Run: 24,410,750,976 bytes free
.
- - End Of File - - 12F900DCF776031FEE00EAABF0B9F6AE

[nemanja]

Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.12.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
herb :: HERB-PC [administrator]

Protection: Enabled

3/12/2012 3:23:11 AM
mbam-log-2012-03-12 (03-23-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 186303
Time elapsed: 3 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[nemanja]

also i did format whole hdd with active kill disc and problem is still here, OS reinstall does not help.. after 24h max its back! non of antiviruses detect any kind of malware or virus [eset ss 4, avira, microsoft essentials, avg]! avira firewall also detect bloced pakets on every 10-15min

[nemanja]

it seems like every time i open port (torrent, online game) something is slowing my internet, i mean really slowing 1kb/s is speed, ping in game 5000, cant even post with 1st try, pages need 3min to load etc... when "working" torrent speed goes to 300 than to 0 and my max download speed should be 420. last night i turned off my antivirus and firewall and disconected pc from internet and when i woke up internet was so slow, practicly i didn't have it. i did restore point and things is like few days ago, malwarebytes blocking traffic outgoing, and avira firewall also block some packets i spotted one strange IP 192.168.1.1 (mine IP acured by router) i hope some one will help soon, am thinking about reinstall OS becose i can use my internet for another day without problem... thanks for your time

[LDTate]

We look for post with 0 replies, so when you replied to your own topic, we assumed you were being helped.

Uninstall the P2P program bittorrent first, then read this topic.
http://forums.malwar...showtopic=71922

[nemanja]

uninstalled bittorrent restarted pc and avira firewall still says "The rule: "Deny all IP packets" has blocked a packet from IP:74.125.232.229" and other IP 74.125.232.229 i think there is more difrent IPs

[nemanja]

nemanja, on 13 March 2012 - 05:13 PM, said:

uninstalled bittorrent restarted pc and avira firewall still says "The rule: "Deny all IP packets" has blocked a packet from IP:74.125.232.229" and other IP 74.125.232.229 i think there is more difrent IPs

i made mistake other ip is 74.125.232.193

[LDTate]

Looks like both are from Google.

http://whois.domaint.../74.125.232.193
OrgName: Google Inc.
OrgId: GOGL
Address: 1600 Amphitheatre Parkway
City: Mountain View
StateProv: CA
PostalCode: 94043
Country: US



74.125.232.229
NetRange: 74.125.0.0 - 74.125.255.255
CIDR: 74.125.0.0/16
OriginAS:
NetName: GOOGLE
NetHandle: NET-74-125-0-0-1
Parent: NET-74-0-0-0-0
NetType: Direct Allocation
RegDate: 2007-03-13
Updated: 2012-02-24
Ref: http://whois.arin.ne...ET-74-125-0-0-1

OrgName: Google Inc.
OrgId: GOGL
Address: 1600 Amphitheatre Parkway
City: Mountain View
StateProv: CA
PostalCode: 94043
Country: US


Run a new updated MBAM scan and post the results

[nemanja]

Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.13.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
herb :: HERB-PC [administrator]

Protection: Enabled

3/13/2012 11:24:27 PM
mbam-log-2012-03-13 (23-24-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 186942
Time elapsed: 1 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[LDTate]

Good so far.

Run a new Combofix scan and be sure to accept the update if it shows one.

Post the results.

[nemanja]

Google o.O a sec ago avira FW shows Deny all IP packets" has blocked a packet from IP:192.168.1.1" thats my IP!! what is going oN ?? thanks for your time

[LDTate]

LDTate, on 13 March 2012 - 05:28 PM, said:

Good so far.

Run a new Combofix scan and be sure to accept the update if it shows one.

Post the results.

[nemanja]

ComboFix 12-03-11.01 - herb 03/13/2012 23:33:57.4.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2958 [GMT 1:00]
Running from: c:\users\herb\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20120313.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-02-13 to 2012-03-13 )))))))))))))))))))))))))))))))
.
.
2012-03-13 22:42 . 2012-03-13 22:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-10 02:34 . 2012-03-10 02:34 -------- d-----w- c:\programdata\Malwarebytes
2012-03-10 02:34 . 2012-03-10 02:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-10 02:34 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-10 02:26 . 2012-03-11 02:53 -------- d-----w- c:\program files (x86)\Webteh
2012-03-09 23:34 . 2012-03-09 23:34 0 ----a-w- c:\windows\ativpsrm.bin
2012-03-09 23:31 . 2012-03-12 03:20 -------- d-----w- c:\windows\Panther
2012-03-09 23:31 . 2012-03-09 18:20 -------- d-----w- C:\Boot
2012-03-09 19:00 . 2012-03-09 19:00 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-09 19:00 . 2012-03-09 19:00 -------- d-----w- c:\windows\SysWow64\Macromed
2012-03-09 19:00 . 2012-03-09 19:00 -------- d-----w- c:\windows\system32\Macromed
2012-03-09 18:40 . 2012-03-13 17:45 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-03-09 18:40 . 2012-03-13 17:37 -------- d-----w- c:\programdata\Avira
2012-03-09 18:40 . 2012-03-09 18:40 -------- d-----w- c:\program files (x86)\Avira
2012-03-09 18:40 . 2011-10-11 13:53 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-03-09 18:40 . 2011-10-11 13:53 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-03-09 18:40 . 2011-10-11 13:53 139512 ----a-w- c:\windows\system32\drivers\avfwot.sys
2012-03-09 18:40 . 2011-10-11 13:53 113768 ----a-w- c:\windows\system32\drivers\avfwim.sys
2012-03-09 17:33 . 2012-03-09 17:33 -------- d-----w- c:\windows\system32\SPReview
2012-03-09 17:32 . 2012-03-09 17:32 -------- d-----w- c:\windows\system32\EventProviders
2012-03-09 17:20 . 2010-11-20 13:27 244224 ----a-w- c:\windows\system32\spp.dll
2012-03-09 17:19 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll
2012-03-09 17:19 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2012-03-09 17:19 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
2012-03-09 17:19 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2012-03-09 17:18 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-03-09 17:18 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-03-09 17:18 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2012-03-09 17:15 . 2012-03-09 17:15 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2012-03-09 17:14 . 2012-03-09 17:14 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-03-09 17:14 . 2012-03-09 17:17 -------- d-----w- c:\programdata\Logishrd
2012-03-09 17:14 . 2012-03-09 17:14 -------- d-----w- c:\program files\Logitech
2012-03-09 17:03 . 2012-03-09 17:14 -------- d-----w- c:\program files\Common Files\Logishrd
2012-03-09 16:57 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-03-09 16:57 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2012-03-09 16:57 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2012-03-09 16:57 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2012-03-09 16:57 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2012-03-09 16:57 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2012-03-09 16:57 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2012-03-09 16:57 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2012-03-09 16:57 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2012-03-09 16:57 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2012-03-09 16:57 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2012-03-09 16:56 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-03-09 16:56 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-03-09 16:56 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-03-09 16:56 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-03-09 16:56 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-03-09 16:56 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-03-09 16:56 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-03-09 16:21 . 2012-03-09 16:21 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-03-09 16:05 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-03-09 16:05 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-09 16:05 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-03-09 16:05 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-09 16:05 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\programdata\ATI
2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\programdata\AMD
2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files (x86)\AMD AVT
2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files (x86)\AMD APP
2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-03-09 15:44 . 2012-03-09 15:44 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-03-09 15:44 . 2012-03-09 15:44 -------- d-----w- c:\program files\ATI
2012-03-09 15:44 . 2012-03-09 15:46 -------- d-----w- c:\program files\ATI Technologies
2012-03-09 15:43 . 2012-03-09 15:43 -------- d-----w- C:\AMD
2012-03-09 15:32 . 2012-02-23 08:18 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-03-09 15:10 . 2012-03-01 12:21 8643640 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C71759E0-5BC3-4538-997B-F17AFD634FED}\mpengine.dll
2012-03-09 15:09 . 2012-03-09 15:09 -------- d-----w- c:\program files\Ventrilo
2012-03-09 15:07 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2012-03-09 14:56 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-03-09 14:56 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-03-09 14:43 . 2012-03-13 14:26 -------- d-----w- c:\users\herb
2012-03-09 14:40 . 2012-03-09 14:40 -------- d-----w- C:\Recovery
2012-02-15 03:48 . 2012-02-15 03:48 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-02-15 03:21 . 2012-02-15 03:21 25839104 ----a-w- c:\windows\system32\atio6axx.dll
2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-02-15 03:18 . 2012-02-15 03:18 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-02-15 03:17 . 2012-02-15 03:17 957952 ----a-w- c:\windows\system32\aticfx64.dll
2012-02-15 03:13 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-02-15 03:13 . 2012-02-15 03:13 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-02-15 03:13 . 2012-02-15 03:13 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2012-02-15 03:11 . 2012-02-15 03:11 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-02-15 03:10 . 2012-02-15 03:10 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-02-15 03:07 . 2012-02-15 03:07 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-02-15 02:41 . 2012-02-15 02:41 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-02-15 02:40 . 2012-02-15 02:40 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
2012-02-15 02:34 . 2012-02-15 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-02-15 02:34 . 2012-02-15 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-02-15 02:34 . 2012-02-15 02:34 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-02-15 02:34 . 2012-02-15 02:34 13859840 ----a-w- c:\windows\system32\aticaldd64.dll
2012-02-15 02:29 . 2012-02-15 02:29 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-02-15 02:25 . 2012-02-15 02:25 7551488 ----a-w- c:\windows\system32\atiumd64.dll
2012-02-15 02:16 . 2012-02-15 02:16 58880 ----a-w- c:\windows\system32\coinst.dll
2012-02-15 02:14 . 2012-02-15 02:14 512000 ----a-w- c:\windows\system32\atiadlxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-02-15 02:13 . 2012-02-15 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-02-15 02:12 . 2012-02-15 02:12 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-02-15 02:12 . 2012-02-15 02:12 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-02-15 02:12 . 2012-02-15 02:12 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-02-15 02:12 . 2012-02-15 02:12 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-02-14 21:05 . 2012-02-14 21:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-02-14 21:05 . 2012-02-14 21:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-02-14 21:05 . 2012-02-14 21:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-02-14 21:05 . 2012-02-14 21:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-02-14 21:05 . 2012-02-14 21:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll
2012-02-14 21:04 . 2012-02-14 21:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-09 18:12 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-03-09 18:12 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-02-15 02:52 . 2009-07-13 21:59 7646208 ----a-w- c:\windows\system32\atidxx64.dll
2012-01-31 05:02 . 2012-01-31 05:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-01-31 05:00 . 2012-01-31 05:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\herb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8187B;Belkin Wireless G USB Network Adapter;c:\windows\system32\DRIVERS\rtl8187B.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 X6va006;X6va006;c:\users\herb\AppData\Local\Temp\0064386.tmp [x]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2011-10-11 616400]
S2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-03-13 342480]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-10-11 463824]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [x]
S3 SaiH8000;SaiH8000;c:\windows\system32\DRIVERS\SaiH8000.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3638853225-1990997699-2437280156-1000Core.job
- c:\users\herb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09 14:48]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3638853225-1990997699-2437280156-1000UA.job
- c:\users\herb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09 14:48]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-BitTorrent - c:\program files (x86)\BitTorrent\BitTorrent.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\herb\AppData\Local\Temp\0064386.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-13 23:57:00
ComboFix-quarantined-files.txt 2012-03-13 22:56
ComboFix2.txt 2012-03-13 04:04
.
Pre-Run: 16,506,994,688 bytes free
Post-Run: 16,221,315,072 bytes free
.
- - End Of File - - E400782127CF142C74F70C1E5FA51C65

[LDTate]

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

File::
c:\users\herb\AppData\Local\Temp\0064386.tmp

ClearJavaCache::

Driver::
X6va006

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:
1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...




Drag CFScript.txt into ComboFix.exe


Then post the results log using Copy / Paste


Also please describe how your computer behaves at the moment.

[nemanja]

http://whois.domaint...com/4.23.52.126 and this one is from facebook http://whois.domaint...m/66.220.145.45 but why avira FW block these sites?

[LDTate]

Can you go into the firewall settings and allow those?

[LDTate]

http://www.ehow.com/...a-firewall.html

[nemanja]

i did alow for google it was deny, and all is alowed now but still some new adresses keep showing.. on every 10min ill try now with script