Jump to content

DWizard

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks for responding... I listed the ip's because they happened in a relatively short time span. As for p2p playing, no games were being played, Raptr is just AMD's launcher that works with Steam and non Steam games. Earns you points for playing time and some other perks no matter what launcher you use to launch the games. Only 2 games installed even though both are MMO, only 1 game works a many P2P (individual servers by players), the other works from only the publishers servers. I've come to the conclusion it's Raptr wanting some other type data. And where I'm concerned that's a no no anyways. But it's still a good question, after all it's the AMD executable reaching out and being flagged by Malwarebytes - no P2P gaming happening. I left Mawarebytes in charge of this. I just turned off notifications. An AMD app, while in idle, is worse then torrenting. This is one for the books....
  2. I realize it's been covered a year or 3 back but it's now popped up big time. Every singe outbound attempt to an ip by raptr.exe is blocked. Instead of allowing I just turned off notifications for the moment. This did not happen with prior version 2.02.x which is very weird also. Did a full 'clean removal and install just in case and also did another full system scan. Clean clean clean. So why is this blocking so many raptr ip's. Raptr is a legitimate program doing a legitimate task for one of the larger computer industries in the world, AMD. == Malwarebytes Anti-Malwarewww.malwarebytes.org Update, 10/14/2014 10:36:37 AM, SYSTEM, DOGMA1, Manual, Rootkit Database, 2014.9.18.1, 2014.10.11.1, Update, 10/14/2014 10:36:44 AM, SYSTEM, DOGMA1, Manual, Malware Database, 2014.9.19.5, 2014.10.14.9, Error, 10/14/2014 10:37:37 AM, SYSTEM, DOGMA1, Protection, IsLicensed, 13, Protection, 10/14/2014 10:37:37 AM, SYSTEM, DOGMA1, Protection, Malware Protection, Stopping, Protection, 10/14/2014 10:37:37 AM, SYSTEM, DOGMA1, Protection, Malware Protection, Stopped, Protection, 10/14/2014 10:37:42 AM, SYSTEM, DOGMA1, Protection, Malware Protection, Starting, Protection, 10/14/2014 10:37:42 AM, SYSTEM, DOGMA1, Protection, Malware Protection, Started, Protection, 10/14/2014 10:37:42 AM, SYSTEM, DOGMA1, Protection, Malicious Website Protection, Starting, Protection, 10/14/2014 10:37:42 AM, SYSTEM, DOGMA1, Protection, Malicious Website Protection, Started, Detection, 10/14/2014 10:49:32 AM, SYSTEM, DOGMA1, Protection, Malicious Website Protection, IP, 218.10.43.110, 6881, Outbound, C:\PROGRA~2\Raptr\raptr.exe, Detection, 10/14/2014 10:49:32 AM, SYSTEM, DOGMA1, Protection, Malicious Website Protection, IP, 218.10.43.110, 6881, Outbound, C:\PROGRA~2\Raptr\raptr.exe, Scan, 10/14/2014 10:52:04 AM, SYSTEM, DOGMA1, Manual, Start:10/14/2014 10:47:27 AM, Duration:4 min 36 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, Detection, 10/14/2014 10:53:33 AM, SYSTEM, DOGMA1, Protection, Malicious Website Protection, IP, 81.163.138.58, 6881, Outbound, C:\PROGRA~2\Raptr\raptr.exe, Detection, 10/14/2014 10:53:33 AM, SYSTEM, DOGMA1, Protection, Malicious Website Protection, IP, 81.163.138.58, 6881, Outbound, C:\PROGRA~2\Raptr\raptr.exe, Detection, 10/14/2014 10:57:07 AM, SYSTEM, DOGMA1, Protection, Malicious Website Protection, IP, 91.212.124.13, 6881, Outbound, C:\PROGRA~2\Raptr\raptr.exe, Detection, 10/14/2014 10:57:07 AM, SYSTEM, DOGMA1, Protection, Malicious Website Protection, IP, 91.212.124.13, 6881, Outbound, C:\PROGRA~2\Raptr\raptr.exe, Detection, 10/14/2014 11:04:11 AM, SYSTEM, DOGMA1, Protection, Malicious Website Protection, IP, 41.35.85.52, 6881, Outbound, C:\PROGRA~2\Raptr\raptr.exe, Detection, 10/14/2014 11:04:11 AM, SYSTEM, DOGMA1, Protection, Malicious Website Protection, IP, 41.35.85.52, 6881, Outbound, C:\PROGRA~2\Raptr\raptr.exe, Detection, 10/14/2014 11:33:43 AM, SYSTEM, DOGMA1, Protection, Malicious Website Protection, IP, 195.2.253.172, 6881, Outbound, C:\PROGRA~2\Raptr\raptr.exe, Detection, 10/14/2014 11:33:43 AM, SYSTEM, DOGMA1, Protection, Malicious Website Protection, IP, 195.2.253.172, 6881, Outbound, C:\PROGRA~2\Raptr\raptr.exe, Detection, 10/14/2014 11:59:20 AM, SYSTEM, DOGMA1, Protection, Malicious Website Protection, IP, 109.163.226.153, 6881, Outbound, C:\PROGRA~2\Raptr\raptr.exe, Detection, 10/14/2014 11:59:20 AM, SYSTEM, DOGMA1, Protection, Malicious Website Protection, IP, 109.163.226.153, 6881, Outbound, C:\PROGRA~2\Raptr\raptr.exe, Detection, 10/14/2014 12:23:15 PM, SYSTEM, DOGMA1, Protection, Malicious Website Protection, IP, 98.142.245.48, 6881, Outbound, C:\PROGRA~2\Raptr\raptr.exe, Detection, 10/14/2014 12:23:15 PM, SYSTEM, DOGMA1, Protection, Malicious Website Protection, IP, 98.142.245.48, 6881, Outbound, C:\PROGRA~2\Raptr\raptr.exe, Detection, 10/14/2014 12:23:23 PM, SYSTEM, DOGMA1, Protection, Malicious Website Protection, IP, 91.188.33.154, 6881, Outbound, C:\PROGRA~2\Raptr\raptr.exe, Detection, 10/14/2014 12:23:23 PM, SYSTEM, DOGMA1, Protection, Malicious Website Protection, IP, 91.188.33.154, 6881, Outbound, C:\PROGRA~2\Raptr\raptr.exe, Detection, 10/14/2014 12:37:57 PM, SYSTEM, DOGMA1, Protection, Malicious Website Protection, IP, 77.78.226.93, 6881, Outbound, C:\PROGRA~2\Raptr\raptr.exe, Detection, 10/14/2014 12:37:57 PM, SYSTEM, DOGMA1, Protection, Malicious Website Protection, IP, 77.78.226.93, 6881, Outbound, C:\PROGRA~2\Raptr\raptr.exe, (end)==
  3. Just wanted to say the fix provided worked perfectly but there was one difference. I had updated to 2.0.2.1012 and it was running just fine. Then about 24 hours ago I realized MBAM wasn't running. How or why this happened I can't figure. So I did all the right things (incl. external scans, combofix, and a few others) and with the exception of a few PUP's was totally clean. I also checked the advanced when app refused to start and got this: Problem signature: Problem Event Name: APPCRASH Application Name: mbam.exe Application Version: 1.0.0.532 Application Timestamp: 53518532 Fault Module Name: MSVCR100.dll Fault Module Version: 10.0.40219.325 Fault Module Timestamp: 4df2be1e Exception Code: 40000015 Exception Offset: 0008d6fd OS Version: 6.1.7601.2.1.0.256.1 Locale ID: 1033 Additional Information 1: 8374 Additional Information 2: 83748d7ce6919cf452bf5c3838e036f3 Additional Information 3: 2e01 Additional Information 4: 2e01b10c887fd7f971b05773252074ee Regardless I used your mbam-clean-2.0.2.0 and it worked flawlessly. I just wish I checked the forum first, it would have saved time and "frustration". Thanks!
  4. Today did a quick scan (10/4/13) and InstallMate files have been detected. Why I'm posting. First, even though I own WinPatrol, it's never been installed on this PC yet these files are in the C:\Program Data\InstallMate folder. No pc issue's, no other malware detected, just InstallMate. All PUP detections. All I can say is how sneaky! Apparently these files are just to install their install maker program. It may be fine software but the way it found itself to my pc is to my way of thinking not ethical, and creepy. Attached is everything including MBAM log file. InstallMate.zip MBAM-log-2013-10-04 (14-20-37).txt
  5. DDS (Ver_2012-10-14.05) - NTFS_AMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2 Run by Da Boss at 17:06:54 on 2012-10-16 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16365.12744 [GMT -4:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\USB Safely Remove\USBSRService.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Sandboxie\SbieSvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files\CheckPoint\ZAForceField\ForceField.exe C:\Program Files\cFosSpeed\spd.exe C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Windows\system32\taskeng.exe C:\Program Files\cFosSpeed\cfosspeed.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\The Aero Clock\TheAeroClock.exe C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe C:\Program Files (x86)\Sapphire TRIXX\TRIXX.exe C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe C:\Program Files (x86)\Chaos Manager 2\cm2.exe C:\Program Files (x86)\Everything\Everything.exe C:\Program Files (x86)\WizMouse\WizMouse.exe C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe C:\Program Files (x86)\PowerISO\PWRISOVM.EXE C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Common Files\Motive\McciCMService.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe C:\Windows\SysWOW64\NLSSRV32.EXE C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Windows\system32\svchost.exe -k regsvc C:\Program Files\StarWind Software\RAM Disk\StarRAMService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://att.my.yahoo.com/ BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [TheAeroClock] "C:\Program Files (x86)\The Aero Clock\TheAeroClock.exe" -bg uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe uRun: [CursorFX] "C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe" uRun: [steelSeries Engine] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe uRun: [uSB Safely Remove] C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe /startup mRun: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart mRun: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [PowerDVD12DMREngine] "C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" mRun: [PowerDVD12Agent] "C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" mRun: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe mRunOnce: [GrpConv] grpconv -o StartupFolder: C:\Users\DABOSS~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CHAOSM~1.LNK - C:\Program Files (x86)\Chaos Manager 2\cm2.exe StartupFolder: C:\Users\DABOSS~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Fences.lnk - C:\Program Files (x86)\Stardock\Fences\Fences.exe StartupFolder: C:\Users\DABOSS~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WizMouse.lnk - C:\Program Files (x86)\WizMouse\WizMouse.exe uPolicies-Explorer: NoDrives = dword:0 uPolicies-Explorer: AlwaysShowClassicMenu = dword:1 uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 mPolicies-Windows\System: UseOEMBackground = dword:1 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-00105-0001-0005-ABCDEFFEDCBC} - <orphaned> IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15117/CTPID.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{AEDB8BB3-6DE5-4B1A-92DD-0C8620388EB4} : DHCPNameServer = 192.168.1.254 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 x64-Run: [iSW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden" x64-Run: [Fences] "C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startup x64-Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-STS: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - <orphaned> x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Da Boss\AppData\Roaming\Mozilla\Firefox\Profiles\hjqy66xv.default\ FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/ FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npdf.dll FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npnitroie.dll FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll FF - plugin: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll FF - plugin: C:\Users\Da Boss\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Users\Da Boss\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Users\Da Boss\AppData\Roaming\Mozilla\plugins\np-mswmp.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-12-12 82048] R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-12-12 42624] R0 oodrvled;oodrvled;C:\Windows\System32\drivers\OODrvled.sys [2011-3-2 30800] R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2011-6-23 21104] R1 FNETURPX;FNETURPX;C:\Windows\System32\drivers\FNETURPX.SYS [2012-1-25 15936] R1 StarRAM;StarRAM Storage Controller;C:\Windows\System32\drivers\StarRAM.sys [2012-7-26 69248] R2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2012/09/28 17:56:41];C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [2012-8-10 147704] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-27 239616] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984] R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888] R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-9-28 90640] R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-9-28 78352] R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-9-28 295440] R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2012-4-30 33712] R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2012-4-30 827560] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-13 399432] R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-9-13 517632] R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2012-9-18 230920] R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2011-3-21 68928] R2 ntk_PowerDVD12;ntk_PowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2012-9-28 83704] R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2010-9-14 14112] R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2010-8-31 27136] R2 StarRAMService;StarRAM Service;C:\Program Files\StarWind Software\RAM Disk\StarRAMService.exe [2012-7-26 94720] R2 USBSafelyRemoveService;USB Safely Remove Assistant;C:\Program Files (x86)\USB Safely Remove\USBSRService.exe [2011-11-19 1473880] R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-2-16 46136] R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2012-7-28 10278912] R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2012-7-27 368640] R3 busenum;SteelBusSvc;C:\Windows\System32\drivers\SteelBus64.sys [2012-5-22 112128] R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2012-10-16 65152] R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2012-7-10 88704] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-25 708200] R3 SaiK8020;SaiK8020;C:\Windows\System32\drivers\SaiK8020.sys [2012-10-12 159752] R3 SAlphamHid;SteelHIDSvc;C:\Windows\System32\drivers\SAlpham64.sys [2012-5-21 34944] R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-6-17 166576] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-6-21 38456] RUnknown 09970055;09970055; [x] RUnknown 3067631drv;3067631drv; [x] S1 GsRamDsk;%DiskServiceDesc%;C:\Windows\System32\drivers\GsRamDsk.sys [2012-8-13 59856] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-11 136176] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-13 676936] S2 nxsIO32;NextSensor Kernel I/O Driver;C:\Windows\System32\drivers\nxsIO32.sys [2012-6-26 2208] S3 6077757b;6077757b;C:\Windows\System32\drivers\regi.sys [2010-9-14 14112] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 250808] S3 AODDriver;AODDriver;C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [2010-3-12 52280] S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-12-5 95248] S3 cpuz134;cpuz134;C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2011-2-12 21480] S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-3-10 16776] S3 etdrv;etdrv;C:\Windows\etdrv.sys [2010-9-18 25640] S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-3-10 9096] S3 FNETTBOH_304;FNETTBOH_304;C:\Windows\System32\drivers\FNETTBOH_304.SYS [2012-1-25 31296] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-11 136176] S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2010-9-18 30528] S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2012-6-21 160256] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-9-2 76056] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-9-2 15128] S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-13 25928] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-27 115168] S3 NtiEnc;NtiEnc;C:\Windows\System32\drivers\NtiEnc.sys [2011-9-10 155264] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 PVUSB;CESG502 64bit USB Driver;C:\Windows\System32\drivers\CESG64.sys [2007-2-19 63808] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-2-28 20992] S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2012-6-21 58472] S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2010-8-31 24064] S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2012-10-12 15712] S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2012-6-21 58472] S3 TridVid;USB TV Tuner;C:\Windows\System32\drivers\tridvid6010.sys [2011-1-21 411648] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-28 59392] S3 UDXTTM6000;DTV-DVB UDXTTM6000 - USB 2.0 Receiver;C:\Windows\System32\drivers\UDXTTM6000.sys [2010-10-26 366080] S3 UDXTTM6000HID;UDXTTM6000HID - HID Driver;C:\Windows\System32\drivers\UDXTTM6000HID.sys [2010-10-26 17920] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-10 1255736] S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys [2012-5-28 14544] S3 XHCIdrv;xHCI Compliance Test Host Controller;C:\Windows\System32\drivers\XHCIdrv.sys [2012-7-3 103936] S4 IObitUnlocker;IObitUnlocker;C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [2011-9-6 35256] . =============== File Associations =============== . FileExt: .reg: regfile=C:\Windows\System32\metapad.exe "%1" [userChoice] [default=edit - 'Open' doesn't exist] FileExt: .txt: Applications\chrome.exe="C:\Program Files\metapad.exe" "%1" [userChoice] FileExt: .ini: Applications\NOTEPAD.EXE=C:\Program Files\metapad.exe %1 [userChoice] FileExt: .inf: Applications\metapad.exe="C:\Program Files\metapad.exe" "%1" [userChoice] [default=edit - 'Open' doesn't exist] FileExt: .js: JSFile=C:\Windows\System32\WScript.exe "%1" %* [userChoice] ShellExec: chrome.exe: open="C:\Program Files\metapad.exe" "%1" ShellExec: NOTEPAD.EXE: edit="C:\Program Files\metapad.exe" ShellExec: NOTEPAD.EXE: open=C:\Program Files\metapad.exe %1 . =============== Created Last 30 ================ . 2012-10-16 20:04:33 -------- d-----w- C:\Program Files (x86)\SlimDrivers 2012-10-16 18:52:01 -------- d-----w- C:\ProgramData\Kaspersky Lab 2012-10-16 18:46:02 65152 ----a-w- C:\Windows\System32\drivers\EtronHub3.sys 2012-10-16 17:41:21 -------- d-----w- C:\Program Files (x86)\ATI 2012-10-16 00:45:46 -------- d-----w- C:\Users\Da Boss\AppData\Local\SUPERSystemInspector 2012-10-15 23:04:14 -------- d-----w- C:\Program Files (x86)\Sapphire TRIXX 2012-10-15 22:39:40 -------- d-----w- C:\GvTemp 2012-10-15 21:36:20 914944 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VC\msdia80.dll 2012-10-15 05:38:47 -------- d-----w- C:\Program Files (x86)\VideoLAN 2012-10-15 05:36:44 -------- d-----w- C:\Windows\SysWow64\wbem\Logs 2012-10-15 05:29:22 -------- d-----w- C:\Program Files\VideoLAN 2012-10-14 22:22:13 -------- d-----w- C:\Users\Da Boss\AppData\Local\FLT 2012-10-14 01:03:19 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-10-13 22:57:12 -------- d-----w- C:\Windows\System32\MpEngineStore 2012-10-13 22:43:40 15360 ----a-w- C:\Windows\System32\wsock32.dll 2012-10-13 22:40:52 15360 ----a-w- C:\Windows\SysWow64\wsock32.dll 2012-10-13 21:26:48 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-10-13 06:36:05 31616 ----a-w- C:\Windows\System32\FoolishEventLogMsgHelper.dll 2012-10-13 01:37:09 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe 2012-10-13 01:37:09 157272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe 2012-10-12 17:57:19 1919968 ----a-w- C:\Windows\System32\WdfCoInstaller01005.dll 2012-10-12 17:57:19 159752 ----a-w- C:\Windows\System32\drivers\SaiK8020.sys 2012-10-12 17:53:55 15712 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys 2012-10-12 17:53:50 -------- d-----w- C:\Users\Da Boss\AppData\Local\SlimWare Utilities Inc 2012-10-11 12:45:13 -------- d-----w- C:\Users\Da Boss\AppData\Local\checksumcontrol 2012-10-11 12:42:40 -------- d-----w- C:\Users\Da Boss\AppData\Local\ChecksumControl64 2012-10-11 12:31:50 921 ----a-w- C:\Windows\QSFVExit.bat 2012-10-11 12:27:28 -------- d-----w- C:\Program Files\QuickSFV 2012-10-09 01:22:49 -------- d-----w- C:\Users\Da Boss\AppData\Local\Power8_Team 2012-10-06 18:12:50 -------- d-----w- C:\Program Files (x86)\Sony 2012-10-06 18:12:50 -------- d-----w- C:\Program Files (x86)\Common Files\Sony Shared 2012-10-05 20:16:28 1744296 ----a-w- C:\Windows\System32\drivers\cfosspeed6.sys 2012-10-05 20:16:28 -------- d-----w- C:\Program Files\cFosSpeed 2012-10-02 18:04:49 -------- d-----w- C:\Users\Da Boss\AppData\Local\SteelSeries_ApS 2012-10-02 17:59:53 -------- d-----w- C:\Users\Da Boss\AppData\Roaming\SteelSeries 2012-10-02 17:59:14 -------- d-----w- C:\ProgramData\SteelSeries 2012-10-02 17:56:29 -------- d-----w- C:\Program Files\SteelSeries 2012-10-01 17:45:42 -------- d-----w- C:\Users\Da Boss\AppData\Local\Stardock_Corporation 2012-09-30 01:50:03 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer 2012-09-30 01:42:29 -------- d-----w- C:\Program Files (x86)\Borderlands 2 2012-09-28 21:56:37 -------- d-----w- C:\ProgramData\PDVD 2012-09-28 21:53:30 -------- d-----w- C:\ProgramData\install_clap 2012-09-27 07:09:34 -------- d-----w- C:\Users\Da Boss\AppData\Roaming\Nitro 2012-09-27 07:09:34 -------- d-----w- C:\Users\Da Boss\AppData\Roaming\FileOpen 2012-09-27 07:09:34 -------- d-----w- C:\ProgramData\FileOpen 2012-09-27 07:08:46 -------- d-----w- C:\Program Files\Common Files\Nitro 2012-09-27 07:08:44 -------- d-----w- C:\ProgramData\Nitro 2012-09-27 07:08:44 -------- d-----w- C:\Program Files (x86)\Nitro 2012-09-27 07:08:44 -------- d-----w- C:\Program Files (x86)\Common Files\Nitro 2012-09-21 09:10:40 -------- d-----w- C:\Program Files (x86)\Common Files\Echojychij 2012-09-20 04:14:16 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-09-20 04:14:16 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-09-20 04:14:16 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys . ==================== Find3M ==================== . 2012-10-15 23:36:28 25640 ----a-w- C:\Windows\etdrv.sys 2012-10-15 22:39:24 30528 ----a-w- C:\Windows\GVTDrv64.sys 2012-10-15 22:39:16 25640 ----a-w- C:\Windows\gdrv.sys 2012-10-13 22:57:06 328704 ----a-w- C:\Windows\System32\services.exe 2012-10-09 13:54:31 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-09 13:54:31 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-09-18 18:28:04 17928 ----a-w- C:\Windows\System32\nitrolocalui2.dll 2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-08-31 05:21:58 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-08-31 05:21:55 821736 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-08-31 05:21:55 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-08-27 22:09:56 98304 ----a-w- C:\Windows\IsUninst.exe 2012-08-27 22:09:56 9096 ----a-w- C:\Windows\System32\EuGdiDrv.sys 2012-08-27 22:09:56 66560 ----a-w- C:\Windows\System32\OVDecoder64.dll 2012-08-27 22:09:56 6656 ----a-w- C:\Windows\System32\lpcio.dll 2012-08-27 22:09:56 59856 ----a-w- C:\Windows\System32\drivers\GsRamDsk.sys 2012-08-27 22:09:56 48776 ----a-w- C:\Windows\System32\drivers\EUBKMON.sys 2012-08-27 22:09:56 31272 ----a-w- C:\Windows\System32\AppleChargerSrv.exe 2012-08-27 22:09:56 21104 ----a-w- C:\Windows\System32\drivers\AppleCharger.sys 2012-08-27 22:09:56 16776 ----a-w- C:\Windows\System32\epmntdrv.sys 2012-08-27 22:09:56 16256 ----a-w- C:\Windows\System32\EuEpmGdi.dll 2012-08-26 12:56:21 138400 ----a-w- C:\Windows\SysWow64\drivers\AnyDVD.sys 2012-08-26 12:56:21 138400 ----a-w- C:\Windows\System32\drivers\AnyDVD.sys 2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll 2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-08-17 04:41:48 126944 ----a-w- C:\Windows\System32\drivers\scdemu.sys 2012-08-14 06:54:30 71680 ----a-w- C:\Windows\System32\frapsv64.dll 2012-08-14 06:54:28 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll 2012-08-13 05:09:33 59856 ----a-w- C:\Windows\inf\GsRamDsk.sys 2012-08-13 05:09:33 243712 ----a-w- C:\Windows\System32\InstallDriver.exe 2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll 2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll 2012-07-28 04:09:20 5538984 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2012-07-28 04:07:44 10278912 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2012-07-28 03:43:12 70144 ----a-w- C:\Windows\System32\coinst_8.982.dll 2012-07-28 03:19:34 24935424 ----a-w- C:\Windows\System32\atio6axx.dll 2012-07-28 02:50:10 20546560 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2012-07-28 02:47:40 187392 ----a-w- C:\Windows\System32\clinfo.exe 2012-07-28 02:47:24 75776 ----a-w- C:\Windows\System32\OpenVideo64.dll 2012-07-28 02:47:16 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll 2012-07-28 02:47:10 63488 ----a-w- C:\Windows\System32\OVDecode64.dll 2012-07-28 02:47:06 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2012-07-28 02:46:56 16464896 ----a-w- C:\Windows\System32\amdocl64.dll 2012-07-28 02:46:06 13013504 ----a-w- C:\Windows\SysWow64\amdocl.dll 2012-07-28 02:15:50 163840 ----a-w- C:\Windows\System32\atiapfxx.exe 2012-07-28 02:15:42 931328 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2012-07-28 02:13:56 1100288 ----a-w- C:\Windows\System32\aticfx64.dll 2012-07-28 02:10:40 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll 2012-07-28 02:10:34 534528 ----a-w- C:\Windows\System32\atieclxx.exe 2012-07-28 02:09:44 239616 ----a-w- C:\Windows\System32\atiesrxx.exe 2012-07-28 02:08:20 120320 ----a-w- C:\Windows\System32\atitmm64.dll 2012-07-28 02:08:04 21504 ----a-w- C:\Windows\System32\atimuixx.dll 2012-07-28 02:07:58 59392 ----a-w- C:\Windows\System32\atiedu64.dll 2012-07-28 02:07:52 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll 2012-07-28 02:07:10 6430208 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2012-07-28 01:51:12 7052288 ----a-w- C:\Windows\System32\atidxx64.dll 2012-07-28 01:41:32 4266496 ----a-w- C:\Windows\System32\atiumd6a.dll 2012-07-28 01:35:10 51200 ----a-w- C:\Windows\System32\aticalrt64.dll 2012-07-28 01:35:08 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2012-07-28 01:35:02 44544 ----a-w- C:\Windows\System32\aticalcl64.dll 2012-07-28 01:35:00 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2012-07-28 01:34:48 16034304 ----a-w- C:\Windows\System32\aticaldd64.dll 2012-07-28 01:32:32 4751872 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2012-07-28 01:30:10 13605888 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2012-07-28 01:25:52 6676480 ----a-w- C:\Windows\System32\atiumd64.dll 2012-07-28 01:22:36 77312 ----a-w- C:\Windows\System32\amdave64.dll 2012-07-28 01:22:28 77312 ----a-w- C:\Windows\SysWow64\amdave32.dll 2012-07-28 01:22:16 74240 ----a-w- C:\Windows\System32\atisamu64.dll 2012-07-28 01:22:10 71168 ----a-w- C:\Windows\atisamu32.dll 2012-07-28 01:15:32 540160 ----a-w- C:\Windows\System32\atiadlxx.dll 2012-07-28 01:15:22 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll 2012-07-28 01:15:12 17920 ----a-w- C:\Windows\System32\atig6pxx.dll 2012-07-28 01:15:08 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll 2012-07-28 01:15:08 14848 ----a-w- C:\Windows\System32\atiglpxx.dll 2012-07-28 01:15:04 41984 ----a-w- C:\Windows\System32\atig6txx.dll 2012-07-28 01:14:56 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll 2012-07-28 01:14:46 368640 ----a-w- C:\Windows\System32\drivers\atikmpag.sys 2012-07-28 01:13:54 129536 ----a-w- C:\Windows\System32\atiuxp64.dll 2012-07-28 01:13:48 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2012-07-28 01:13:40 103936 ----a-w- C:\Windows\System32\atiu9p64.dll 2012-07-28 01:13:32 83456 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2012-07-28 01:12:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll 2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\atimpc64.dll 2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\amdpcom64.dll 2012-03-08 06:20:30 8192 --sha-w- C:\Windows\SysWOW64\srvany.exe . ============= FINISH: 17:07:21.67 ===============
  6. I was running Utorrent last night and MB blocked over 12 dns address's. I did a whois of those addresses and only 1 was known for many different acts. The rest (on google) were identical basically. All they had were some unknowns where others are full disclosure. I accidently didn't save the address's, but it seems will keep growing. But I'm sure if I start the torrent client again Malwarebytes will be catching them within minutes. Here's the problem. 1 site was a known true perpetrator of exploits and other things, most of the others just didn't disclose as much self information as the others, or because of the similarities were running through proxy servers. No browsers were running (as a process either). This blockage of many only happens when running a torrent client such as Utorrent. Anything bad that I ever picked up and had to purge was picked up via browser or of my own carelessness. Because of the 1 truly known block I really don't want to turn off malicious website blocking... Why is this? Can these sites access a pc through a torrent client?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.