nemanja

my malwarebytes keeps on blocking several ip addresses (type: outgoing)..

70 posts in this topic

please help me.. im not good at computer stuffs and im kinda worried.. my malwarebytes keeps on blocking several ip addresses (type: outgoing).. what does this means? is someone trying to hack my system? but i ran anti virus and anti malware and it seems okay... do i need to do further action? did i miss something? please instruct me what to do... your help would be highly appreciated. Thanks

2012/03/11 03:01:44 +0100 HERB-PC herb IP-BLOCK 212.36.9.157 (Type: outgoing, Port: 59238, Process: avwebgrd.exe)

2012/03/11 03:01:44 +0100 HERB-PC herb IP-BLOCK 212.36.9.157 (Type: outgoing, Port: 59239, Process: avwebgrd.exe)

2012/03/11 03:01:44 +0100 HERB-PC herb IP-BLOCK 212.36.9.157 (Type: outgoing, Port: 59241, Process: avwebgrd.exe)

2012/03/11 03:08:32 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 60750, Process: avwebgrd.exe)

2012/03/11 03:34:34 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 63141, Process: avwebgrd.exe)

2012/03/11 03:44:43 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 64209, Process: avwebgrd.exe)

2012/03/11 03:45:23 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 03:45:31 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 03:45:31 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 64348, Process: bittorrent.exe)

2012/03/11 03:45:40 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 03:47:00 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 64498, Process: bittorrent.exe)

2012/03/11 03:47:16 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 03:47:16 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 03:51:25 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 03:51:25 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 64780, Process: bittorrent.exe)

2012/03/11 03:51:33 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 03:57:02 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 65192, Process: avwebgrd.exe)

2012/03/11 03:57:10 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 03:57:27 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 03:57:27 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 65298, Process: bittorrent.exe)

2012/03/11 03:57:27 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 03:58:07 +0100 HERB-PC herb IP-BLOCK 195.216.189.66 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 03:58:23 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 03:58:23 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 65355, Process: bittorrent.exe)

2012/03/11 03:58:31 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 03:59:35 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 65389, Process: bittorrent.exe)

2012/03/11 04:00:00 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 04:00:08 +0100 HERB-PC herb IP-BLOCK 212.36.9.185 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 04:07:13 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 49171, Process: avwebgrd.exe)

2012/03/11 04:14:01 +0100 HERB-PC herb IP-BLOCK 218.7.226.66 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 04:27:30 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 49424, Process: avwebgrd.exe)

2012/03/11 04:59:40 +0100 HERB-PC herb IP-BLOCK 94.102.56.139 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 05:07:33 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 50100, Process: avwebgrd.exe)

2012/03/11 05:14:37 +0100 HERB-PC herb IP-BLOCK 89.28.98.66 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 06:15:12 +0100 HERB-PC herb IP-BLOCK 203.93.109.188 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 06:15:20 +0100 HERB-PC herb IP-BLOCK 79.135.149.98 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 06:27:45 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 50751, Process: avwebgrd.exe)

2012/03/11 06:44:10 +0100 HERB-PC herb IP-BLOCK 195.161.7.1 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 07:59:09 +0100 HERB-PC herb IP-BLOCK 46.182.104.43 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 08:31:35 +0100 HERB-PC herb IP-BLOCK 61.139.126.180 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 09:04:36 +0100 HERB-PC herb IP-BLOCK 61.139.126.180 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 09:06:04 +0100 HERB-PC herb IP-BLOCK 91.188.46.33 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 09:07:48 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 52497, Process: avwebgrd.exe)

2012/03/11 09:18:05 +0100 HERB-PC herb IP-BLOCK 194.165.0.8 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 09:33:01 +0100 HERB-PC herb IP-BLOCK 46.182.104.43 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 09:49:02 +0100 HERB-PC herb IP-BLOCK 91.188.33.97 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 10:02:39 +0100 HERB-PC herb IP-BLOCK 80.67.13.105 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 11:18:34 +0100 HERB-PC herb IP-BLOCK 212.117.179.122 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 11:18:34 +0100 HERB-PC herb IP-BLOCK 222.65.100.98 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 11:48:43 +0100 HERB-PC herb IP-BLOCK 213.186.119.120 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 11:58:59 +0100 HERB-PC herb IP-BLOCK 89.28.6.125 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 14:01:21 +0100 HERB-PC herb IP-BLOCK 218.7.16.117 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 14:28:19 +0100 HERB-PC herb IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 57242, Process: avwebgrd.exe)

2012/03/11 14:45:56 +0100 HERB-PC herb IP-BLOCK 58.241.117.105 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 15:13:17 +0100 HERB-PC herb IP-BLOCK 31.31.77.117 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 15:29:34 +0100 HERB-PC herb IP-BLOCK 121.125.133.24 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

2012/03/11 15:44:07 +0100 HERB-PC herb IP-BLOCK 89.28.40.246 (Type: outgoing, Port: 50738, Process: bittorrent.exe)

Share this post


Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by herb at 21:31:06 on 2012-03-11

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2839 [GMT 1:00]

.

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\BitTorrent\BitTorrent.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Users\herb\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\herb\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\herb\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [bitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AMLDEV~1.LNK - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{52A2726C-FD97-421D-9203-CBD2DA6A5A85} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{6AC69217-9567-4CB4-BFFF-1AF9454FE20C} : DhcpNameServer = 192.168.1.1

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

============= SERVICES / DRIVERS ===============

.

R1 avfwot;avfwot;C:\Windows\system32\DRIVERS\avfwot.sys --> C:\Windows\system32\DRIVERS\avfwot.sys [?]

R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AntiVirFirewallService;Avira FireWall;C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2012-3-9 616400]

R2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-3-9 342480]

R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-3-9 86224]

R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-3-9 110032]

R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2012-3-9 463824]

R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-10 652360]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 avfwim;AvFw Packet Filter Miniport;C:\Windows\system32\DRIVERS\avfwim.sys --> C:\Windows\system32\DRIVERS\avfwim.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]

R3 SaiH8000;SaiH8000;C:\Windows\system32\DRIVERS\SaiH8000.sys --> C:\Windows\system32\DRIVERS\SaiH8000.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 RTL8187B;Belkin Wireless G USB Network Adapter;C:\Windows\system32\DRIVERS\rtl8187B.sys --> C:\Windows\system32\DRIVERS\rtl8187B.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

.

=============== Created Last 30 ================

.

2012-03-11 19:39:47 388096 ----a-r- C:\Users\herb\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-03-11 19:39:46 -------- d-----w- C:\Program Files (x86)\ht

2012-03-11 17:52:31 -------- d-sh--w- C:\$RECYCLE.BIN

2012-03-11 15:15:24 -------- d-----w- C:\CFLog

2012-03-10 14:49:25 446976 ----a-w- C:\Windows\System32\drivers\rtl8187B.sys

2012-03-10 14:49:25 446976 ----a-w- C:\Windows\system\rtl8187B.sys

2012-03-10 14:49:25 -------- d-----w- C:\Windows\OPTIONS

2012-03-10 14:48:53 451072 ----a-w- C:\Windows\SysWow64\ISSRemoveSP.exe

2012-03-10 14:48:53 -------- d-----w- C:\Program Files (x86)\Belkin

2012-03-10 14:10:36 -------- d-----w- C:\Users\herb\AppData\Local\NFS Underground 2

2012-03-10 13:47:14 -------- d-----w- C:\Program Files (x86)\ESET

2012-03-10 03:32:29 98816 ----a-w- C:\Windows\sed.exe

2012-03-10 03:32:29 518144 ----a-w- C:\Windows\SWREG.exe

2012-03-10 03:32:29 256000 ----a-w- C:\Windows\PEV.exe

2012-03-10 03:32:29 208896 ----a-w- C:\Windows\MBR.exe

2012-03-10 03:11:36 -------- d-----w- C:\Program Files (x86)\BitTorrent

2012-03-10 03:10:27 -------- d-----w- C:\Users\herb\AppData\Roaming\BitTorrent

2012-03-10 02:34:25 -------- d-----w- C:\Users\herb\AppData\Roaming\Malwarebytes

2012-03-10 02:34:18 -------- d-----w- C:\ProgramData\Malwarebytes

2012-03-10 02:34:17 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-10 02:34:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-03-10 02:26:48 -------- d-----w- C:\Users\herb\AppData\Roaming\BSplayer PRO

2012-03-10 02:26:47 -------- d-----w- C:\Program Files (x86)\Webteh

2012-03-09 23:34:15 0 ----a-w- C:\Windows\ativpsrm.bin

2012-03-09 23:31:36 -------- d-----w- C:\Windows\Panther

2012-03-09 23:31:22 -------- d-----w- C:\Boot

2012-03-09 19:00:46 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-09 18:40:47 -------- d-----w- C:\Users\herb\AppData\Roaming\Avira

2012-03-09 18:40:12 97312 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

2012-03-09 18:40:12 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys

2012-03-09 18:40:12 139512 ----a-w- C:\Windows\System32\drivers\avfwot.sys

2012-03-09 18:40:12 113768 ----a-w- C:\Windows\System32\drivers\avfwim.sys

2012-03-09 18:40:12 -------- d-----w- C:\ProgramData\Avira

2012-03-09 18:40:12 -------- d-----w- C:\Program Files (x86)\Avira

2012-03-09 17:33:04 -------- d-----w- C:\Windows\System32\SPReview

2012-03-09 17:32:46 -------- d-----w- C:\Windows\System32\EventProviders

2012-03-09 17:20:59 762880 ----a-w- C:\Windows\SysWow64\azroles.dll

2012-03-09 17:19:56 189952 ----a-w- C:\Windows\SysWow64\sqmapi.dll

2012-03-09 17:19:49 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll

2012-03-09 17:19:49 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll

2012-03-09 17:19:49 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll

2012-03-09 17:18:54 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2012-03-09 17:18:54 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll

2012-03-09 17:18:50 244736 ----a-w- C:\Windows\System32\sqmapi.dll

2012-03-09 17:15:02 53248 ----a-r- C:\Users\herb\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2012-03-09 17:14:54 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys

2012-03-09 16:56:54 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys

2012-03-09 16:56:54 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2012-03-09 16:56:54 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys

2012-03-09 16:56:53 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys

2012-03-09 16:56:53 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys

2012-03-09 16:56:53 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys

2012-03-09 16:56:53 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys

2012-03-09 16:05:55 1139200 ----a-w- C:\Windows\System32\FntCache.dll

2012-03-09 16:05:54 902656 ----a-w- C:\Windows\System32\d2d1.dll

2012-03-09 16:05:54 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2012-03-09 16:05:54 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-03-09 16:05:54 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-03-09 15:49:36 -------- d-----w- C:\Program Files (x86)\uTorrent

2012-03-09 15:49:16 -------- d-----w- C:\Users\herb\AppData\Roaming\uTorrent

2012-03-09 15:46:44 -------- d-----w- C:\Users\herb\AppData\Local\ATI

2012-03-09 15:46:33 -------- d-----w- C:\ProgramData\AMD

2012-03-09 15:46:32 -------- d-----w- C:\Program Files (x86)\AMD AVT

2012-03-09 15:46:30 -------- d-----w- C:\Program Files (x86)\AMD APP

2012-03-09 15:46:24 -------- d-----w- C:\Program Files\Common Files\ATI Technologies

2012-03-09 15:46:24 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies

2012-03-09 15:44:54 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2012-03-09 15:44:50 -------- d-----w- C:\Program Files\ATI

2012-03-09 15:44:12 -------- d-----w- C:\Program Files\ATI Technologies

2012-03-09 15:43:28 -------- d-----w- C:\AMD

2012-03-09 15:32:53 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-03-09 15:10:20 8643640 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C71759E0-5BC3-4538-997B-F17AFD634FED}\mpengine.dll

2012-03-09 15:09:11 -------- d-----w- C:\Program Files\Ventrilo

2012-03-09 15:07:55 2871808 ----a-w- C:\Windows\explorer.exe

2012-03-09 14:56:44 77312 ----a-w- C:\Windows\System32\packager.dll

2012-03-09 14:56:44 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2012-03-09 14:48:35 -------- d-----w- C:\Users\herb\AppData\Local\Google

2012-03-09 14:48:22 -------- d-----w- C:\Users\herb\AppData\Local\Deployment

2012-03-09 14:48:22 -------- d-----w- C:\Users\herb\AppData\Local\Apps

2012-03-09 14:47:23 -------- d-----w- C:\Users\herb\AppData\Local\Diagnostics

2012-03-09 14:40:26 -------- d-----w- C:\Recovery

2012-02-15 03:48:32 10856960 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2012-02-15 03:21:24 25839104 ----a-w- C:\Windows\System32\atio6axx.dll

2012-02-15 03:18:56 159744 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-02-15 03:18:40 791040 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2012-02-15 03:17:04 957952 ----a-w- C:\Windows\System32\aticfx64.dll

2012-02-15 03:13:56 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2012-02-15 03:13:40 496128 ----a-w- C:\Windows\System32\atieclxx.exe

2012-02-15 03:13:00 235520 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-02-15 03:11:42 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-02-15 03:10:58 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-02-15 03:10:54 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2012-02-15 03:10:48 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2012-02-15 03:07:44 6200320 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2012-02-15 02:58:56 19392000 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-02-15 02:41:28 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll

2012-02-15 02:40:54 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll

2012-02-15 02:40:42 4958208 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-02-15 02:34:56 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2012-02-15 02:34:54 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-02-15 02:34:46 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-02-15 02:34:44 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2012-02-15 02:34:36 5954048 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-02-15 02:34:30 13859840 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-02-15 02:29:52 5062656 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2012-02-15 02:29:50 11561984 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2012-02-15 02:25:06 7551488 ----a-w- C:\Windows\System32\atiumd64.dll

2012-02-15 02:16:38 58880 ----a-w- C:\Windows\System32\coinst.dll

2012-02-15 02:14:00 512000 ----a-w- C:\Windows\System32\atiadlxx.dll

2012-02-15 02:13:50 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2012-02-15 02:13:36 17408 ----a-w- C:\Windows\System32\atig6pxx.dll

2012-02-15 02:13:32 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2012-02-15 02:13:32 14336 ----a-w- C:\Windows\System32\atiglpxx.dll

2012-02-15 02:13:28 39936 ----a-w- C:\Windows\System32\atig6txx.dll

2012-02-15 02:13:20 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2012-02-15 02:13:12 327680 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2012-02-15 02:12:22 43008 ----a-w- C:\Windows\System32\atiuxp64.dll

2012-02-15 02:12:14 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2012-02-15 02:12:08 39936 ----a-w- C:\Windows\System32\atiu9p64.dll

2012-02-15 02:12:00 30208 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2012-02-15 02:11:22 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\atimpc64.dll

2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\amdpcom64.dll

2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2012-02-14 21:05:32 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-02-14 21:05:26 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-02-14 21:05:20 61952 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-02-14 21:05:16 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-02-14 21:05:08 16507904 ----a-w- C:\Windows\System32\amdocl64.dll

2012-02-14 21:04:26 13238272 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-02-14 21:03:44 54272 ----a-w- C:\Windows\System32\OpenCL.dll

2012-02-14 21:03:38 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll

.

==================== Find3M ====================

.

2012-03-09 18:12:49 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2012-03-09 18:12:48 175616 ----a-w- C:\Windows\System32\msclmd.dll

2012-02-15 02:52:28 7646208 ----a-w- C:\Windows\System32\atidxx64.dll

2012-01-31 05:02:26 21504 ----a-w- C:\Windows\System32\kdbsdk64.dll

2012-01-31 05:00:24 16896 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll

2012-01-14 04:06:27 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl

2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys

2011-12-16 08:46:06 634880 ----a-w- C:\Windows\System32\msvcrt.dll

2011-12-16 07:52:58 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll

2011-12-13 17:27:30 4718952 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys

2011-12-13 15:58:20 1560168 ----a-w- C:\Windows\System32\RTSnMg64.cpl

2011-12-13 10:01:00 1698408 ----a-w- C:\Windows\RtlExUpd.dll

.

============= FINISH: 21:31:52.51 ===============

Share this post


Link to post
Share on other sites

ComboFix 12-03-09.05 - herb 03/10/2012 5:05.2.2 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2335 [GMT 1:00]

Running from: c:\users\herb\Downloads\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

FW: FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-02-10 to 2012-03-10 )))))))))))))))))))))))))))))))

.

.

2012-03-10 04:15 . 2012-03-10 04:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-10 03:11 . 2012-03-10 03:11 -------- d-----w- c:\program files (x86)\BitTorrent

2012-03-10 02:34 . 2012-03-10 02:34 -------- d-----w- c:\programdata\Malwarebytes

2012-03-10 02:34 . 2012-03-10 02:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-10 02:34 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-10 02:26 . 2012-03-10 02:26 -------- d-----w- c:\program files (x86)\Webteh

2012-03-09 23:34 . 2012-03-09 23:34 0 ----a-w- c:\windows\ativpsrm.bin

2012-03-09 23:31 . 2012-03-09 23:36 -------- d-----w- c:\windows\Panther

2012-03-09 23:31 . 2012-03-09 18:20 -------- d-----w- C:\Boot

2012-03-09 19:00 . 2012-03-09 19:00 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-09 19:00 . 2012-03-09 19:00 -------- d-----w- c:\windows\SysWow64\Macromed

2012-03-09 19:00 . 2012-03-09 19:00 -------- d-----w- c:\windows\system32\Macromed

2012-03-09 18:40 . 2012-03-09 18:40 -------- d-----w- c:\programdata\Avira

2012-03-09 18:40 . 2012-03-09 18:40 -------- d-----w- c:\program files (x86)\Avira

2012-03-09 18:40 . 2011-10-11 13:53 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2012-03-09 18:40 . 2011-10-11 13:53 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-03-09 18:40 . 2011-10-11 13:53 139512 ----a-w- c:\windows\system32\drivers\avfwot.sys

2012-03-09 18:40 . 2011-10-11 13:53 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-03-09 18:40 . 2011-10-11 13:53 113768 ----a-w- c:\windows\system32\drivers\avfwim.sys

2012-03-09 17:33 . 2012-03-09 17:33 -------- d-----w- c:\windows\system32\SPReview

2012-03-09 17:32 . 2012-03-09 17:32 -------- d-----w- c:\windows\system32\EventProviders

2012-03-09 17:20 . 2010-11-20 13:27 244224 ----a-w- c:\windows\system32\spp.dll

2012-03-09 17:19 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll

2012-03-09 17:19 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll

2012-03-09 17:19 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll

2012-03-09 17:19 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll

2012-03-09 17:18 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll

2012-03-09 17:18 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll

2012-03-09 17:18 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll

2012-03-09 17:15 . 2012-03-09 17:15 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd

2012-03-09 17:14 . 2012-03-09 17:14 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2012-03-09 17:14 . 2012-03-09 17:17 -------- d-----w- c:\programdata\Logishrd

2012-03-09 17:14 . 2012-03-09 17:14 -------- d-----w- c:\program files\Logitech

2012-03-09 17:03 . 2012-03-09 17:14 -------- d-----w- c:\program files\Common Files\Logishrd

2012-03-09 16:57 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-03-09 16:57 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll

2012-03-09 16:57 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll

2012-03-09 16:57 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys

2012-03-09 16:57 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys

2012-03-09 16:57 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys

2012-03-09 16:57 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys

2012-03-09 16:57 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys

2012-03-09 16:57 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys

2012-03-09 16:57 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe

2012-03-09 16:57 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe

2012-03-09 16:56 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2012-03-09 16:56 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2012-03-09 16:56 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys

2012-03-09 16:56 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2012-03-09 16:56 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2012-03-09 16:56 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2012-03-09 16:56 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys

2012-03-09 16:21 . 2012-03-09 16:21 -------- d-----w- c:\program files (x86)\Microsoft.NET

2012-03-09 16:05 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll

2012-03-09 16:05 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-09 16:05 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll

2012-03-09 16:05 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-09 16:05 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2012-03-09 15:49 . 2012-03-09 15:49 -------- d-----w- c:\program files (x86)\uTorrent

2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\programdata\ATI

2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\programdata\AMD

2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files (x86)\AMD AVT

2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files (x86)\AMD APP

2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files\Common Files\ATI Technologies

2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2012-03-09 15:44 . 2012-03-09 15:44 -------- d-----w- c:\program files (x86)\ATI Technologies

2012-03-09 15:44 . 2012-03-09 15:44 -------- d-----w- c:\program files\ATI

2012-03-09 15:44 . 2012-03-09 15:46 -------- d-----w- c:\program files\ATI Technologies

2012-03-09 15:43 . 2012-03-09 15:43 -------- d-----w- C:\AMD

2012-03-09 15:32 . 2012-02-23 08:18 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-03-09 15:10 . 2012-03-01 12:21 8643640 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C71759E0-5BC3-4538-997B-F17AFD634FED}\mpengine.dll

2012-03-09 15:09 . 2012-03-09 15:09 -------- d-----w- c:\program files\Ventrilo

2012-03-09 15:07 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe

2012-03-09 14:56 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-03-09 14:56 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-03-09 14:43 . 2012-03-09 14:43 -------- d-----w- c:\users\herb

2012-03-09 14:40 . 2012-03-09 14:40 -------- d-----w- C:\Recovery

2012-02-15 03:48 . 2012-02-15 03:48 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-02-15 03:21 . 2012-02-15 03:21 25839104 ----a-w- c:\windows\system32\atio6axx.dll

2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2012-02-15 03:18 . 2012-02-15 03:18 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-02-15 03:17 . 2012-02-15 03:17 957952 ----a-w- c:\windows\system32\aticfx64.dll

2012-02-15 03:13 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-02-15 03:13 . 2012-02-15 03:13 496128 ----a-w- c:\windows\system32\atieclxx.exe

2012-02-15 03:13 . 2012-02-15 03:13 235520 ----a-w- c:\windows\system32\atiesrxx.exe

2012-02-15 03:11 . 2012-02-15 03:11 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-02-15 03:10 . 2012-02-15 03:10 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-02-15 03:07 . 2012-02-15 03:07 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-02-15 02:41 . 2012-02-15 02:41 1113088 ----a-w- c:\windows\system32\atiumd6v.dll

2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll

2012-02-15 02:40 . 2012-02-15 02:40 4958208 ----a-w- c:\windows\system32\atiumd6a.dll

2012-02-15 02:34 . 2012-02-15 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-02-15 02:34 . 2012-02-15 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-02-15 02:34 . 2012-02-15 02:34 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-02-15 02:34 . 2012-02-15 02:34 13859840 ----a-w- c:\windows\system32\aticaldd64.dll

2012-02-15 02:29 . 2012-02-15 02:29 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-02-15 02:25 . 2012-02-15 02:25 7551488 ----a-w- c:\windows\system32\atiumd64.dll

2012-02-15 02:16 . 2012-02-15 02:16 58880 ----a-w- c:\windows\system32\coinst.dll

2012-02-15 02:14 . 2012-02-15 02:14 512000 ----a-w- c:\windows\system32\atiadlxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-02-15 02:13 . 2012-02-15 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll

2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-02-15 02:12 . 2012-02-15 02:12 43008 ----a-w- c:\windows\system32\atiuxp64.dll

2012-02-15 02:12 . 2012-02-15 02:12 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-02-15 02:12 . 2012-02-15 02:12 39936 ----a-w- c:\windows\system32\atiu9p64.dll

2012-02-15 02:12 . 2012-02-15 02:12 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll

2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll

2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2012-02-14 21:05 . 2012-02-14 21:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-02-14 21:05 . 2012-02-14 21:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-02-14 21:05 . 2012-02-14 21:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll

2012-02-14 21:05 . 2012-02-14 21:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-09 18:12 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2012-03-09 18:12 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2012-02-15 02:52 . 2009-07-13 21:59 7646208 ----a-w- c:\windows\system32\atidxx64.dll

2012-01-31 05:02 . 2012-01-31 05:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll

2012-01-31 05:00 . 2012-01-31 05:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-03-10_03.44.41 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-03-10 04:14 . 2012-03-10 04:14 66048 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\a9a494047cfbd13fd4a155c77a258a0a\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper.ni.dll

+ 2012-03-10 04:14 . 2012-03-10 04:14 64000 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\90b3ba2f1de795690641228b63586965\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.ni.dll

+ 2012-03-10 04:13 . 2012-03-10 04:13 65536 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\f8f0b08845fb76dfcf57e00d86fc13fc\Microsoft.MediaCenter.iTv.Hosting.ni.dll

+ 2012-03-10 04:13 . 2012-03-10 04:13 49664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUPnP\50cda8ab4cd566b222342c3da14302d3\ehiUPnP.ni.dll

+ 2012-03-10 04:13 . 2012-03-10 04:13 93184 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiTVMSMusic\4089bf2cec6e1a1539076c5bd6d95ce7\ehiTVMSMusic.ni.dll

+ 2012-03-10 04:12 . 2012-03-10 04:12 28672 c:\windows\assembly\NativeImages_v2.0.50727_64\dfsvc\7de9a8137a33d06dad01c8405d960037\dfsvc.ni.exe

+ 2012-03-10 04:10 . 2012-03-10 04:10 33280 c:\windows\assembly\NativeImages_v2.0.50727_64\AuditPolicyGPManage#\320d4f45d6463976ce238f654e706926\AuditPolicyGPManagedStubs.Interop.ni.dll

+ 2012-03-10 03:49 . 2012-03-10 03:49 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\94a173b39fa90956937b41c775ac66d7\dfsvc.ni.exe

+ 2012-03-10 04:12 . 2012-03-10 04:12 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\9880905a6fde778e564adf54b2afbaa5\System.Messaging.ni.dll

+ 2012-03-10 04:12 . 2012-03-10 04:12 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\2ba95581264a766410a6dbbe767c5ed8\System.IdentityModel.Selectors.ni.dll

+ 2012-03-10 04:12 . 2012-03-10 04:12 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\823bd996cb5aefd6c2b2fa7e19e0ef40\SMDiagnostics.ni.dll

+ 2012-03-10 04:15 . 2012-03-10 04:15 376832 c:\windows\assembly\NativeImages_v2.0.50727_64\SecurityAuditPolici#\b92e9816d6f35ffb11dc27e00dfa9f98\SecurityAuditPoliciesSnapIn.ni.dll

+ 2012-03-10 04:14 . 2012-03-10 04:14 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\b94e1c9115d8e37e734b27b48f54d236\MMCFxCommon.ni.dll

+ 2012-03-10 04:15 . 2012-03-10 04:15 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\cb1c199305d00b2424e707311eb9dcfd\Microsoft.Vsa.ni.dll

+ 2012-03-10 04:14 . 2012-03-10 04:14 235008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\593d4852da5730b2745a902cb765bf9b\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.ni.dll

+ 2012-03-10 04:14 . 2012-03-10 04:14 275456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\2bd4bf486059581106a5d16bd9fe853f\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager.ni.dll

+ 2012-03-10 04:16 . 2012-03-10 04:16 416768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\99bb7896ddbe74236efaa97733c63cbc\Microsoft.PowerShell.Commands.Diagnostics.ni.dll

+ 2012-03-10 04:13 . 2012-03-10 04:13 522240 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\ddd2f252bea1cce14bb498257992635a\Microsoft.MediaCenter.Interop.ni.dll

+ 2012-03-10 04:15 . 2012-03-10 04:15 164864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\cf9be66d53dddbf49b75cead76ef3cea\Microsoft.MediaCenter.Mheg.ni.dll

+ 2012-03-10 04:13 . 2012-03-10 04:13 152576 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\a743124afb874ab00d713ab50a7d850d\Microsoft.MediaCenter.ITVVM.ni.dll

+ 2012-03-10 04:14 . 2012-03-10 04:14 219648 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\7de5318ee2be8e2b8fcffde83c79ab7c\Microsoft.MediaCenter.iTv.Media.ni.dll

+ 2012-03-10 04:13 . 2012-03-10 04:13 370176 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\55172dec8f1353d1a8d9cdc4c0b9fac0\Microsoft.MediaCenter.Playback.ni.dll

+ 2012-03-10 04:13 . 2012-03-10 04:13 965632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\5495e7eca3dac7eee473e30a3611f178\Microsoft.MediaCenter.Sports.ni.dll

+ 2012-03-10 04:14 . 2012-03-10 04:14 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\35ce662c1368782ede0852134106ea43\Microsoft.MediaCenter.iTv.ni.dll

+ 2012-03-10 04:14 . 2012-03-10 04:14 798720 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\505549b05e5c3ceccd26ad9c398381e8\Microsoft.ManagementConsole.ni.dll

+ 2012-03-10 04:15 . 2012-03-10 04:15 618496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.GroupPoli#\b232ba7650e5449bb5dfa5c1818763ef\Microsoft.GroupPolicy.AdmTmplEditor.ni.dll

+ 2012-03-10 04:15 . 2012-03-10 04:15 399360 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.GroupPoli#\6380c4a4aa90e1047f6b160077983dbb\Microsoft.GroupPolicy.Interop.ni.dll

+ 2012-03-10 04:15 . 2012-03-10 04:15 244736 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\f356844d3667b88d03bde2ae524659b6\Microsoft.Build.Utilities.v3.5.ni.dll

+ 2012-03-10 04:15 . 2012-03-10 04:15 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\86f7fa65013864ae7da2fba058199dae\Microsoft.Build.Utilities.ni.dll

+ 2012-03-10 04:15 . 2012-03-10 04:15 142336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\9f5bcff6a0b169efa6b607efd8789ea9\Microsoft.Build.Framework.ni.dll

+ 2012-03-10 04:15 . 2012-03-10 04:15 121344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\0ef8fa5e835e9ae9fd9a20e5d5058460\Microsoft.Build.Framework.ni.dll

+ 2012-03-10 04:14 . 2012-03-10 04:14 423424 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Applicati#\6a6fa7724d13030a9e6fa097b8bf2e81\Microsoft.ApplicationId.Framework.ni.dll

+ 2012-03-10 04:14 . 2012-03-10 04:14 727040 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Applicati#\4ad25d1d04dc7511507cc7c7f2863e65\Microsoft.ApplicationId.RuleWizard.ni.dll

+ 2012-03-10 04:14 . 2012-03-10 04:14 107008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft-Windows-H#\77b758c083ce18f7ff9c262e4f6291e4\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.ni.dll

+ 2012-03-10 04:14 . 2012-03-10 04:14 380928 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\304068df803748d7743a6a4dc344915f\Mcx2Dvcs.ni.dll

+ 2012-03-10 04:14 . 2012-03-10 04:14 547328 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\fb79aad0c745ff7b45151bc58b4dc8e9\mcupdate.ni.exe

+ 2012-03-10 04:13 . 2012-03-10 04:13 533504 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\4a29229fecf805779bee25b756d78a0d\mcstoredb.ni.dll

+ 2012-03-10 04:14 . 2012-03-10 04:14 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\8affc4346a86b80727282966ce58662b\mcplayerinterop.ni.dll

+ 2012-03-10 04:14 . 2012-03-10 04:14 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\756a74d6b322877662a0f6da4bc7d8e6\mcGlidHostObj.ni.dll

+ 2012-03-10 04:14 . 2012-03-10 04:14 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\956ca0e08e881df7f16f7d6d1381f71d\EventViewer.ni.dll

+ 2012-03-10 04:12 . 2012-03-10 04:12 969216 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\307ca4b67db79b05b4781634ea8ec0d7\ehRecObj.ni.dll

+ 2012-03-10 04:13 . 2012-03-10 04:13 661504 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiWUapi\87f11d95ab10469f888fd76c45f9fceb\ehiWUapi.ni.dll

+ 2012-03-10 04:13 . 2012-03-10 04:13 933888 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiwmp\a24c79d19a6d2a3e8ca587ecddd3e735\ehiwmp.ni.dll

+ 2012-03-10 04:12 . 2012-03-10 04:12 145408 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUserXp\0de7a02857c6041bc2c86c1db3ca8c23\ehiUserXp.ni.dll

+ 2012-03-10 04:13 . 2012-03-10 04:13 196096 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiiTv\421eb174f94249cf6a3b9e517baa82f8\ehiiTv.ni.dll

+ 2012-03-10 04:13 . 2012-03-10 04:13 397824 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtens\d5bf6f8e9e3d08d407ed68b714c268ae\ehiExtens.ni.dll

+ 2012-03-10 04:13 . 2012-03-10 04:13 110080 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiBmlDataCarousel\b55c3bb24dda0acda2bc332cc3016f75\ehiBmlDataCarousel.ni.dll

+ 2012-03-10 04:13 . 2012-03-10 04:13 125440 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiActivScp\fa493e64ca63def1a404a0d4b44cdefc\ehiActivScp.ni.dll

+ 2012-03-10 04:12 . 2012-03-10 04:12 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\5f53457f49927ecf00156d20466cc5a6\ehExtHost.ni.exe

+ 2012-03-10 04:12 . 2012-03-10 04:12 313856 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\b49168b11f5f60ddafed2ab1fdd4540f\ehCIR.ni.dll

+ 2012-03-10 04:12 . 2012-03-10 04:12 348672 c:\windows\assembly\NativeImages_v2.0.50727_64\CustomMarshalers\1e040217cf674c6cf528fbfe18c4c2f8\CustomMarshalers.ni.dll

+ 2012-03-10 04:10 . 2012-03-10 04:10 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\f2808fb3389d3e28e2b0223dcd654e02\ComSvcConfig.ni.exe

+ 2012-03-10 04:10 . 2012-03-10 04:10 971264 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\45af2aab82a69a1a6fe0f7cef4024673\BDATunePIA.ni.dll

+ 2012-03-10 03:49 . 2012-03-10 03:49 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\a717cdb44ec0d3238c621efa420a9956\System.Messaging.ni.dll

+ 2012-03-10 03:49 . 2012-03-10 03:49 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\8b0dc9405f292a93ddd52eb76bb88169\System.IdentityModel.Selectors.ni.dll

+ 2012-03-10 03:48 . 2012-03-10 03:48 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\281b67b96a2dd473dad4d222da0ca514\SMDiagnostics.ni.dll

+ 2012-03-10 03:49 . 2012-03-10 03:49 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\6a07aa6df4d45d1485b6a2749647a3aa\ehExtHost32.ni.exe

+ 2012-03-10 03:49 . 2012-03-10 03:49 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\2c2215e99c21daeec6bf697cf7bcf103\CustomMarshalers.ni.dll

+ 2012-03-10 04:12 . 2012-03-10 04:12 3073536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\f99728bbb535157b904873158379dc67\System.Runtime.Serialization.ni.dll

+ 2012-03-10 04:15 . 2012-03-10 04:15 1472000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\6860203a3f244d4c6b89ff38a9c9cadb\System.Management.ni.dll

+ 2012-03-10 04:12 . 2012-03-10 04:12 1444352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\3fae8a8515a716f1fae4a64a7f2a4b05\System.IdentityModel.ni.dll

+ 2012-03-10 04:16 . 2012-03-10 04:16 3315200 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\9e59bc2c8cf98cd315468ca01f68663c\System.Core.ni.dll

+ 2012-03-10 04:14 . 2012-03-10 04:14 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\77c418992d39a8c1ce569194f9b1ff1e\MIGUIControls.ni.dll

+ 2012-03-10 04:12 . 2012-03-10 04:12 1598976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\11bd9381aca79215bc01b45a5e7bddce\Microsoft.Transactions.Bridge.ni.dll

+ 2012-03-10 04:16 . 2012-03-10 04:16 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\8d5a4862d0e61fdd2e958fc989df3cca\Microsoft.PowerShell.Commands.Utility.ni.dll

+ 2012-03-10 04:16 . 2012-03-10 04:16 1131008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\09516cb547f50c165051c5512c0770d3\Microsoft.PowerShell.Commands.Management.ni.dll

+ 2012-03-10 04:12 . 2012-03-10 04:12 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\d7d03c116e282c198f398652dbddc074\Microsoft.MediaCenter.ni.dll

+ 2012-03-10 04:12 . 2012-03-10 04:12 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\bf5f76b58c88f17410effc17059685a8\Microsoft.MediaCenter.UI.ni.dll

+ 2012-03-10 04:13 . 2012-03-10 04:13 1142784 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\b54d398a06452904630482f2f83d21dd\Microsoft.MediaCenter.Shell.ni.dll

+ 2012-03-10 04:13 . 2012-03-10 04:13 1170432 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\5f69561da0086365718db46e1172d204\Microsoft.MediaCenter.TV.Tuners.Interop.ni.dll

+ 2012-03-10 04:15 . 2012-03-10 04:15 3213312 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\551b383e39b9fedb84e25c9fc7d763ee\Microsoft.JScript.ni.dll

+ 2012-03-10 04:15 . 2012-03-10 04:15 5054976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.GroupPoli#\7c9b82506032312a1cbc644fffa73b17\Microsoft.GroupPolicy.Reporting.ni.dll

+ 2012-03-10 04:15 . 2012-03-10 04:15 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\4ccd2dddff73b52cd77ecaed30075b09\Microsoft.Build.Tasks.ni.dll

+ 2012-03-10 04:15 . 2012-03-10 04:15 2682880 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\35cee0a531b3136b21b2c7e2ff56b5eb\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2012-03-10 04:15 . 2012-03-10 04:15 2544640 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\a22f83fa561173b77ee1215e0dfd7a76\Microsoft.Build.Engine.ni.dll

+ 2012-03-10 04:15 . 2012-03-10 04:15 1137152 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\5cd9b4020f38edbdc2718884fe3e68f0\Microsoft.Build.Engine.ni.dll

+ 2012-03-10 04:13 . 2012-03-10 04:13 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\0217b5f9a72020bee3d0291bbae125ff\mcstore.ni.dll

+ 2012-03-10 04:13 . 2012-03-10 04:13 4088320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcepg\905166e37a4a5f45a7d1672fb756d96e\mcepg.ni.dll

+ 2012-03-10 04:13 . 2012-03-10 04:13 2165248 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\e6a702f8ccd27dcdcf09008531ab40e5\ehiVidCtl.ni.dll

+ 2012-03-10 04:12 . 2012-03-10 04:12 1201664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\17d0b71391bf67c5a663b140b9a7a936\ehiProxy.ni.dll

+ 2012-03-10 03:49 . 2012-03-10 03:49 2347008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bc96c5c6e644452270ff7c3d066ff713\System.Runtime.Serialization.ni.dll

+ 2012-03-10 03:49 . 2012-03-10 03:49 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\d939fca96c3645bb8806ea8ae43cc0ca\System.IdentityModel.ni.dll

+ 2012-03-10 03:49 . 2012-03-10 03:49 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1a6921bcfb8ade6652efb9f095b275f1\Microsoft.Transactions.Bridge.ni.dll

+ 2012-03-10 03:49 . 2012-03-10 03:49 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\03d64144ed3ea21cbeea0c872ece14b6\Microsoft.MediaCenter.ni.dll

+ 2012-03-10 04:11 . 2012-03-10 04:11 23913984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\0b51b0626d95de7446d132c73edd77cc\System.ServiceModel.ni.dll

+ 2012-03-10 04:16 . 2012-03-10 04:16 11900928 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\e18dbed9e34d7d56cc7e2f683de12237\System.Management.Automation.ni.dll

+ 2012-03-10 04:14 . 2012-03-10 04:14 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\089d0fee0e702f9b9a611f761cb3bd8a\ehshell.ni.dll

+ 2012-03-10 03:48 . 2012-03-10 03:48 17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\b74950292d5681795d9d2c1a72a79952\System.ServiceModel.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2012-03-10 6410096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

c:\users\herb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 X6va006;X6va006;c:\users\herb\AppData\Local\Temp\006BD59.tmp [x]

S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2011-10-11 616400]

S2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-10-11 342480]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]

S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-10-11 463824]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]

S3 SaiH8000;SaiH8000;c:\windows\system32\DRIVERS\SaiH8000.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3638853225-1990997699-2437280156-1000Core.job

- c:\users\herb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09 14:48]

.

2012-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3638853225-1990997699-2437280156-1000UA.job

- c:\users\herb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09 14:48]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 192.168.1.1

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]

"ImagePath"="\??\c:\users\herb\AppData\Local\Temp\006BD59.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-03-10 05:34:17

ComboFix-quarantined-files.txt 2012-03-10 04:34

ComboFix2.txt 2012-03-10 04:00

.

Pre-Run: 25,204,334,592 bytes free

Post-Run: 24,410,750,976 bytes free

.

- - End Of File - - 12F900DCF776031FEE00EAABF0B9F6AE

Share this post


Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.12.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

herb :: HERB-PC [administrator]

Protection: Enabled

3/12/2012 3:23:11 AM

mbam-log-2012-03-12 (03-23-11).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 186303

Time elapsed: 3 minute(s), 13 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

also i did format whole hdd with active kill disc and problem is still here, OS reinstall does not help.. after 24h max its back! non of antiviruses detect any kind of malware or virus [eset ss 4, avira, microsoft essentials, avg]! avira firewall also detect bloced pakets on every 10-15min

Share this post


Link to post
Share on other sites

it seems like every time i open port (torrent, online game) something is slowing my internet, i mean really slowing 1kb/s is speed, ping in game 5000, cant even post with 1st try, pages need 3min to load etc... when "working" torrent speed goes to 300 than to 0 and my max download speed should be 420. last night i turned off my antivirus and firewall and disconected pc from internet and when i woke up internet was so slow, practicly i didn't have it. i did restore point and things is like few days ago, malwarebytes blocking traffic outgoing, and avira firewall also block some packets i spotted one strange IP 192.168.1.1 (mine IP acured by router) i hope some one will help soon, am thinking about reinstall OS becose i can use my internet for another day without problem... thanks for your time

Share this post


Link to post
Share on other sites

uninstalled bittorrent restarted pc and avira firewall still says "The rule: "Deny all IP packets" has blocked a packet from IP:74.125.232.229" and other IP 74.125.232.229 i think there is more difrent IPs

Share this post


Link to post
Share on other sites

uninstalled bittorrent restarted pc and avira firewall still says "The rule: "Deny all IP packets" has blocked a packet from IP:74.125.232.229" and other IP 74.125.232.229 i think there is more difrent IPs

i made mistake other ip is 74.125.232.193

Share this post


Link to post
Share on other sites

Looks like both are from Google.

http://whois.domaintools.com/74.125.232.193

OrgName: Google Inc.

OrgId: GOGL

Address: 1600 Amphitheatre Parkway

City: Mountain View

StateProv: CA

PostalCode: 94043

Country: US

74.125.232.229

NetRange: 74.125.0.0 - 74.125.255.255

CIDR: 74.125.0.0/16

OriginAS:

NetName: GOOGLE

NetHandle: NET-74-125-0-0-1

Parent: NET-74-0-0-0-0

NetType: Direct Allocation

RegDate: 2007-03-13

Updated: 2012-02-24

Ref: http://whois.arin.net/rest/net/NET-74-125-0-0-1

OrgName: Google Inc.

OrgId: GOGL

Address: 1600 Amphitheatre Parkway

City: Mountain View

StateProv: CA

PostalCode: 94043

Country: US

Run a new updated MBAM scan and post the results

Share this post


Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.13.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

herb :: HERB-PC [administrator]

Protection: Enabled

3/13/2012 11:24:27 PM

mbam-log-2012-03-13 (23-24-27).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 186942

Time elapsed: 1 minute(s), 45 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

Good so far.

Run a new Combofix scan and be sure to accept the update if it shows one.

Post the results.

Share this post


Link to post
Share on other sites

Google o.O a sec ago avira FW shows Deny all IP packets" has blocked a packet from IP:192.168.1.1" thats my IP!! what is going oN ?? thanks for your time

Share this post


Link to post
Share on other sites

Good so far.

Run a new Combofix scan and be sure to accept the update if it shows one.

Post the results.

Share this post


Link to post
Share on other sites

ComboFix 12-03-11.01 - herb 03/13/2012 23:33:57.4.2 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2958 [GMT 1:00]

Running from: c:\users\herb\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

FW: FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\CFLog

c:\cflog\CrashLog_20120313.txt

.

.

((((((((((((((((((((((((( Files Created from 2012-02-13 to 2012-03-13 )))))))))))))))))))))))))))))))

.

.

2012-03-13 22:42 . 2012-03-13 22:42 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-10 02:34 . 2012-03-10 02:34 -------- d-----w- c:\programdata\Malwarebytes

2012-03-10 02:34 . 2012-03-10 02:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-10 02:34 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-10 02:26 . 2012-03-11 02:53 -------- d-----w- c:\program files (x86)\Webteh

2012-03-09 23:34 . 2012-03-09 23:34 0 ----a-w- c:\windows\ativpsrm.bin

2012-03-09 23:31 . 2012-03-12 03:20 -------- d-----w- c:\windows\Panther

2012-03-09 23:31 . 2012-03-09 18:20 -------- d-----w- C:\Boot

2012-03-09 19:00 . 2012-03-09 19:00 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-09 19:00 . 2012-03-09 19:00 -------- d-----w- c:\windows\SysWow64\Macromed

2012-03-09 19:00 . 2012-03-09 19:00 -------- d-----w- c:\windows\system32\Macromed

2012-03-09 18:40 . 2012-03-13 17:45 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-03-09 18:40 . 2012-03-13 17:37 -------- d-----w- c:\programdata\Avira

2012-03-09 18:40 . 2012-03-09 18:40 -------- d-----w- c:\program files (x86)\Avira

2012-03-09 18:40 . 2011-10-11 13:53 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2012-03-09 18:40 . 2011-10-11 13:53 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-03-09 18:40 . 2011-10-11 13:53 139512 ----a-w- c:\windows\system32\drivers\avfwot.sys

2012-03-09 18:40 . 2011-10-11 13:53 113768 ----a-w- c:\windows\system32\drivers\avfwim.sys

2012-03-09 17:33 . 2012-03-09 17:33 -------- d-----w- c:\windows\system32\SPReview

2012-03-09 17:32 . 2012-03-09 17:32 -------- d-----w- c:\windows\system32\EventProviders

2012-03-09 17:20 . 2010-11-20 13:27 244224 ----a-w- c:\windows\system32\spp.dll

2012-03-09 17:19 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll

2012-03-09 17:19 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll

2012-03-09 17:19 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll

2012-03-09 17:19 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll

2012-03-09 17:18 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll

2012-03-09 17:18 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll

2012-03-09 17:18 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll

2012-03-09 17:15 . 2012-03-09 17:15 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd

2012-03-09 17:14 . 2012-03-09 17:14 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2012-03-09 17:14 . 2012-03-09 17:17 -------- d-----w- c:\programdata\Logishrd

2012-03-09 17:14 . 2012-03-09 17:14 -------- d-----w- c:\program files\Logitech

2012-03-09 17:03 . 2012-03-09 17:14 -------- d-----w- c:\program files\Common Files\Logishrd

2012-03-09 16:57 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-03-09 16:57 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll

2012-03-09 16:57 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll

2012-03-09 16:57 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys

2012-03-09 16:57 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys

2012-03-09 16:57 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys

2012-03-09 16:57 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys

2012-03-09 16:57 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys

2012-03-09 16:57 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys

2012-03-09 16:57 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe

2012-03-09 16:57 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe

2012-03-09 16:56 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2012-03-09 16:56 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2012-03-09 16:56 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys

2012-03-09 16:56 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2012-03-09 16:56 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2012-03-09 16:56 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2012-03-09 16:56 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys

2012-03-09 16:21 . 2012-03-09 16:21 -------- d-----w- c:\program files (x86)\Microsoft.NET

2012-03-09 16:05 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll

2012-03-09 16:05 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-09 16:05 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll

2012-03-09 16:05 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-09 16:05 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\programdata\ATI

2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\programdata\AMD

2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files (x86)\AMD AVT

2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files (x86)\AMD APP

2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files\Common Files\ATI Technologies

2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2012-03-09 15:44 . 2012-03-09 15:44 -------- d-----w- c:\program files (x86)\ATI Technologies

2012-03-09 15:44 . 2012-03-09 15:44 -------- d-----w- c:\program files\ATI

2012-03-09 15:44 . 2012-03-09 15:46 -------- d-----w- c:\program files\ATI Technologies

2012-03-09 15:43 . 2012-03-09 15:43 -------- d-----w- C:\AMD

2012-03-09 15:32 . 2012-02-23 08:18 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-03-09 15:10 . 2012-03-01 12:21 8643640 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C71759E0-5BC3-4538-997B-F17AFD634FED}\mpengine.dll

2012-03-09 15:09 . 2012-03-09 15:09 -------- d-----w- c:\program files\Ventrilo

2012-03-09 15:07 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe

2012-03-09 14:56 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-03-09 14:56 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-03-09 14:43 . 2012-03-13 14:26 -------- d-----w- c:\users\herb

2012-03-09 14:40 . 2012-03-09 14:40 -------- d-----w- C:\Recovery

2012-02-15 03:48 . 2012-02-15 03:48 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-02-15 03:21 . 2012-02-15 03:21 25839104 ----a-w- c:\windows\system32\atio6axx.dll

2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2012-02-15 03:18 . 2012-02-15 03:18 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-02-15 03:17 . 2012-02-15 03:17 957952 ----a-w- c:\windows\system32\aticfx64.dll

2012-02-15 03:13 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-02-15 03:13 . 2012-02-15 03:13 496128 ----a-w- c:\windows\system32\atieclxx.exe

2012-02-15 03:13 . 2012-02-15 03:13 235520 ----a-w- c:\windows\system32\atiesrxx.exe

2012-02-15 03:11 . 2012-02-15 03:11 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-02-15 03:10 . 2012-02-15 03:10 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-02-15 03:07 . 2012-02-15 03:07 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-02-15 02:41 . 2012-02-15 02:41 1113088 ----a-w- c:\windows\system32\atiumd6v.dll

2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll

2012-02-15 02:40 . 2012-02-15 02:40 4958208 ----a-w- c:\windows\system32\atiumd6a.dll

2012-02-15 02:34 . 2012-02-15 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-02-15 02:34 . 2012-02-15 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-02-15 02:34 . 2012-02-15 02:34 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-02-15 02:34 . 2012-02-15 02:34 13859840 ----a-w- c:\windows\system32\aticaldd64.dll

2012-02-15 02:29 . 2012-02-15 02:29 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-02-15 02:25 . 2012-02-15 02:25 7551488 ----a-w- c:\windows\system32\atiumd64.dll

2012-02-15 02:16 . 2012-02-15 02:16 58880 ----a-w- c:\windows\system32\coinst.dll

2012-02-15 02:14 . 2012-02-15 02:14 512000 ----a-w- c:\windows\system32\atiadlxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-02-15 02:13 . 2012-02-15 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll

2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-02-15 02:12 . 2012-02-15 02:12 43008 ----a-w- c:\windows\system32\atiuxp64.dll

2012-02-15 02:12 . 2012-02-15 02:12 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-02-15 02:12 . 2012-02-15 02:12 39936 ----a-w- c:\windows\system32\atiu9p64.dll

2012-02-15 02:12 . 2012-02-15 02:12 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll

2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll

2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2012-02-14 21:05 . 2012-02-14 21:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-02-14 21:05 . 2012-02-14 21:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-02-14 21:05 . 2012-02-14 21:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll

2012-02-14 21:05 . 2012-02-14 21:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-02-14 21:05 . 2012-02-14 21:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll

2012-02-14 21:04 . 2012-02-14 21:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-09 18:12 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2012-03-09 18:12 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2012-02-15 02:52 . 2009-07-13 21:59 7646208 ----a-w- c:\windows\system32\atidxx64.dll

2012-01-31 05:02 . 2012-01-31 05:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll

2012-01-31 05:00 . 2012-01-31 05:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

.

c:\users\herb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 RTL8187B;Belkin Wireless G USB Network Adapter;c:\windows\system32\DRIVERS\rtl8187B.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 X6va006;X6va006;c:\users\herb\AppData\Local\Temp\0064386.tmp [x]

S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2011-10-11 616400]

S2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-03-13 342480]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]

S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-10-11 463824]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [x]

S3 SaiH8000;SaiH8000;c:\windows\system32\DRIVERS\SaiH8000.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3638853225-1990997699-2437280156-1000Core.job

- c:\users\herb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09 14:48]

.

2012-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3638853225-1990997699-2437280156-1000UA.job

- c:\users\herb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09 14:48]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-BitTorrent - c:\program files (x86)\BitTorrent\BitTorrent.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]

"ImagePath"="\??\c:\users\herb\AppData\Local\Temp\0064386.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-03-13 23:57:00

ComboFix-quarantined-files.txt 2012-03-13 22:56

ComboFix2.txt 2012-03-13 04:04

.

Pre-Run: 16,506,994,688 bytes free

Post-Run: 16,221,315,072 bytes free

.

- - End Of File - - E400782127CF142C74F70C1E5FA51C65

Share this post


Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

File::
c:\users\herb\AppData\Local\Temp\0064386.tmp

ClearJavaCache::

Driver::
X6va006

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Share this post


Link to post
Share on other sites

Can you go into the firewall settings and allow those?

Share this post


Link to post
Share on other sites

i did alow for google it was deny, and all is alowed now but still some new adresses keep showing.. on every 10min ill try now with script

Share this post


Link to post
Share on other sites

i created wrong script .. .. .. sorry should i try again ??

ComboFix 12-03-11.01 - herb 03/14/2012 0:16.5.2 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2704 [GMT 1:00]

Running from: c:\users\herb\Desktop\ComboFix.exe

Command switches used :: c:\users\herb\Desktop\CFScript.txt.txt

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

FW: FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\users\herb\AppData\Local\Temp\0064386.tmp"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_X6VA006

-------\Service_X6va006

.

.

((((((((((((((((((((((((( Files Created from 2012-02-13 to 2012-03-13 )))))))))))))))))))))))))))))))

.

.

2012-03-13 23:24 . 2012-03-13 23:24 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-12 03:19 . 2012-03-12 03:19 -------- d-----w- c:\program files\CCleaner

2012-03-12 02:53 . 2012-03-12 02:59 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2012-03-12 01:31 . 2012-03-12 01:31 -------- d-----w- c:\windows\system32\appmgmt

2012-03-11 22:17 . 2012-03-11 22:17 -------- d-----w- c:\program files (x86)\GSC 2.00

2012-03-11 19:39 . 2012-03-11 19:39 -------- d-----w- c:\program files (x86)\ht

2012-03-10 14:48 . 2009-02-05 01:49 451072 ----a-w- c:\windows\SysWow64\ISSRemoveSP.exe

2012-03-10 13:47 . 2012-03-10 13:47 -------- d-----w- c:\program files (x86)\ESET

2012-03-10 02:34 . 2012-03-10 02:34 -------- d-----w- c:\programdata\Malwarebytes

2012-03-10 02:34 . 2012-03-10 02:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-10 02:34 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-10 02:26 . 2012-03-11 02:53 -------- d-----w- c:\program files (x86)\Webteh

2012-03-09 23:34 . 2012-03-09 23:34 0 ----a-w- c:\windows\ativpsrm.bin

2012-03-09 23:31 . 2012-03-12 03:20 -------- d-----w- c:\windows\Panther

2012-03-09 23:31 . 2012-03-09 18:20 -------- d-----w- C:\Boot

2012-03-09 19:00 . 2012-03-09 19:00 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-09 19:00 . 2012-03-09 19:00 -------- d-----w- c:\windows\SysWow64\Macromed

2012-03-09 19:00 . 2012-03-09 19:00 -------- d-----w- c:\windows\system32\Macromed

2012-03-09 18:40 . 2012-03-13 17:45 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-03-09 18:40 . 2012-03-13 17:37 -------- d-----w- c:\programdata\Avira

2012-03-09 18:40 . 2012-03-09 18:40 -------- d-----w- c:\program files (x86)\Avira

2012-03-09 18:40 . 2011-10-11 13:53 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2012-03-09 18:40 . 2011-10-11 13:53 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-03-09 18:40 . 2011-10-11 13:53 139512 ----a-w- c:\windows\system32\drivers\avfwot.sys

2012-03-09 18:40 . 2011-10-11 13:53 113768 ----a-w- c:\windows\system32\drivers\avfwim.sys

2012-03-09 17:33 . 2012-03-09 17:33 -------- d-----w- c:\windows\system32\SPReview

2012-03-09 17:32 . 2012-03-09 17:32 -------- d-----w- c:\windows\system32\EventProviders

2012-03-09 17:20 . 2010-11-20 13:27 244224 ----a-w- c:\windows\system32\spp.dll

2012-03-09 17:19 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll

2012-03-09 17:19 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll

2012-03-09 17:19 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll

2012-03-09 17:19 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll

2012-03-09 17:18 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll

2012-03-09 17:18 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll

2012-03-09 17:18 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll

2012-03-09 17:15 . 2012-03-09 17:15 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd

2012-03-09 17:14 . 2012-03-09 17:14 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2012-03-09 17:14 . 2012-03-09 17:17 -------- d-----w- c:\programdata\Logishrd

2012-03-09 17:14 . 2012-03-09 17:14 -------- d-----w- c:\program files\Logitech

2012-03-09 17:03 . 2012-03-09 17:14 -------- d-----w- c:\program files\Common Files\Logishrd

2012-03-09 16:57 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-03-09 16:57 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll

2012-03-09 16:57 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll

2012-03-09 16:57 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys

2012-03-09 16:57 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys

2012-03-09 16:57 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys

2012-03-09 16:57 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys

2012-03-09 16:57 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys

2012-03-09 16:57 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys

2012-03-09 16:57 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe

2012-03-09 16:57 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe

2012-03-09 16:56 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2012-03-09 16:56 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2012-03-09 16:56 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys

2012-03-09 16:56 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2012-03-09 16:56 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2012-03-09 16:56 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2012-03-09 16:56 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys

2012-03-09 16:21 . 2012-03-09 16:21 -------- d-----w- c:\program files (x86)\Microsoft.NET

2012-03-09 16:05 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll

2012-03-09 16:05 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-09 16:05 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll

2012-03-09 16:05 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-09 16:05 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\programdata\ATI

2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\programdata\AMD

2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files (x86)\AMD AVT

2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files (x86)\AMD APP

2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files\Common Files\ATI Technologies

2012-03-09 15:46 . 2012-03-09 15:46 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2012-03-09 15:44 . 2012-03-09 15:44 -------- d-----w- c:\program files (x86)\ATI Technologies

2012-03-09 15:44 . 2012-03-09 15:44 -------- d-----w- c:\program files\ATI

2012-03-09 15:44 . 2012-03-09 15:46 -------- d-----w- c:\program files\ATI Technologies

2012-03-09 15:43 . 2012-03-09 15:43 -------- d-----w- C:\AMD

2012-03-09 15:32 . 2012-02-23 08:18 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-03-09 15:10 . 2012-03-01 12:21 8643640 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C71759E0-5BC3-4538-997B-F17AFD634FED}\mpengine.dll

2012-03-09 15:09 . 2012-03-09 15:09 -------- d-----w- c:\program files\Ventrilo

2012-03-09 15:07 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe

2012-03-09 14:56 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-03-09 14:56 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-03-09 14:43 . 2012-03-13 14:26 -------- d-----w- c:\users\herb

2012-03-09 14:40 . 2012-03-09 14:40 -------- d-----w- C:\Recovery

2012-02-15 03:48 . 2012-02-15 03:48 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-02-15 03:21 . 2012-02-15 03:21 25839104 ----a-w- c:\windows\system32\atio6axx.dll

2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2012-02-15 03:18 . 2012-02-15 03:18 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-02-15 03:17 . 2012-02-15 03:17 957952 ----a-w- c:\windows\system32\aticfx64.dll

2012-02-15 03:13 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-02-15 03:13 . 2012-02-15 03:13 496128 ----a-w- c:\windows\system32\atieclxx.exe

2012-02-15 03:13 . 2012-02-15 03:13 235520 ----a-w- c:\windows\system32\atiesrxx.exe

2012-02-15 03:11 . 2012-02-15 03:11 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-02-15 03:10 . 2012-02-15 03:10 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-02-15 03:07 . 2012-02-15 03:07 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-02-15 02:41 . 2012-02-15 02:41 1113088 ----a-w- c:\windows\system32\atiumd6v.dll

2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll

2012-02-15 02:40 . 2012-02-15 02:40 4958208 ----a-w- c:\windows\system32\atiumd6a.dll

2012-02-15 02:34 . 2012-02-15 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-02-15 02:34 . 2012-02-15 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-02-15 02:34 . 2012-02-15 02:34 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-02-15 02:34 . 2012-02-15 02:34 13859840 ----a-w- c:\windows\system32\aticaldd64.dll

2012-02-15 02:29 . 2012-02-15 02:29 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-02-15 02:25 . 2012-02-15 02:25 7551488 ----a-w- c:\windows\system32\atiumd64.dll

2012-02-15 02:16 . 2012-02-15 02:16 58880 ----a-w- c:\windows\system32\coinst.dll

2012-02-15 02:14 . 2012-02-15 02:14 512000 ----a-w- c:\windows\system32\atiadlxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-02-15 02:13 . 2012-02-15 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll

2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-02-15 02:12 . 2012-02-15 02:12 43008 ----a-w- c:\windows\system32\atiuxp64.dll

2012-02-15 02:12 . 2012-02-15 02:12 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-02-15 02:12 . 2012-02-15 02:12 39936 ----a-w- c:\windows\system32\atiu9p64.dll

2012-02-15 02:12 . 2012-02-15 02:12 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll

2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll

2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-09 18:12 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2012-03-09 18:12 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2012-02-15 02:52 . 2009-07-13 21:59 7646208 ----a-w- c:\windows\system32\atidxx64.dll

2012-01-31 05:02 . 2012-01-31 05:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll

2012-01-31 05:00 . 2012-01-31 05:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-03-13_22.43.41 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-03-13 14:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-03-13 23:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-03-13 23:00 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-03-13 14:27 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-03-13 14:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-03-13 23:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2012-03-13 22:01 . 2012-03-13 22:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-03-13 23:26 . 2012-03-13 23:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-03-13 23:26 . 2012-03-13 23:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-03-13 22:01 . 2012-03-13 22:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-03-09 15:57 . 2012-03-13 22:00 763544 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2012-03-09 15:57 . 2012-03-13 23:25 763544 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2009-07-14 05:01 . 2012-03-13 23:25 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-03-13 22:00 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2012-03-09 18:03 . 2012-03-13 22:00 1211292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3638853225-1990997699-2437280156-1000-8192.dat

+ 2012-03-09 18:03 . 2012-03-13 23:25 1211292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3638853225-1990997699-2437280156-1000-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

.

c:\users\herb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 RTL8187B;Belkin Wireless G USB Network Adapter;c:\windows\system32\DRIVERS\rtl8187B.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2011-10-11 616400]

S2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-03-13 342480]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]

S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-10-11 463824]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [x]

S3 SaiH8000;SaiH8000;c:\windows\system32\DRIVERS\SaiH8000.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3638853225-1990997699-2437280156-1000Core.job

- c:\users\herb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09 14:48]

.

2012-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3638853225-1990997699-2437280156-1000UA.job

- c:\users\herb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09 14:48]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]

"combofix"="c:\combofix\CF1490.3XE" [2010-11-20 345088]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 192.168.1.1

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

.

**************************************************************************

.

Completion time: 2012-03-14 00:37:44 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-13 23:37

ComboFix2.txt 2012-03-13 22:57

ComboFix3.txt 2012-03-13 04:04

.

Pre-Run: 16,269,287,424 bytes free

Post-Run: 16,048,390,144 bytes free

.

- - End Of File - - 85AA3264E9DB504663336EF6B42F9598

Share this post


Link to post
Share on other sites

It removed what we wanted.

How's it running?

Share this post


Link to post
Share on other sites

avira FW still showing blocked pakets... but internet is seems faster

Share this post


Link to post
Share on other sites

That might be normal.

Have you checked the IP's?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.