Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost malicious ip website


  • This topic is locked This topic is locked
16 replies to this topic

#1 Twixxin

Twixxin

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 11 July 2014 - 07:04 PM

Hey guys, I recently changed my ISP and before i start surfing i usually start anti malware for surfing protection. I started browser and right away i get 
IP, 77.78.192.20, 63025, Outbound, C:\Windows\System32\svchost.exe it just kept spamming with different ports. I think it might be false positive but i am not sure since i asked on anti malware forum one guy said its not F/P? So i am asking how can i clean it or get rid of it, but i am almost sure that i am not infected. I also installed comodo firewall to check if he finds that ip or blocks it but nothing, everything is fine. I also run TDSSKILLER didint find nothing, run anti malware scans nothing, ran junkware removal tool also nothing same with adsware. Also weird thing is when I installed comodo firewall i agreed to put their safe DNS into my connection and when i ran anti malware there was nothing, no infections. I noticed a browsing was a bit slower so i just tried my luck again and set it to automatic dns and started browser then right away that svchost ip malware pops up...
The only thing that found something was RogueKIller here is the log:




 

RogueKiller V9.2.1.0 [Jun 23 2014] by Adlice Software
 
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : DuhBoy [Admin rights]
Mode : Scan -- Date : 07/12/2014  01:59:48
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 14 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 77.78.192.20 77.77.192.20 94.140.66.194  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 77.78.192.20 77.77.192.20 94.140.66.194  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D09718F0-63E0-4467-A301-472D826E36DF} | DhcpNameServer : 77.78.192.20 77.77.192.20 94.140.66.194  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D09718F0-63E0-4467-A301-472D826E36DF} | DhcpNameServer : 77.78.192.20 77.77.192.20 94.140.66.194  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3492489014-2426886167-4003294497-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3492489014-2426886167-4003294497-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3492489014-2426886167-4003294497-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3492489014-2426886167-4003294497-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
 
¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD7500AACS-65D6B0 ATA Device +++++
--- User ---
[MBR] aae4496c28be9b6d1441cf24e329493c
[BSP] 7ef0520fe2d60102ae5d189affe60ded : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 200100 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 410011648 | Size: 515202 MB
User = LL1 ... OK
User = LL2 ... OK

Any suggestions, i think its false positive but i might be wrong?
 

Edited by Twixxin, 11 July 2014 - 07:09 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:17 PM

Posted 16 July 2014 - 01:11 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:17 PM

Posted 22 July 2014 - 10:04 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#4 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,259 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:10:17 AM

Posted 05 August 2014 - 01:25 PM

This topic has been re-opened at the request of the person who originally posted.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:17 PM

Posted 05 August 2014 - 01:35 PM

I'm Listening.

Post the logs when ready.

#6 Twixxin

Twixxin
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 05 August 2014 - 02:25 PM

Anti malware didint find anything.
Adwcleaner log:

# AdwCleaner v3.302 - Report created 05/08/2014 at 21:12:39
# Updated 30/07/2014 by Xplode
# Operating System : Windows 8.1 Pro  (64 bits)
# Username : DuhBoy - DUHBOY
# Running from : C:\Users\selena\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Conduit        -  This is clean since its from BS player program and it appears everytime I start bs player program
Key Found : [x64] HKCU\Software\Conduit    - Same from above
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\selena\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\selena\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\selena\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\selena\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\selena\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\selena\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\selena\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\selena\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\selena\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\selena\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\selena\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\selena\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\selena\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1794 octets] - [05/08/2014 21:12:39]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1854 octets] ##########





Farbar LOG:


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by DuhBoy (administrator) on DUHBOY on 05-08-2014 21:18:44
Running from C:\Users\selena\Downloads
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Valve Corporation) D:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKU\S-1-5-21-3492489014-2426886167-4003294497-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3492489014-2426886167-4003294497-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-3492489014-2426886167-4003294497-1001\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-3492489014-2426886167-4003294497-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = hr-HR
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ba/
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> D:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 77.78.192.20 77.77.192.20 94.140.66.194
 
FireFox:
========
 
Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "hxxp://www.google.ba/"
CHR Extension: (Bob Marley) - C:\Users\selena\AppData\Local\Google\Chrome\User Data\Default\Extensions\alpnhingmddeadgmgjbfefmaanaeifak [2014-07-12]
CHR Extension: (Google Docs) - C:\Users\selena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-30]
CHR Extension: (Google Drive) - C:\Users\selena\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\selena\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-04]
CHR Extension: (YouTube) - C:\Users\selena\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-30]
CHR Extension: (Google Search) - C:\Users\selena\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-30]
CHR Extension: (AdBlock) - C:\Users\selena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-12]
CHR Extension: (Google Wallet) - C:\Users\selena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-30]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\selena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2014-07-12]
CHR Extension: (Gmail) - C:\Users\selena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-30]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 MBAMScheduler; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [29160 2014-08-05] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-05 21:18 - 2014-08-05 21:19 - 00006259 _____ () C:\Users\selena\Downloads\FRST.txt
2014-08-05 21:18 - 2014-08-05 21:18 - 00000000 ____D () C:\FRST
2014-08-05 21:12 - 2014-08-05 21:16 - 00000000 ____D () C:\AdwCleaner
2014-08-05 21:12 - 2014-08-05 21:12 - 01361309 _____ () C:\Users\selena\Downloads\AdwCleaner.exe
2014-08-05 21:04 - 2014-08-05 21:04 - 02094080 _____ (Farbar) C:\Users\selena\Downloads\FRST64.exe
2014-08-05 21:03 - 2014-08-05 21:03 - 00001039 _____ () C:\Users\selena\Desktop\aa.txt
2014-08-05 19:35 - 2014-08-05 19:35 - 04806744 _____ () C:\Users\selena\Downloads\RogueKiller.exe
2014-08-05 19:35 - 2014-08-05 19:35 - 00029160 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-08-05 19:32 - 2014-08-05 19:33 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\selena\Downloads\tdsskiller.exe
2014-08-05 15:24 - 2014-08-05 15:24 - 00002406 _____ () C:\Windows\PFRO.log
2014-08-04 21:59 - 2014-08-04 22:18 - 00000000 ____D () C:\ProgramData\Origin
2014-08-04 20:30 - 2014-08-04 20:31 - 00000000 ____D () C:\Users\selena\Documents\GTA3 User Files
2014-08-03 16:30 - 2014-08-03 16:30 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-08-03 16:30 - 2013-08-21 15:16 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2014-08-03 14:30 - 2014-08-03 14:30 - 00000294 _____ () C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job
2014-08-02 09:46 - 2014-08-05 19:51 - 00259883 _____ () C:\Windows\WindowsUpdate.log
2014-07-31 08:37 - 2014-07-31 08:37 - 00000000 ____D () C:\Users\selena\Documents\SavedGames
2014-07-29 07:07 - 2014-07-29 09:11 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-07-28 23:43 - 2014-07-28 23:43 - 00003730 _____ () C:\Windows\System32\Tasks\KMSAutoNet
2014-07-28 23:43 - 2014-07-28 23:43 - 00000000 ____D () C:\ProgramData\KMSAutoS
2014-07-25 21:20 - 2014-07-29 21:11 - 00000000 ____D () C:\Users\selena\AppData\Roaming\NVIDIA
2014-07-25 18:29 - 2014-07-25 18:29 - 00000258 _____ () C:\Windows\Tasks\ASC7_SkipUac_DuhBoy.job
2014-07-25 18:29 - 2014-07-25 18:29 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-07-25 18:28 - 2014-07-25 18:29 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-07-25 18:28 - 2014-07-25 18:28 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-07-25 18:28 - 2014-07-25 18:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-25 18:28 - 2014-02-08 20:34 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-07-25 18:28 - 2014-02-08 20:34 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-07-25 18:28 - 2014-02-08 19:42 - 06712608 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-07-25 18:28 - 2014-02-08 19:42 - 03498272 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-07-25 18:28 - 2014-02-08 19:42 - 00923936 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-07-25 18:28 - 2014-02-08 19:42 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-07-25 18:28 - 2014-02-08 19:42 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-07-25 18:28 - 2014-02-05 19:52 - 03573739 _____ () C:\Windows\system32\nvcoproc.bin
2014-07-25 18:27 - 2014-02-08 20:34 - 31432480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-07-25 18:27 - 2014-02-08 20:34 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-07-25 18:27 - 2014-02-08 20:34 - 23683360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-07-25 18:27 - 2014-02-08 20:34 - 18257576 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-07-25 18:27 - 2014-02-08 20:34 - 17715784 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-07-25 18:27 - 2014-02-08 20:34 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-07-25 18:27 - 2014-02-08 20:34 - 15740232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-07-25 18:27 - 2014-02-08 20:34 - 14669032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-07-25 18:27 - 2014-02-08 20:34 - 12324640 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-07-25 18:27 - 2014-02-08 20:34 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-07-25 18:27 - 2014-02-08 20:34 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-07-25 18:27 - 2014-02-08 20:34 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-07-25 18:27 - 2014-02-08 20:34 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-07-25 18:27 - 2014-02-08 20:34 - 03142432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-07-25 18:27 - 2014-02-08 20:34 - 03090184 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-07-25 18:27 - 2014-02-08 20:34 - 02956576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-07-25 18:27 - 2014-02-08 20:34 - 02782496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-07-25 18:27 - 2014-02-08 20:34 - 02713728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-07-25 18:27 - 2014-02-08 20:34 - 02410784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-07-25 18:27 - 2014-02-08 20:34 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433489.dll
2014-07-25 18:27 - 2014-02-08 20:34 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433489.dll
2014-07-25 18:27 - 2014-02-08 20:34 - 00947296 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-07-25 18:27 - 2014-02-08 20:34 - 00892192 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-07-25 18:27 - 2014-02-08 20:34 - 00875296 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-07-25 18:27 - 2014-02-08 20:34 - 00863520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-07-25 18:27 - 2014-02-08 20:34 - 00844576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-07-25 18:27 - 2014-02-08 20:34 - 00832424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-07-25 18:27 - 2014-02-08 20:34 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-07-25 18:27 - 2014-02-08 20:34 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-07-25 18:27 - 2014-02-08 20:34 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-07-25 18:27 - 2014-02-08 20:34 - 00148528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-07-25 18:27 - 2014-02-08 20:34 - 00024544 _____ () C:\Windows\system32\nvinfo.pb
2014-07-25 18:26 - 2014-07-25 18:28 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-24 23:16 - 2014-07-24 23:23 - 00000000 ____D () C:\Users\Public\Game of Thrones
2014-07-24 13:48 - 2014-07-10 06:16 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-07-24 13:48 - 2014-07-10 06:03 - 04756992 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-07-24 13:48 - 2014-07-10 05:33 - 01120256 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-07-21 12:05 - 2014-07-21 12:05 - 00000000 ____D () C:\Users\selena\Documents\Rockstar Games
2014-07-21 11:57 - 2014-07-21 11:57 - 00000000 __SHD () C:\ProgramData\SecuROM
2014-07-21 11:55 - 2014-07-21 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-21 11:44 - 2014-07-21 11:57 - 00000000 ____D () C:\Users\selena\AppData\Local\Rockstar Games
2014-07-21 11:44 - 2014-07-21 11:44 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2014-07-21 11:44 - 2014-07-21 11:44 - 00000000 __RHD () C:\Users\selena\AppData\Roaming\SecuROM
2014-07-16 22:27 - 2014-07-16 22:27 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-16 21:33 - 2014-07-16 21:33 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-07-16 21:33 - 2014-07-16 21:33 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-07-16 21:33 - 2014-07-16 21:33 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-07-16 21:33 - 2014-07-16 21:33 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-07-16 21:33 - 2014-07-16 21:33 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-07-15 20:30 - 2014-07-30 17:22 - 00000000 ____D () C:\Users\selena\Documents\ManiaPlanet
2014-07-15 20:30 - 2014-07-30 17:03 - 00000000 ____D () C:\ProgramData\ManiaPlanet
2014-07-12 13:42 - 2014-07-12 13:42 - 00001502 __RSH () C:\ProgramData\ntuser.pol
2014-07-12 01:02 - 2014-07-12 01:02 - 00000000 ____D () C:\Windows\ERUNT
2014-07-11 01:20 - 2014-08-05 19:32 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-11 01:20 - 2014-07-11 01:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-11 01:20 - 2014-07-11 01:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-11 01:20 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-11 01:20 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-11 01:20 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-09 22:45 - 2014-07-09 22:45 - 00001908 _____ () C:\Windows\diagwrn.xml
2014-07-09 22:45 - 2014-07-09 22:45 - 00001908 _____ () C:\Windows\diagerr.xml
2014-07-09 21:11 - 2014-07-09 21:19 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-07-09 21:09 - 2014-07-10 02:15 - 00000000 ____D () C:\ProgramData\Battle.net
2014-07-09 20:41 - 2014-07-13 18:53 - 00000000 ____D () C:\Users\selena\AppData\Local\CrashDumps
2014-07-09 18:30 - 2014-07-09 18:30 - 16871936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-07-09 18:30 - 2014-07-09 18:30 - 12711424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-07-09 18:30 - 2014-07-09 18:30 - 02518360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-07-09 18:30 - 2014-07-09 18:30 - 00668160 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2014-07-09 18:30 - 2014-07-09 18:30 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\cscui.dll
2014-07-09 18:30 - 2014-07-09 18:30 - 00590336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2014-07-09 18:30 - 2014-07-09 18:30 - 00467800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-07-09 18:30 - 2014-07-09 18:30 - 00440664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-07-09 18:30 - 2014-07-09 18:30 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-07-09 18:30 - 2014-07-09 18:30 - 00423768 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2014-07-09 18:30 - 2014-07-09 18:30 - 00419672 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-07-09 18:30 - 2014-07-09 18:30 - 00323584 _____ (Microsoft Corporation) C:\Windows\system32\DaOtpCredentialProvider.dll
2014-07-09 18:30 - 2014-07-09 18:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-07-09 18:30 - 2014-07-09 18:30 - 00270848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DaOtpCredentialProvider.dll
2014-07-09 18:30 - 2014-07-09 18:30 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-07-09 18:30 - 2014-07-09 18:30 - 00216368 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2014-07-09 18:30 - 2014-07-09 18:30 - 00209408 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-07-09 18:30 - 2014-07-09 18:30 - 00189016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2014-07-09 18:30 - 2014-07-09 18:30 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-07-09 18:30 - 2014-07-09 18:30 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-07-09 18:30 - 2014-07-09 18:30 - 00089944 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-07-09 18:30 - 2014-07-09 18:30 - 00037376 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-07-09 18:30 - 2014-07-09 18:30 - 00027480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-07-09 18:22 - 2014-07-09 18:22 - 00000000 ____D () C:\Users\selena\AppData\Roaming\ProductData
2014-07-09 18:21 - 2014-07-09 18:21 - 00000927 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-07-09 18:21 - 2014-07-09 18:21 - 00000000 ____D () C:\Users\selena\AppData\Roaming\IObit
2014-07-09 03:46 - 2014-07-09 03:46 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-09 00:59 - 2014-06-26 22:55 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 00:58 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-07-09 00:56 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 00:56 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 00:56 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 00:56 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 00:56 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 00:56 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 00:56 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 00:56 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 00:56 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-07-09 00:56 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-07-09 00:56 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-07-09 00:56 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-07-09 00:56 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-07-09 00:56 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 00:55 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 00:55 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 00:55 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 00:55 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 00:55 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 00:55 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 00:55 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 00:55 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 00:55 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 00:55 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 00:55 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 00:55 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 00:55 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 00:55 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 00:55 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 00:55 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 00:55 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 00:55 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 00:55 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 00:55 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 00:55 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 00:55 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 00:55 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 00:55 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 00:55 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 00:55 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-09 00:55 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2014-07-09 00:55 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-07-09 00:55 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-07-09 00:55 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 00:55 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-09 00:55 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-09 00:55 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 00:55 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-09 00:55 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-09 00:55 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-09 00:55 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-07-09 00:55 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-07-09 00:55 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-07-09 00:55 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-09 00:54 - 2014-07-09 00:54 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-07-09 00:50 - 2014-07-09 00:50 - 00000706 _____ () C:\Users\Public\Desktop\CCleaner.lnk
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-05 21:19 - 2014-08-05 21:18 - 00006259 _____ () C:\Users\selena\Downloads\FRST.txt
2014-08-05 21:18 - 2014-08-05 21:18 - 00000000 ____D () C:\FRST
2014-08-05 21:16 - 2014-08-05 21:12 - 00000000 ____D () C:\AdwCleaner
2014-08-05 21:12 - 2014-08-05 21:12 - 01361309 _____ () C:\Users\selena\Downloads\AdwCleaner.exe
2014-08-05 21:04 - 2014-08-05 21:04 - 02094080 _____ (Farbar) C:\Users\selena\Downloads\FRST64.exe
2014-08-05 21:03 - 2014-08-05 21:03 - 00001039 _____ () C:\Users\selena\Desktop\aa.txt
2014-08-05 21:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-08-05 20:23 - 2014-02-27 06:21 - 00000000 ____D () C:\Users\selena\AppData\Roaming\uTorrent
2014-08-05 19:51 - 2014-08-02 09:46 - 00259883 _____ () C:\Windows\WindowsUpdate.log
2014-08-05 19:35 - 2014-08-05 19:35 - 04806744 _____ () C:\Users\selena\Downloads\RogueKiller.exe
2014-08-05 19:35 - 2014-08-05 19:35 - 00029160 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-08-05 19:33 - 2014-08-05 19:32 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\selena\Downloads\tdsskiller.exe
2014-08-05 19:32 - 2014-07-11 01:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-05 17:43 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-05 15:24 - 2014-08-05 15:24 - 00002406 _____ () C:\Windows\PFRO.log
2014-08-05 15:24 - 2014-01-29 18:01 - 00000000 ____D () C:\Users\selena
2014-08-05 15:05 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-04 22:18 - 2014-08-04 21:59 - 00000000 ____D () C:\ProgramData\Origin
2014-08-04 20:31 - 2014-08-04 20:30 - 00000000 ____D () C:\Users\selena\Documents\GTA3 User Files
2014-08-03 17:20 - 2014-01-29 18:07 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3492489014-2426886167-4003294497-1001
2014-08-03 16:30 - 2014-08-03 16:30 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-08-03 14:30 - 2014-08-03 14:30 - 00000294 _____ () C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job
2014-07-31 08:37 - 2014-07-31 08:37 - 00000000 ____D () C:\Users\selena\Documents\SavedGames
2014-07-30 17:22 - 2014-07-15 20:30 - 00000000 ____D () C:\Users\selena\Documents\ManiaPlanet
2014-07-30 17:03 - 2014-07-15 20:30 - 00000000 ____D () C:\ProgramData\ManiaPlanet
2014-07-30 15:27 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-07-29 21:11 - 2014-07-25 21:20 - 00000000 ____D () C:\Users\selena\AppData\Roaming\NVIDIA
2014-07-29 14:54 - 2014-01-30 03:49 - 00000000 ____D () C:\Users\selena\AppData\Roaming\LolClient
2014-07-29 10:12 - 2014-01-30 11:50 - 00000000 ____D () C:\Users\selena\AppData\Roaming\TS3Client
2014-07-29 10:03 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-07-29 09:47 - 2014-05-19 18:29 - 00000000 ____D () C:\Users\selena\AppData\Roaming\Skype
2014-07-29 09:47 - 2014-05-19 18:29 - 00000000 ____D () C:\ProgramData\Skype
2014-07-29 09:47 - 2013-08-22 15:36 - 00000000 __RHD () C:\Users\Default
2014-07-29 09:11 - 2014-07-29 07:07 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-07-29 08:26 - 2014-05-08 21:31 - 00000000 ____D () C:\Users\selena\Documents\My Games
2014-07-28 23:43 - 2014-07-28 23:43 - 00003730 _____ () C:\Windows\System32\Tasks\KMSAutoNet
2014-07-28 23:43 - 2014-07-28 23:43 - 00000000 ____D () C:\ProgramData\KMSAutoS
2014-07-25 18:29 - 2014-07-25 18:29 - 00000258 _____ () C:\Windows\Tasks\ASC7_SkipUac_DuhBoy.job
2014-07-25 18:29 - 2014-07-25 18:29 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-07-25 18:29 - 2014-07-25 18:28 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-07-25 18:28 - 2014-07-25 18:28 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-07-25 18:28 - 2014-07-25 18:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-25 18:28 - 2014-07-25 18:26 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-25 18:28 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Help
2014-07-25 17:18 - 2014-04-26 04:00 - 56389632 _____ () C:\Windows\system32\config\software.iodefrag.bak
2014-07-25 17:18 - 2014-04-26 04:00 - 00147456 _____ () C:\Windows\system32\config\default.iodefrag.bak
2014-07-25 17:18 - 2014-04-26 04:00 - 00036864 _____ () C:\Windows\system32\config\sam.iodefrag.bak
2014-07-25 17:18 - 2014-04-26 04:00 - 00024576 _____ () C:\Windows\system32\config\security.iodefrag.bak
2014-07-25 13:42 - 2014-04-26 03:22 - 00000000 ____D () C:\ProgramData\ProductData
2014-07-25 05:05 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2014-07-24 23:23 - 2014-07-24 23:16 - 00000000 ____D () C:\Users\Public\Game of Thrones
2014-07-24 13:50 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-22 09:14 - 2014-04-23 15:49 - 00013842 _____ () C:\Windows\system32\lvcoinst.log
2014-07-21 12:05 - 2014-07-21 12:05 - 00000000 ____D () C:\Users\selena\Documents\Rockstar Games
2014-07-21 11:57 - 2014-07-21 11:57 - 00000000 __SHD () C:\ProgramData\SecuROM
2014-07-21 11:57 - 2014-07-21 11:44 - 00000000 ____D () C:\Users\selena\AppData\Local\Rockstar Games
2014-07-21 11:55 - 2014-07-21 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-21 11:44 - 2014-07-21 11:44 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2014-07-21 11:44 - 2014-07-21 11:44 - 00000000 __RHD () C:\Users\selena\AppData\Roaming\SecuROM
2014-07-16 22:27 - 2014-07-16 22:27 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-16 21:33 - 2014-07-16 21:33 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-07-16 21:33 - 2014-07-16 21:33 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-07-16 21:33 - 2014-07-16 21:33 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-07-16 21:33 - 2014-07-16 21:33 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-07-16 21:33 - 2014-07-16 21:33 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-07-16 21:33 - 2014-01-31 18:12 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-07-16 01:42 - 2013-09-30 06:14 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-15 08:01 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-13 18:53 - 2014-07-09 20:41 - 00000000 ____D () C:\Users\selena\AppData\Local\CrashDumps
2014-07-13 00:13 - 2014-02-23 19:56 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-12 13:42 - 2014-07-12 13:42 - 00001502 __RSH () C:\ProgramData\ntuser.pol
2014-07-12 13:38 - 2013-08-22 17:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-12 01:02 - 2014-07-12 01:02 - 00000000 ____D () C:\Windows\ERUNT
2014-07-11 01:20 - 2014-07-11 01:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-11 01:20 - 2014-07-11 01:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-11 01:13 - 2014-04-10 08:24 - 00000000 ____D () C:\ProgramData\IObit
2014-07-10 06:16 - 2014-07-24 13:48 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-07-10 06:03 - 2014-07-24 13:48 - 04756992 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-07-10 05:33 - 2014-07-24 13:48 - 01120256 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-07-10 02:15 - 2014-07-09 21:09 - 00000000 ____D () C:\ProgramData\Battle.net
2014-07-09 22:45 - 2014-07-09 22:45 - 00001908 _____ () C:\Windows\diagwrn.xml
2014-07-09 22:45 - 2014-07-09 22:45 - 00001908 _____ () C:\Windows\diagerr.xml
2014-07-09 21:19 - 2014-07-09 21:11 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-07-09 18:30 - 2014-07-09 18:30 - 16871936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-07-09 18:30 - 2014-07-09 18:30 - 12711424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-07-09 18:30 - 2014-07-09 18:30 - 02518360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-07-09 18:30 - 2014-07-09 18:30 - 00668160 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2014-07-09 18:30 - 2014-07-09 18:30 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\cscui.dll
2014-07-09 18:30 - 2014-07-09 18:30 - 00590336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2014-07-09 18:30 - 2014-07-09 18:30 - 00467800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-07-09 18:30 - 2014-07-09 18:30 - 00440664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-07-09 18:30 - 2014-07-09 18:30 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-07-09 18:30 - 2014-07-09 18:30 - 00423768 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2014-07-09 18:30 - 2014-07-09 18:30 - 00419672 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-07-09 18:30 - 2014-07-09 18:30 - 00323584 _____ (Microsoft Corporation) C:\Windows\system32\DaOtpCredentialProvider.dll
2014-07-09 18:30 - 2014-07-09 18:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-07-09 18:30 - 2014-07-09 18:30 - 00270848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DaOtpCredentialProvider.dll
2014-07-09 18:30 - 2014-07-09 18:30 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-07-09 18:30 - 2014-07-09 18:30 - 00216368 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2014-07-09 18:30 - 2014-07-09 18:30 - 00209408 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-07-09 18:30 - 2014-07-09 18:30 - 00189016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2014-07-09 18:30 - 2014-07-09 18:30 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-07-09 18:30 - 2014-07-09 18:30 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-07-09 18:30 - 2014-07-09 18:30 - 00089944 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-07-09 18:30 - 2014-07-09 18:30 - 00037376 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-07-09 18:30 - 2014-07-09 18:30 - 00027480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-07-09 18:22 - 2014-07-09 18:22 - 00000000 ____D () C:\Users\selena\AppData\Roaming\ProductData
2014-07-09 18:21 - 2014-07-09 18:21 - 00000927 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-07-09 18:21 - 2014-07-09 18:21 - 00000000 ____D () C:\Users\selena\AppData\Roaming\IObit
2014-07-09 03:46 - 2014-07-09 03:46 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-09 02:02 - 2014-03-30 17:41 - 00335784 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 02:00 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2014-07-09 02:00 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-09 02:00 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-09 02:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2014-07-09 00:59 - 2014-02-01 08:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 00:58 - 2014-02-01 08:12 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 00:58 - 2013-09-30 05:54 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 00:54 - 2014-07-09 00:54 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-07-09 00:50 - 2014-07-09 00:50 - 00000706 _____ () C:\Users\Public\Desktop\CCleaner.lnk
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-31 05:33
 
==================== End Of Log ============================

Attached Files


Edited by Twixxin, 05 August 2014 - 02:27 PM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:17 PM

Posted 05 August 2014 - 05:47 PM


Key Found : HKCU\Software\Conduit - This is clean since its from BS player program and it appears everytime I start bs player program
Key Found : [x64] HKCU\Software\Conduit - Same from above


You can keep these entries. Keep in mind that Conduit will trace your action and possibly give you some Adds.

===

What are the remining issues?

#8 Twixxin

Twixxin
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 05 August 2014 - 05:52 PM

Issue is that anti malware blocks some random ip here is the log from anti malware:

Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Protection, 6.8.2014. 0:49:45, SYSTEM, DUHBOY, Protection, Malware Protection, Starting, 
Protection, 6.8.2014. 0:49:45, SYSTEM, DUHBOY, Protection, Malware Protection, Started, 
Protection, 6.8.2014. 0:49:45, SYSTEM, DUHBOY, Protection, Malicious Website Protection, Starting, 
Protection, 6.8.2014. 0:49:45, SYSTEM, DUHBOY, Protection, Malicious Website Protection, Started, 
Detection, 6.8.2014. 0:49:51, SYSTEM, DUHBOY, Protection, Malicious Website Protection, IP, 77.78.192.20, 63840, Outbound, C:\Windows\System32\svchost.exe, 
Detection, 6.8.2014. 0:49:51, SYSTEM, DUHBOY, Protection, Malicious Website Protection, IP, 77.78.192.20, 63840, Outbound, C:\Windows\System32\svchost.exe, 
 
(end)

And they just keep coming unless i exclude that ip adress to anti malware.
I think that ip adress is from my ISP telemach but i am not sure, since i asked on anti malware's forum they said it's not false positive.
So is there anyway to get rid of it or should i just exclude it i am not sure if it's safe since i am in office using 4 pcs on other 2 pcs anti malware doesn't find any malicious attacks from this ip adress only on mine.

Edited by Twixxin, 05 August 2014 - 05:59 PM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:17 PM

Posted 06 August 2014 - 08:14 AM

Try this.

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/

#10 Twixxin

Twixxin
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 06 August 2014 - 02:21 PM

Nope, it's still infected. But today i randomly googled that ip adress and it seems that it is from my ISP http://www.ip-adress.com/ip_tracer/77.78.192.20 as you can see here:
It says Sarajevo, capital of city of my country but i dont live near i am few hours aways. And it's says telemach which is ISP i am currently using, but only thing i dont understand is why anti malware blocks it on my pc and not other 2 since they're both on same ISP/network??


Edited by Twixxin, 06 August 2014 - 04:53 PM.


#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:17 PM

Posted 07 August 2014 - 08:36 AM

Launch Notepad, and copy/paste all the blue instructions below to it.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save
 

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]


Then, disconnect from the Internet!
Next,
Back on the Desktop, double-click on the fixme.reg file you just saved and click on Yes when asked to merge the information.

On a Vista or Windows 7 operating system right click on the fixme.reg file and run as Administrator.

Optional if the following programs are in your computer.
Note that since the Domains are deleted SpywareBlaster protection must be re-enabled. Spybot's Immunize feature must be used again

===

If the issue persists.

Run the Malwarebytes on one of the other computer.


Issue is that anti malware blocks some random ip here is the log from anti malware:
Malwarebytes Anti-Malware
www.malwarebytes.org

 

Protection, 6.8.2014. 0:49:45, SYSTEM, DUHBOY, Protection, Malware Protection, Starting,
Protection, 6.8.2014. 0:49:45, SYSTEM, DUHBOY, Protection, Malware Protection, Started,
Protection, 6.8.2014. 0:49:45, SYSTEM, DUHBOY, Protection, Malicious Website Protection, Starting,
Protection, 6.8.2014. 0:49:45, SYSTEM, DUHBOY, Protection, Malicious Website Protection, Started,
Detection, 6.8.2014. 0:49:51, SYSTEM, DUHBOY, Protection, Malicious Website Protection, IP, 77.78.192.20, 63840, Outbound, C:\Windows\System32\svchost.exe,
Detection, 6.8.2014. 0:49:51, SYSTEM, DUHBOY, Protection, Malicious Website Protection, IP, 77.78.192.20, 63840, Outbound, C:\Windows\System32\svchost.exe,


Are these entries also listed in the MBAM log.

I just want to see these entries nothing else.

#12 Twixxin

Twixxin
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 07 August 2014 - 02:18 PM

i did that and problem is still there, anti malware still finds it. Here is the log i just unexcluded that ip adress and it starts spamming this:
WHat do you mean entries only this is in log:
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Protection, 7.8.2014. 21:09:36, SYSTEM, DUHBOY, Protection, Malware Protection, Starting, 
Protection, 7.8.2014. 21:09:36, SYSTEM, DUHBOY, Protection, Malware Protection, Started, 
Protection, 7.8.2014. 21:09:36, SYSTEM, DUHBOY, Protection, Malicious Website Protection, Starting, 
Protection, 7.8.2014. 21:09:36, SYSTEM, DUHBOY, Protection, Malicious Website Protection, Started, 
Detection, 7.8.2014. 21:09:48, SYSTEM, DUHBOY, Protection, Malicious Website Protection, IP, 77.78.192.20, 51783, Outbound, C:\Windows\System32\svchost.exe, 
Detection, 7.8.2014. 21:09:48, SYSTEM, DUHBOY, Protection, Malicious Website Protection, IP, 77.78.192.20, 51783, Outbound, C:\Windows\System32\svchost.exe, 
Detection, 7.8.2014. 21:09:50, SYSTEM, DUHBOY, Protection, Malicious Website Protection, IP, 77.78.192.20, 62757, Outbound, C:\Windows\System32\svchost.exe, 
Detection, 7.8.2014. 21:09:50, SYSTEM, DUHBOY, Protection, Malicious Website Protection, IP, 77.78.192.20, 62531, Outbound, C:\Windows\System32\svchost.exe, 
Detection, 7.8.2014. 21:09:51, SYSTEM, DUHBOY, Protection, Malicious Website Protection, IP, 77.78.192.20, 56823, Outbound, C:\Windows\System32\svchost.exe, 
 
(end)


It spams until i exclude it..

I think its safe since when i switched back to my old ISP anti malware doesnt find anything, only when i am on my new one. I guess il just exclude it

Edited by Twixxin, 07 August 2014 - 02:29 PM.


#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:17 PM

Posted 08 August 2014 - 06:22 AM


This may be the solution.

Malwarebytes is working well, If you are seeing a message each time it blocks an IP, you can disable that action.

To disable the popups
1. Open Malwarebytes
2. Click on the Protection tab
3. Uncheck/untick the last item
"Show tooltip balloon when malicious website is blocked"
4. Click the exit button rather than the X at the top right to close the window.

#14 Twixxin

Twixxin
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 11 August 2014 - 11:39 AM

Hmm that wont really help since i am not using anti malware for real time protection. I dont know, anti malware now blocks that same ip on my sister's pc but nod smart security doesn't block anything everything is clean. No clue what is that all bout i guess il just exclude and leave it that way.



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:17 PM

Posted 11 August 2014 - 12:22 PM


If connected to a router try this.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

How to Secure Your Wireless Router
http://www.ehow.com/how_2253625_secure-wireless-router.html




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users