TechSpot

Win32:malware-gen please help!

Solved
By meljamisl
Sep 20, 2013
  1. OK, so it all started yesterday, when someone, somehow managed to hack into my electronic bitcoin wallet and relieve me of every last Bitcoin practically before my very eyes.

    I then scanned my computer and external storage devices using Avast, which revealed the win32:malware-gen virus.

    I removed the virus to the virus chest.

    I then explicitly followed this guide to removing the malware:
    http://www.im-infected.com/trojan/win32malware-gen.html

    However, after removing the virus to the chest all the scans failed to find any malicious items.

    Since then I have completed a full secure erase of my Samsung SSD drive using Parted Magic, then a full clean install of windows 8, using my win8 boot USB.

    (note: the win8 boot usb was one of the external devices discovered to have the win32:malware-gen on it. The malware was removed to the virus chest and subsequent scans detailed in the iminfected.com guide failed to find any malicious items.)

    After the clean win8 install, I rescanned all drives using avast and Malwarebytes. Up to this point both programs report no malicious items.

    BUT...

    I then began to reinstall my basic programs, browser and drivers. After installing Utorrent 2.2.1, Malwarebytes began to report multiple 'blocked access to a potentially harmful site' messages.

    I panicked, uninstalled Utorrent, did a full scan with avast and Malwarebytes, and was relieved to find no malicious items.

    I then reinstalled utorrent 2.2.1 and again began to recieve the 'blocked access to a potentially harmful site' messages. They seem to be linked to Avast and Utorrent.

    Here is a copy/paste of my Malwarebytes log:

    2013/09/22 01:33:54 +0930 INSPIRON15RSE James IP-BLOCK 109.236.82.166 (Type: outgoing, Port: 25334, Process: utorrent.exe)
    2013/09/22 01:35:22 +0930 INSPIRON15RSE James IP-BLOCK 31.133.45.210 (Type: outgoing, Port: 25334, Process: utorrent.exe)
    2013/09/22 01:55:31 +0930 INSPIRON15RSE James IP-BLOCK 213.186.115.236 (Type: outgoing, Port: 49729, Process: utorrent.exe)
    2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52795, Process: avastsvc.exe)
    2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52796, Process: avastsvc.exe)
    2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52798, Process: avastsvc.exe)
    2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52799, Process: avastsvc.exe)
    2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52801, Process: avastsvc.exe)
    2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52802, Process: avastsvc.exe)
    2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52805, Process: avastsvc.exe)
    2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52804, Process: avastsvc.exe)
    2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52807, Process: avastsvc.exe)
    2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52808, Process: avastsvc.exe)
    2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 217.23.9.122 (Type: outgoing, Port: 52810, Process: avastsvc.exe)
    2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 217.23.9.122 (Type: outgoing, Port: 52811, Process: avastsvc.exe)
    2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 217.23.9.122 (Type: outgoing, Port: 52813, Process: avastsvc.exe)
    2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 217.23.9.122 (Type: outgoing, Port: 52812, Process: avastsvc.exe)
    2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52815, Process: avastsvc.exe)
    2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52816, Process: avastsvc.exe)
    2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 195.3.147.99 (Type: outgoing, Port: 52822, Process: avastsvc.exe)
    2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 195.3.147.99 (Type: outgoing, Port: 52823, Process: avastsvc.exe)
    2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52827, Process: avastsvc.exe)
    2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52828, Process: avastsvc.exe)

    After money was stolen from my online wallet yesterday. I have become extremely worried. I have frozen my online banking accounts and tried everything in my limited technological power to solve the problem.

    In my desperate search for info online, I found this forum which seems to have numerous examples of people with technological expertise assisting other people like myself experiencing this very same problem. I am humbly hoping someone can do the same for me.

    I am willing to do anything at this point to ensure my system is secure, if anyone can assist me I would be immensely grateful.

    Regards

    meljamisl
     
  2. meljamisl

    meljamisl TS Rookie Topic Starter

    Also, not sure if it is related or not, but I have noticed that my browser has just started redirecting me when searching, navigating the web. Coincidence?
     
  3. Broni

    Broni Malware Annihilator Posts: 47,567   +267

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  4. meljamisl

    meljamisl TS Rookie Topic Starter

    Sincere thanks Broni, your help is GREATLY appreciated.

    The initial link 'read before proceeding with steps', suggests that because I use my computer for sensitive tasks like online banking, the safest approach would be a reformat and clean install of windows. However, I have already done a full secure erase of my SSD and a clean install of win8, so I am proceeding with the requested logs.

    As instructed in the thread, here are the two reports:

    Malwarebytes Report:

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.09.20.10

    Windows 8 x64 NTFS
    Internet Explorer 10.0.9200.16466
    James :: INSPIRON15RSE [administrator]

    Protection: Enabled

    22/09/2013 11:10:37 AM
    mbam-log-2013-09-22 (11-10-37).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 194921
    Time elapsed: 1 minute(s), 8 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    DDS Report

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16453
    Run by James at 11:17:02 on 2013-09-22
    Microsoft Windows 8 6.2.9200.0.1252.61.1033.18.8061.6133 [GMT 9.5:30]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\dwm.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Conexant\SA3\CxUtilSvc.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\system32\dashost.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\taskhostex.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Conexant\SA3\SmartAudio3.exe
    C:\Program Files\Elantech\ETDGesture.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE
    C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\notepad.exe
    C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\UpdateUI\DBRFactorySetup.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit = userinit.exe
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
    TCP: NameServer = 192.168.2.1
    TCP: Interfaces\{F7AD77D5-7EA3-49FB-97E3-7B44655FBF3D} : DHCPNameServer = 192.168.2.1
    SSODL: WebCheck - <orphaned>
    x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
    x64-Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe
    x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SA3\SACpl.exe /sa3 /nv:3.0+ /dne /s
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\krnc8k0f.default\
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    FF - ExtSQL: 2013-09-21 17:57; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF - ExtSQL: 2013-09-22 01:20; clickclean@hotcleaner.com; C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\krnc8k0f.default\extensions\clickclean@hotcleaner.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\Drivers\amdkmpfd.sys [2013-9-21 35496]
    R0 aswRvrt;aswRvrt;C:\Windows\System32\Drivers\aswRvrt.sys [2013-9-21 65336]
    R0 aswVmm;aswVmm;C:\Windows\System32\Drivers\aswVmm.sys [2013-9-21 204880]
    R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2013-9-21 652344]
    R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-9-21 1030952]
    R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2013-9-21 378944]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-8-29 239616]
    R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2013-4-11 772064]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\Drivers\aswFsBlk.sys [2013-9-21 33400]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-9-21 80816]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-9-21 46808]
    R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-9-30 1112000]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-9-30 1132480]
    R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-9-13 135984]
    R2 CxUtilSvc;CxUtilSvc;C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe [2013-9-22 109184]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-9-21 14904]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-9-22 165760]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-21 418376]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-21 701512]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2013-9-21 1914728]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-9-22 364416]
    R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-4-19 3388144]
    R3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Virtual Adapter;C:\Windows\System32\Drivers\AmpPal.sys [2013-4-11 165344]
    R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]
    R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\Drivers\btmaux.sys [2012-10-1 132480]
    R3 btmhsf;btmhsf;C:\Windows\System32\Drivers\btmhsf.sys [2012-10-1 1337216]
    R3 ETD;Dell Touchpad;C:\Windows\System32\Drivers\ETD.sys [2013-9-21 211280]
    R3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\Drivers\iBtFltCoex.sys [2012-8-6 68136]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2013-9-21 342528]
    R3 intelkmd;intelkmd;C:\Windows\System32\Drivers\igdpmd64.sys [2012-8-29 9000256]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-9-21 25928]
    R3 NETwNe64;@oem11.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\Windows\System32\Drivers\NETwew00.sys [2013-4-25 3341792]
    R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\Drivers\RtsUVStor.sys [2013-9-22 315536]
    R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-9-21 683664]
    S3 AMPPALP;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Protocol;C:\Windows\System32\Drivers\AmpPal.sys [2013-4-11 165344]
    S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-7-30 110744]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-4-19 273136]
    S3 WSDScan;WSD Scan Support;C:\Windows\System32\Drivers\WSDScan.sys [2012-7-26 23552]
    .
    =============== Created Last 30 ================
    .
    2013-09-22 01:35:47 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
    2013-09-21 15:46:18 -------- d-----w- C:\Windows\SysWow64\sda
    2013-09-21 15:46:14 9888912 ----a-w- C:\Windows\SysWow64\RtsUVStoricon.dll
    2013-09-21 15:46:14 315536 ----a-w- C:\Windows\System32\drivers\RtsUVStor.sys
    2013-09-21 15:44:46 15168 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
    2013-09-21 15:44:20 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
    2013-09-21 15:41:24 -------- d-----w- C:\Users\James\AppData\Local\Conexant
    2013-09-21 15:40:28 -------- d-----w- C:\ProgramData\Conexant
    2013-09-21 15:40:28 -------- d-----w- C:\Program Files\CONEXANT
    2013-09-21 15:40:16 879616 ----a-w- C:\Windows\System32\MCAPO64.dll
    2013-09-21 15:40:16 74240 ----a-w- C:\Windows\System32\MCWrp64.dll
    2013-09-21 15:40:16 619520 ----a-w- C:\Windows\System32\MCTHX64.dll
    2013-09-21 15:40:16 576888 ----a-w- C:\Windows\System32\MaxxAudioAPO4064.dll
    2013-09-21 15:40:16 2784416 ----a-w- C:\Windows\System32\UCI64A06.DLL
    2013-09-21 15:40:16 1780384 ----a-w- C:\Windows\System32\CX64AP71.dll
    2013-09-21 15:40:16 1607328 ----a-w- C:\Windows\System32\drivers\CHDRT64.sys
    2013-09-21 15:40:16 1008472 ----a-w- C:\Windows\System32\MaxxAudioAPOShell64.dll
    2013-09-21 15:40:12 -------- d-----w- C:\Program Files (x86)\Common Files\{F0A37341-D692-11D4-A984-009027EC0A9C}
    2013-09-21 09:57:47 -------- d-----w- C:\Users\James\AppData\Local\ATI
    2013-09-21 09:57:27 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
    2013-09-21 09:56:47 -------- d-----w- C:\Users\James\AppData\Roaming\Intel Corporation
    2013-09-21 09:54:22 -------- d-----w- C:\ProgramData\AMD
    2013-09-21 09:54:22 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
    2013-09-21 09:54:22 -------- d-----w- C:\Program Files (x86)\AMD AVT
    2013-09-21 09:54:11 -------- d-----w- C:\Program Files (x86)\AMD APP
    2013-09-21 09:53:11 -------- d-----w- C:\Program Files (x86)\ATI Technologies
    2013-09-21 09:53:10 -------- d-----w- C:\Program Files\ATI
    2013-09-21 09:52:54 -------- d-----w- C:\Program Files\ATI Technologies
    2013-09-21 09:52:26 35496 ----a-w- C:\Windows\System32\drivers\amdkmpfd.sys
    2013-09-21 09:52:24 342528 ----a-w- C:\Windows\System32\drivers\IntcDAud.sys
    2013-09-21 09:52:24 16896 ----a-w- C:\Windows\System32\IntcDAuC.dll
    2013-09-21 09:44:45 652344 ----a-w- C:\Windows\System32\drivers\iaStorA.sys
    2013-09-21 09:35:26 74344 ----a-w- C:\Windows\System32\RtNicProp64.dll
    2013-09-21 09:35:26 683664 ----a-w- C:\Windows\System32\drivers\Rt630x64.sys
    2013-09-21 09:35:23 -------- d-----w- C:\Program Files (x86)\Realtek
    2013-09-21 09:32:41 -------- d--h--w- C:\Windows\System32\WLANProfiles
    2013-09-21 09:32:28 -------- d-----w- C:\Users\James\AppData\Roaming\Intel
    2013-09-21 09:32:21 -------- d-----w- C:\Users\James\Roaming
    2013-09-21 09:32:20 -------- d-----w- C:\ProgramData\Roaming
    2013-09-21 09:32:07 -------- d-----w- C:\Program Files (x86)\Cisco
    2013-09-21 09:31:36 -------- d-----w- C:\ProgramData\Package Cache
    2013-09-21 09:18:22 -------- d-----w- C:\Program Files\Elantech
    2013-09-21 09:18:05 211280 ----a-w- C:\Windows\System32\drivers\ETD.sys
    2013-09-21 09:09:48 -------- d-----w- C:\Program Files\Dell
    2013-09-21 08:31:01 0 ----a-w- C:\Windows\ativpsrm.bin
    2013-09-21 08:30:53 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
    2013-09-21 08:28:04 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2013-09-21 08:28:04 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2013-09-21 08:28:04 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
    2013-09-21 08:28:04 204880 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
    2013-09-21 08:28:04 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2013-09-21 08:27:51 56832 ----a-w- C:\Windows\System32\OpenCL.DLL
    2013-09-21 08:27:51 56320 ----a-w- C:\Windows\SysWow64\OpenCL.DLL
    2013-09-21 08:27:51 -------- d-----w- C:\Program Files\Common Files\Intel
    2013-09-21 08:27:51 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
    2013-09-21 08:27:48 41664 ----a-w- C:\Windows\avastSS.scr
    2013-09-21 08:27:48 -------- d-----w- C:\Windows\LastGood.Tmp
    2013-09-21 08:21:56 -------- d-s---w- C:\Windows\SysWow64\Microsoft
    2013-09-21 08:14:28 -------- d-----w- C:\Program Files\AVAST Software
    2013-09-21 08:14:03 -------- d-----w- C:\ProgramData\AVAST Software
    2013-09-21 08:00:21 -------- d-----w- C:\Users\James\AppData\Roaming\Malwarebytes
    2013-09-21 08:00:15 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-09-21 08:00:15 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-09-21 08:00:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-09-21 07:59:58 -------- d-----w- C:\Users\James\AppData\Local\Programs
    2013-09-21 07:40:05 -------- d-----w- C:\Users\James\AppData\Local\softthinks
    2013-09-21 07:32:25 -------- d-sh--w- C:\Recovery
    2013-09-21 07:32:23 -------- d-sh--w- C:\$RECYCLE.BIN
    2013-09-21 07:32:20 -------- d-----w- C:\Windows\SysWow64\SYSPREP
    2013-09-21 07:32:04 -------- d-----w- C:\Dell
    2013-09-21 07:31:39 -------- d-----w- C:\Temp
    2013-09-21 07:30:49 -------- d-----w- C:\ProgramData\PC-Doctor for Windows
    2013-09-21 07:30:48 -------- d-----w- C:\ProgramData\PCDr
    2013-09-21 07:30:45 -------- d-----w- C:\Program Files\Dell Support Center
    2013-09-21 07:30:40 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
    2013-09-21 07:30:20 -------- d-----w- C:\Intel
    2013-09-21 07:29:07 -------- d-----w- C:\Windows\I386
    2013-09-20 23:25:20 -------- d-----w- C:\Program Files (x86)\Dell Backup and Recovery
    2013-09-20 23:25:15 -------- d-----w- C:\report
    2013-09-20 23:24:25 28216 ----a-w- C:\Windows\System32\drivers\iaStorF.sys
    2013-09-20 23:24:25 -------- d-sh--w- C:\System Recovery
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 11:17:16.80 ===============
     
  5. meljamisl

    meljamisl TS Rookie Topic Starter

    Just to clarify.

    I began receiving the 'blocked access' warnings through Malwarebytes after installing Utorrent.

    I did not ever attempt to use Utorrent or download any torrents.

    I only installed the program and at the completion of installation after Utorrent launched I began getting the warnings.

    This happened again after uninstalling/reinstalling it. I presently have it uninstalled.
     
  6. Broni

    Broni Malware Annihilator Posts: 47,567   +267

    1. These kind of programs WILL trigger MBAM warnings and there is nothing you can do about it.
    You can either uninstall uTorrent or live with those warnings.

    2. Since you performed clean Windows reinstallation I see no reason to run any more steps.
     
  7. meljamisl

    meljamisl TS Rookie Topic Starter

    Is it normal to receive MBAM warnings without ever attempting to use Utorrent or download a torrent?

    Is it compromising my security having Utorrent installed and running?

    Can someone potentially introduce malicious items through ports opened by Utorrent?

    If its normal and safe I can learn to live with the warnings..

    I just want to be 100% secure after my Bitcoins were stolen.
     
  8. Broni

    Broni Malware Annihilator Posts: 47,567   +267

    If it's running in the background.
    Possible.

    No. If you scan every single downloaded file you should be OK.
     
  9. meljamisl

    meljamisl TS Rookie Topic Starter

    Ok

    Thank you so much again for your help.

    You are a saint.
     
  10. Broni

    Broni Malware Annihilator Posts: 47,567   +267

    You're very welcome [​IMG]
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.