Solved Win32:malware-gen please help!

M

meljamisl

Posts: 6   +0
OK, so it all started yesterday, when someone, somehow managed to hack into my electronic bitcoin wallet and relieve me of every last Bitcoin practically before my very eyes.

I then scanned my computer and external storage devices using Avast, which revealed the win32:malware-gen virus.

I removed the virus to the virus chest.

I then explicitly followed this guide to removing the malware:
http://www.im-infected.com/trojan/win32malware-gen.html

However, after removing the virus to the chest all the scans failed to find any malicious items.

Since then I have completed a full secure erase of my Samsung SSD drive using Parted Magic, then a full clean install of windows 8, using my win8 boot USB.

(note: the win8 boot usb was one of the external devices discovered to have the win32:malware-gen on it. The malware was removed to the virus chest and subsequent scans detailed in the iminfected.com guide failed to find any malicious items.)

After the clean win8 install, I rescanned all drives using avast and Malwarebytes. Up to this point both programs report no malicious items.

BUT...

I then began to reinstall my basic programs, browser and drivers. After installing Utorrent 2.2.1, Malwarebytes began to report multiple 'blocked access to a potentially harmful site' messages.

I panicked, uninstalled Utorrent, did a full scan with avast and Malwarebytes, and was relieved to find no malicious items.

I then reinstalled utorrent 2.2.1 and again began to recieve the 'blocked access to a potentially harmful site' messages. They seem to be linked to Avast and Utorrent.

Here is a copy/paste of my Malwarebytes log:

2013/09/22 01:33:54 +0930 INSPIRON15RSE James IP-BLOCK 109.236.82.166 (Type: outgoing, Port: 25334, Process: utorrent.exe)
2013/09/22 01:35:22 +0930 INSPIRON15RSE James IP-BLOCK 31.133.45.210 (Type: outgoing, Port: 25334, Process: utorrent.exe)
2013/09/22 01:55:31 +0930 INSPIRON15RSE James IP-BLOCK 213.186.115.236 (Type: outgoing, Port: 49729, Process: utorrent.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52795, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52796, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52798, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52799, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52801, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52802, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52805, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52804, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52807, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52808, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 217.23.9.122 (Type: outgoing, Port: 52810, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 217.23.9.122 (Type: outgoing, Port: 52811, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 217.23.9.122 (Type: outgoing, Port: 52813, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 217.23.9.122 (Type: outgoing, Port: 52812, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52815, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52816, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 195.3.147.99 (Type: outgoing, Port: 52822, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 195.3.147.99 (Type: outgoing, Port: 52823, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52827, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52828, Process: avastsvc.exe)

After money was stolen from my online wallet yesterday. I have become extremely worried. I have frozen my online banking accounts and tried everything in my limited technological power to solve the problem.

In my desperate search for info online, I found this forum which seems to have numerous examples of people with technological expertise assisting other people like myself experiencing this very same problem. I am humbly hoping someone can do the same for me.

I am willing to do anything at this point to ensure my system is secure, if anyone can assist me I would be immensely grateful.

Regards

meljamisl
 
Also, not sure if it is related or not, but I have noticed that my browser has just started redirecting me when searching, navigating the web. Coincidence?
 
Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Sincere thanks Broni, your help is GREATLY appreciated.

The initial link 'read before proceeding with steps', suggests that because I use my computer for sensitive tasks like online banking, the safest approach would be a reformat and clean install of windows. However, I have already done a full secure erase of my SSD and a clean install of win8, so I am proceeding with the requested logs.

As instructed in the thread, here are the two reports:

Malwarebytes Report:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.20.10

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16466
James :: INSPIRON15RSE [administrator]

Protection: Enabled

22/09/2013 11:10:37 AM
mbam-log-2013-09-22 (11-10-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 194921
Time elapsed: 1 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

DDS Report

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16453
Run by James at 11:17:02 on 2013-09-22
Microsoft Windows 8 6.2.9200.0.1252.61.1033.18.8061.6133 [GMT 9.5:30]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Conexant\SA3\CxUtilSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\dashost.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Conexant\SA3\SmartAudio3.exe
C:\Program Files\Elantech\ETDGesture.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE
C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\notepad.exe
C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\UpdateUI\DBRFactorySetup.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{F7AD77D5-7EA3-49FB-97E3-7B44655FBF3D} : DHCPNameServer = 192.168.2.1
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SA3\SACpl.exe /sa3 /nv:3.0+ /dne /s
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\krnc8k0f.default\
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - ExtSQL: 2013-09-21 17:57; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-09-22 01:20; clickclean@hotcleaner.com; C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\krnc8k0f.default\extensions\clickclean@hotcleaner.com
.
============= SERVICES / DRIVERS ===============
.
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\Drivers\amdkmpfd.sys [2013-9-21 35496]
R0 aswRvrt;aswRvrt;C:\Windows\System32\Drivers\aswRvrt.sys [2013-9-21 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\Drivers\aswVmm.sys [2013-9-21 204880]
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2013-9-21 652344]
R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-9-21 1030952]
R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2013-9-21 378944]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-8-29 239616]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2013-4-11 772064]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\Drivers\aswFsBlk.sys [2013-9-21 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-9-21 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-9-21 46808]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-9-30 1112000]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-9-30 1132480]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-9-13 135984]
R2 CxUtilSvc;CxUtilSvc;C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe [2013-9-22 109184]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-9-21 14904]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-9-22 165760]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-21 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-21 701512]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2013-9-21 1914728]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-9-22 364416]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-4-19 3388144]
R3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Virtual Adapter;C:\Windows\System32\Drivers\AmpPal.sys [2013-4-11 165344]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\Drivers\btmaux.sys [2012-10-1 132480]
R3 btmhsf;btmhsf;C:\Windows\System32\Drivers\btmhsf.sys [2012-10-1 1337216]
R3 ETD;Dell Touchpad;C:\Windows\System32\Drivers\ETD.sys [2013-9-21 211280]
R3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\Drivers\iBtFltCoex.sys [2012-8-6 68136]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2013-9-21 342528]
R3 intelkmd;intelkmd;C:\Windows\System32\Drivers\igdpmd64.sys [2012-8-29 9000256]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-9-21 25928]
R3 NETwNe64;@oem11.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\Windows\System32\Drivers\NETwew00.sys [2013-4-25 3341792]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\Drivers\RtsUVStor.sys [2013-9-22 315536]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-9-21 683664]
S3 AMPPALP;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Protocol;C:\Windows\System32\Drivers\AmpPal.sys [2013-4-11 165344]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-7-30 110744]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-4-19 273136]
S3 WSDScan;WSD Scan Support;C:\Windows\System32\Drivers\WSDScan.sys [2012-7-26 23552]
.
=============== Created Last 30 ================
.
2013-09-22 01:35:47 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-09-21 15:46:18 -------- d-----w- C:\Windows\SysWow64\sda
2013-09-21 15:46:14 9888912 ----a-w- C:\Windows\SysWow64\RtsUVStoricon.dll
2013-09-21 15:46:14 315536 ----a-w- C:\Windows\System32\drivers\RtsUVStor.sys
2013-09-21 15:44:46 15168 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
2013-09-21 15:44:20 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2013-09-21 15:41:24 -------- d-----w- C:\Users\James\AppData\Local\Conexant
2013-09-21 15:40:28 -------- d-----w- C:\ProgramData\Conexant
2013-09-21 15:40:28 -------- d-----w- C:\Program Files\CONEXANT
2013-09-21 15:40:16 879616 ----a-w- C:\Windows\System32\MCAPO64.dll
2013-09-21 15:40:16 74240 ----a-w- C:\Windows\System32\MCWrp64.dll
2013-09-21 15:40:16 619520 ----a-w- C:\Windows\System32\MCTHX64.dll
2013-09-21 15:40:16 576888 ----a-w- C:\Windows\System32\MaxxAudioAPO4064.dll
2013-09-21 15:40:16 2784416 ----a-w- C:\Windows\System32\UCI64A06.DLL
2013-09-21 15:40:16 1780384 ----a-w- C:\Windows\System32\CX64AP71.dll
2013-09-21 15:40:16 1607328 ----a-w- C:\Windows\System32\drivers\CHDRT64.sys
2013-09-21 15:40:16 1008472 ----a-w- C:\Windows\System32\MaxxAudioAPOShell64.dll
2013-09-21 15:40:12 -------- d-----w- C:\Program Files (x86)\Common Files\{F0A37341-D692-11D4-A984-009027EC0A9C}
2013-09-21 09:57:47 -------- d-----w- C:\Users\James\AppData\Local\ATI
2013-09-21 09:57:27 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
2013-09-21 09:56:47 -------- d-----w- C:\Users\James\AppData\Roaming\Intel Corporation
2013-09-21 09:54:22 -------- d-----w- C:\ProgramData\AMD
2013-09-21 09:54:22 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2013-09-21 09:54:22 -------- d-----w- C:\Program Files (x86)\AMD AVT
2013-09-21 09:54:11 -------- d-----w- C:\Program Files (x86)\AMD APP
2013-09-21 09:53:11 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2013-09-21 09:53:10 -------- d-----w- C:\Program Files\ATI
2013-09-21 09:52:54 -------- d-----w- C:\Program Files\ATI Technologies
2013-09-21 09:52:26 35496 ----a-w- C:\Windows\System32\drivers\amdkmpfd.sys
2013-09-21 09:52:24 342528 ----a-w- C:\Windows\System32\drivers\IntcDAud.sys
2013-09-21 09:52:24 16896 ----a-w- C:\Windows\System32\IntcDAuC.dll
2013-09-21 09:44:45 652344 ----a-w- C:\Windows\System32\drivers\iaStorA.sys
2013-09-21 09:35:26 74344 ----a-w- C:\Windows\System32\RtNicProp64.dll
2013-09-21 09:35:26 683664 ----a-w- C:\Windows\System32\drivers\Rt630x64.sys
2013-09-21 09:35:23 -------- d-----w- C:\Program Files (x86)\Realtek
2013-09-21 09:32:41 -------- d--h--w- C:\Windows\System32\WLANProfiles
2013-09-21 09:32:28 -------- d-----w- C:\Users\James\AppData\Roaming\Intel
2013-09-21 09:32:21 -------- d-----w- C:\Users\James\Roaming
2013-09-21 09:32:20 -------- d-----w- C:\ProgramData\Roaming
2013-09-21 09:32:07 -------- d-----w- C:\Program Files (x86)\Cisco
2013-09-21 09:31:36 -------- d-----w- C:\ProgramData\Package Cache
2013-09-21 09:18:22 -------- d-----w- C:\Program Files\Elantech
2013-09-21 09:18:05 211280 ----a-w- C:\Windows\System32\drivers\ETD.sys
2013-09-21 09:09:48 -------- d-----w- C:\Program Files\Dell
2013-09-21 08:31:01 0 ----a-w- C:\Windows\ativpsrm.bin
2013-09-21 08:30:53 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2013-09-21 08:28:04 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-09-21 08:28:04 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-09-21 08:28:04 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-09-21 08:28:04 204880 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-09-21 08:28:04 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-09-21 08:27:51 56832 ----a-w- C:\Windows\System32\OpenCL.DLL
2013-09-21 08:27:51 56320 ----a-w- C:\Windows\SysWow64\OpenCL.DLL
2013-09-21 08:27:51 -------- d-----w- C:\Program Files\Common Files\Intel
2013-09-21 08:27:51 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2013-09-21 08:27:48 41664 ----a-w- C:\Windows\avastSS.scr
2013-09-21 08:27:48 -------- d-----w- C:\Windows\LastGood.Tmp
2013-09-21 08:21:56 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2013-09-21 08:14:28 -------- d-----w- C:\Program Files\AVAST Software
2013-09-21 08:14:03 -------- d-----w- C:\ProgramData\AVAST Software
2013-09-21 08:00:21 -------- d-----w- C:\Users\James\AppData\Roaming\Malwarebytes
2013-09-21 08:00:15 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-09-21 08:00:15 -------- d-----w- C:\ProgramData\Malwarebytes
2013-09-21 08:00:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-21 07:59:58 -------- d-----w- C:\Users\James\AppData\Local\Programs
2013-09-21 07:40:05 -------- d-----w- C:\Users\James\AppData\Local\softthinks
2013-09-21 07:32:25 -------- d-sh--w- C:\Recovery
2013-09-21 07:32:23 -------- d-sh--w- C:\$RECYCLE.BIN
2013-09-21 07:32:20 -------- d-----w- C:\Windows\SysWow64\SYSPREP
2013-09-21 07:32:04 -------- d-----w- C:\Dell
2013-09-21 07:31:39 -------- d-----w- C:\Temp
2013-09-21 07:30:49 -------- d-----w- C:\ProgramData\PC-Doctor for Windows
2013-09-21 07:30:48 -------- d-----w- C:\ProgramData\PCDr
2013-09-21 07:30:45 -------- d-----w- C:\Program Files\Dell Support Center
2013-09-21 07:30:40 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2013-09-21 07:30:20 -------- d-----w- C:\Intel
2013-09-21 07:29:07 -------- d-----w- C:\Windows\I386
2013-09-20 23:25:20 -------- d-----w- C:\Program Files (x86)\Dell Backup and Recovery
2013-09-20 23:25:15 -------- d-----w- C:\report
2013-09-20 23:24:25 28216 ----a-w- C:\Windows\System32\drivers\iaStorF.sys
2013-09-20 23:24:25 -------- d-sh--w- C:\System Recovery
.
==================== Find3M ====================
.
.
============= FINISH: 11:17:16.80 ===============
 
Just to clarify.

I began receiving the 'blocked access' warnings through Malwarebytes after installing Utorrent.

I did not ever attempt to use Utorrent or download any torrents.

I only installed the program and at the completion of installation after Utorrent launched I began getting the warnings.

This happened again after uninstalling/reinstalling it. I presently have it uninstalled.
 
1. These kind of programs WILL trigger MBAM warnings and there is nothing you can do about it.
You can either uninstall uTorrent or live with those warnings.

2. Since you performed clean Windows reinstallation I see no reason to run any more steps.
 
Is it normal to receive MBAM warnings without ever attempting to use Utorrent or download a torrent?

Is it compromising my security having Utorrent installed and running?

Can someone potentially introduce malicious items through ports opened by Utorrent?

If its normal and safe I can learn to live with the warnings..

I just want to be 100% secure after my Bitcoins were stolen.
 
Is it normal to receive MBAM warnings without ever attempting to use Utorrent or download a torrent?
Click to expand...
If it's running in the background.
Can someone potentially introduce malicious items through ports opened by Utorrent?
Click to expand...
Possible.

Is it compromising my security having Utorrent installed and running?
Click to expand...
No. If you scan every single downloaded file you should be OK.
 
You're very welcome
p22002759.gif
 
You must log in or register to reply here.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
B
Solved Infected ddos attack?
2
Replies
26
Views
6K
Broni
Broni
Nicki
Solved Must have picked up something... some COVID computer variant???
Replies
9
Views
3K
Broni
Broni

Latest posts

Back