Jamesrulez1

Honorary Members

View Profile See their activity

Posts
36
Joined
October 24, 2011
Last visited
December 8, 2011

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by Jamesrulez1

I don't know why but i get random IP blocks from MWB

Jamesrulez1 replied to Jamesrulez1's topic in Resolved Malware Removal Logs

You should close it for now. I'll reply if i can ever get a hold of who's got the problem. There are more than 1 person connected to the wireless router so I have to go through them 1 by 1
- December 8, 2011
- 44 replies
I don't know why but i get random IP blocks from MWB

Jamesrulez1 replied to Jamesrulez1's topic in Resolved Malware Removal Logs

I can't find the folder. Is it because i said uninstall everything when I quit? It found 11 threats so I hope it's fixed it. I haven't gotten another email yet and am waiting to see if I will.
- November 25, 2011
- 44 replies
I don't know why but i get random IP blocks from MWB

Jamesrulez1 replied to Jamesrulez1's topic in Resolved Malware Removal Logs

I got a email : We have received reports from the ACMA's Australian Internet Security Initiative (AISI) that a machine accessing the Internet using your TPG Service is causing unwanted traffic to be transmitted, such as spam and viruses. A summary of the last few complaints have been provided below: [2011-11-10 14:22:52] [115.64.40.205] Trojan: DNSChanger [2011-11-10 12:21:27] [115.64.40.205] Trojan: Generic [2011-11-09 11:58:52] [115.64.40.205] Trojan: Generic
- November 11, 2011
- 44 replies
I don't know why but i get random IP blocks from MWB

Jamesrulez1 replied to Jamesrulez1's topic in Resolved Malware Removal Logs

Combofix log : ComboFix 11-11-03.01 - User 03/11/2011 20:48:27.4.4 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3575.2561 [GMT 11:00] Running from: c:\users\User\Desktop\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\User\AppData\Local\Temp\lol_patch_0901to0921.exe c:\users\User\AppData\Local\Temp\lol_patch_0921to1012.exe . . ((((((((((((((((((((((((( Files Created from 2011-10-03 to 2011-11-03 ))))))))))))))))))))))))))))))) . . 2011-11-03 10:07 . 2011-11-03 10:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-03 06:13 . 2011-11-03 06:13 -------- d-----w- c:\program files\Common Files\Java 2011-11-03 06:04 . 2011-11-03 06:09 -------- d-----w- c:\users\User\AppData\Roaming\GarenaPlus 2011-11-02 09:07 . 2011-11-03 05:12 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBD97F22-279E-4EAE-BF31-C62146F115B6}\offreg.dll 2011-11-01 06:31 . 2011-11-01 06:31 -------- d-----w- c:\program files\Voxatron 2011-11-01 05:41 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBD97F22-279E-4EAE-BF31-C62146F115B6}\mpengine.dll 2011-10-30 10:10 . 2011-11-03 09:44 -------- d-----w- c:\users\User\AppData\Local\PMB Files 2011-10-30 10:09 . 2011-11-03 09:44 -------- d-----w- c:\programdata\PMB Files 2011-10-23 04:25 . 2011-10-23 04:25 -------- d-----w- c:\users\LoL 2011-10-22 07:03 . 2011-10-22 07:06 -------- d-----w- c:\users\User\AppData\Roaming\GetRightToGo 2011-10-22 06:59 . 2011-10-22 06:59 -------- d-----w- c:\program files\Free Mouse Auto Clicker 2011-10-21 10:33 . 2011-10-21 10:33 -------- d-----w- c:\program files\NetWorx 2011-10-21 10:33 . 2011-10-21 10:33 -------- d-----w- c:\programdata\SoftPerfect 2011-10-21 10:33 . 2011-09-19 10:58 51976 ----a-w- c:\windows\system32\drivers\networx.sys 2011-10-21 10:19 . 2011-10-21 10:34 -------- d-----w- c:\program files\Uniblue 2011-10-13 20:29 . 2011-10-13 20:29 42392 ----a-w- c:\windows\system32\xfcodec.dll 2011-10-13 08:03 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-13 08:03 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll 2011-10-13 08:03 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll 2011-10-13 08:03 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax 2011-10-13 08:03 . 2011-09-06 02:28 2334720 ----a-w- c:\windows\system32\win32k.sys 2011-10-11 08:24 . 2011-10-25 09:50 -------- d-----w- C:\V83 2011-10-05 00:58 . 2011-10-05 01:00 -------- d-----w- c:\users\User\AppData\Local\Procaster 2011-10-05 00:58 . 2011-10-05 00:58 -------- d-----w- c:\program files\Livestream Procaster . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-03 06:12 . 2010-12-20 04:28 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-10-20 08:03 . 2011-06-26 00:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-09-07 07:47 . 2011-03-30 09:16 165232 ----a-w- c:\users\User\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll 2011-09-06 20:45 . 2010-12-21 04:34 41184 ----a-w- c:\windows\avastSS.scr 2011-09-06 20:45 . 2010-12-21 04:34 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-09-06 20:38 . 2011-03-17 09:11 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-09-06 20:37 . 2010-12-21 04:35 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-09-06 20:36 . 2010-12-21 04:35 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-09-06 20:36 . 2010-12-21 04:35 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-09-06 20:36 . 2010-12-21 04:35 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-09-06 20:36 . 2010-12-21 04:35 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-08-31 06:00 . 2010-12-21 04:29 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-22 06:07 . 2011-08-22 06:07 55280 ----a-w- c:\windows\system32\drivers\vmx86.sys 2011-08-22 06:07 . 2011-10-02 00:09 354416 ----a-w- c:\windows\system32\vmnetdhcp.exe 2011-08-22 06:07 . 2011-10-02 00:09 783472 ----a-w- c:\windows\system32\vnetlib.dll 2011-08-22 06:06 . 2011-10-02 00:09 432752 ----a-w- c:\windows\system32\vmnat.exe 2011-08-22 06:06 . 2011-10-02 00:09 25712 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys 2011-08-22 04:40 . 2011-08-22 04:40 252016 ----a-w- c:\windows\system32\vmnc.dll 2011-08-22 04:12 . 2011-08-22 04:12 55408 ----a-w- c:\windows\system32\vmnetbridge.dll 2011-08-22 04:12 . 2011-08-22 04:12 49776 ----a-w- c:\windows\system32\vnetinst.dll 2011-08-22 04:12 . 2011-08-22 04:12 36464 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys 2011-08-22 04:12 . 2011-08-22 04:12 19568 ----a-w- c:\windows\system32\drivers\vmnet.sys 2011-08-22 04:12 . 2011-08-22 04:12 16624 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys 2011-08-21 12:11 . 2011-08-21 12:11 32496 ----a-w- c:\windows\system32\drivers\hcmon.sys 2011-08-21 12:01 . 2011-08-21 12:01 31280 ----a-w- c:\windows\system32\drivers\vmusb.sys 2011-08-08 03:58 . 2011-08-08 03:58 98928 ----a-w- c:\windows\system32\drivers\vmci.sys 2011-08-08 03:58 . 2011-08-08 03:58 63088 ----a-w- c:\windows\system32\vsocklib.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-11-01_06.01.14 ))))))))))))))))))))))))))))))))))))))))) . + 2010-12-20 05:40 . 2011-11-02 09:06 64034 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 04:55 . 2011-11-03 10:11 30090 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-12-20 04:19 . 2011-11-03 10:11 17518 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3561220507-2474625922-2837830357-1001_UserData.bin + 2010-12-20 03:12 . 2011-11-03 10:09 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-12-20 03:12 . 2011-11-01 06:00 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-12-20 03:12 . 2011-11-01 06:00 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-12-20 03:12 . 2011-11-03 10:09 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:41 . 2011-11-03 10:09 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:41 . 2011-11-01 06:00 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-11-01 05:35 . 2011-11-01 06:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-11-03 05:10 . 2011-11-03 10:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-11-03 05:10 . 2011-11-03 10:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-11-01 05:35 . 2011-11-01 06:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 02:05 . 2011-11-03 08:08 667042 c:\windows\System32\perfh009.dat - 2009-07-14 02:05 . 2011-11-01 05:41 667042 c:\windows\System32\perfh009.dat + 2009-07-14 02:05 . 2011-11-03 08:08 126304 c:\windows\System32\perfc009.dat - 2009-07-14 02:05 . 2011-11-01 05:41 126304 c:\windows\System32\perfc009.dat - 2011-04-13 01:11 . 2011-04-13 01:11 157472 c:\windows\System32\javaws.exe + 2011-11-03 06:12 . 2011-11-03 06:12 157472 c:\windows\System32\javaws.exe + 2011-11-03 06:12 . 2011-11-03 06:12 145184 c:\windows\System32\javaw.exe - 2011-04-13 01:11 . 2011-04-13 01:11 145184 c:\windows\System32\javaw.exe + 2011-11-03 06:12 . 2011-11-03 06:12 145184 c:\windows\System32\java.exe - 2011-04-13 01:11 . 2011-04-13 01:11 145184 c:\windows\System32\java.exe + 2009-07-14 04:47 . 2011-11-02 10:30 388192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 04:47 . 2011-10-31 11:05 388192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-11-03 06:13 . 2011-11-03 06:13 207360 c:\windows\Installer\34e474.msi - 2011-01-29 11:17 . 2011-09-05 11:15 1369024 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-01-29 11:17 . 2011-11-02 10:30 1369024 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-01-22 11:05 . 2011-11-02 10:30 7138279 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3561220507-2474625922-2837830357-1001-8192.dat + 2011-11-03 06:11 . 2011-11-03 06:11 12863488 c:\windows\Installer\34e46f.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-12-09 3911776] . [HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-11-29 04:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}] 2010-12-09 01:51 3911776 ----a-w- c:\program files\XfireXO\tbXfir.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192] "{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-12-09 3911776] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-12-09 3911776] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192] . [HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256] "Steam"="c:\program files\Steam\steam.exe" [2011-08-02 1242448] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "Presentation Pointer"="c:\program files\Presentation Pointer\PPointer.exe" [2011-06-08 2215936] "Window Hide Tool"="c:\program files\Window Hide Tool\Window Hide Tool.exe" [2008-01-18 307200] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-12-14 2424560] "Hobbyist Software VLC Streamer"="c:\program files\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe" [2011-01-21 1317376] "GarenaMessenger"="c:\program files\Garena Messenger\GarenaMessenger.exe" [2011-10-31 5295960] "FlashGet 3"="c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe" [2009-12-22 2127408] "chromium"="c:\users\User\AppData\Local\Google\Chrome\Application\chrome.exe" [2011-10-26 1036344] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2010-05-24 1683360] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520] "Pidgin"="c:\program files\Pidgin\Pidgin.exe" [2010-12-20 48618] "Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2011-03-24 167936] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968] "vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2011-08-22 103536] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-18 421736] "NetWorx"="c:\program files\NetWorx\networx.exe" [2011-10-19 3332608] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-03 767312] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-25 2569616] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-09-05 35736] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-1-21 226176] Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-10-14 3510680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ LOLRecorder.lnk - c:\program files\LOLReplay\LOLRecorder.exe [2011-10-8 406016] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer3"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804] Ime File REG_SZ QQPINYIN.IME . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 ALSysIO;ALSysIO;c:\users\User\AppData\Local\Temp\ALSysIO.sys [x] R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2010-12-14 2412680] R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2010-12-21 23456] R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x] R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Messenger\Room\safedrv.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 VMwareHostd;VMware Workstation Server;c:\program files\VMware\VMware Workstation\vmware-hostd.exe [2011-08-22 11837440] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-21 1343400] S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-07-13 40560] S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 98928] S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-07-05 11448] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 networx;networx;c:\windows\system32\drivers\networx.sys [2011-09-19 51976] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984] S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-08-21 665200] S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi10-shared.sys [2011-07-08 22768] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-11-11 122984] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-03-21 362600] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-05-15 1150880] . . Contents of the 'Scheduled Tasks' folder . 2011-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3561220507-2474625922-2837830357-1001Core.job - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-21 04:22] . 2011-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3561220507-2474625922-2837830357-1001UA.job - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-21 04:22] . . ------- Supplementary Scan ------- . uStart Page = my.daemon-search.com uInternet Settings,ProxyOverride = *.local IE: Download all by FlashGet3 - c:\users\User\AppData\Roaming\FlashGetBHO\GetAllUrl.htm IE: Download by FlashGet3 - c:\users\User\AppData\Roaming\FlashGetBHO\GetUrl.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105 LSP: %SystemRoot%\system32\vsocklib.dll Trusted Zone: kuaiche.com\software TCP: DhcpNameServer = 10.1.1.1 TCP: Interfaces\{24FB8EFC-7672-4355-9BE4-3994D80E84F3}: NameServer = 208.67.222.222,208.67.220.220 FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\l3qjedju.default\ FF - prefs.js: browser.search.selectedEngine - Facemoods Search FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ddr FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF . . ------- File Associations ------- . .txt=UltraEdit.txt . . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(1540) c:\program files\WinSCP\DragExt.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\NVIDIA Corporation\Display\NvXDSync.exe c:\windows\system32\nvvsvc.exe c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Canon\IJPLM\IJPLMSVC.EXE c:\windows\system32\vmnat.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\VMware\VMware Workstation\vmware-authd.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\vmnetdhcp.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Completion time: 2011-11-03 21:17:47 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-03 10:17 ComboFix2.txt 2011-11-02 09:01 ComboFix3.txt 2011-11-02 07:23 ComboFix4.txt 2011-11-01 06:09 . Pre-Run: 241,750,900,736 bytes free Post-Run: 240,904,105,984 bytes free . - - End Of File - - 66FC1272F8F727A279A05D448548BCE8
- November 4, 2011
- 44 replies
I don't know why but i get random IP blocks from MWB

Jamesrulez1 replied to Jamesrulez1's topic in Resolved Malware Removal Logs

Here is the log and i have attached the attach file : . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29 Run by User at 19:06:35 on 2011-11-03 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3575.1328 [GMT 11:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe C:\Windows\system32\vmnat.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\VMware\VMware Workstation\vmware-authd.exe C:\Windows\system32\vmnetdhcp.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe C:\Program Files\Pidgin\pidgin.exe C:\Program Files\Freecorder\FLVSrvc.exe C:\Program Files\VMware\VMware Workstation\vmware-tray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\NetWorx\networx.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Steam\Steam.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Presentation Pointer\PPointer.exe C:\Program Files\Window Hide Tool\Window Hide Tool.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files\Xfire\Xfire.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Steam\SteamService.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Xfire\Xfire.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\rundll32.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Garena Messenger\GarenaMessenger.exe C:\Windows\system32\taskhost.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\msiexec.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\PrintIsolationHost.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Canon\MP Navigator EX 1.0\mpnex10.exe C:\Program Files\Canon\MP Navigator EX 1.0\MPNScan.exe \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\conhost.exe . ============== Pseudo HJT Report =============== . uStart Page = my.daemon-search.com uInternet Settings,ProxyOverride = *.local uURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll mURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll BHO: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\users\user\appdata\roaming\flashgetbho\FlashGetBHO3.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll TB: &NetWorx Desk Band: {feea54b4-d80f-41c7-87b9-dc08e6d3255f} - c:\progra~1\networx\deskband.dll EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [steam] "c:\program files\steam\steam.exe" -silent uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [Presentation Pointer] c:\program files\presentation pointer\PPointer.exe /m uRun: [Window Hide Tool] c:\program files\window hide tool\Window Hide Tool.exe uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [Hobbyist Software VLC Streamer] "c:\program files\hobbyist software\vlc streamer\VLC Streamer Configuration.exe" /startup uRun: [GarenaMessenger] "c:\program files\garena messenger\GarenaMessenger.exe" uRun: [FlashGet 3] "c:\program files\flashget network\flashget 3\Flashget3.exe" -minimize uRun: [chromium] c:\users\user\appdata\local\google\chrome\application\chrome.exe --no-startup-window mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [Pidgin] "c:\program files\pidgin\Pidgin.exe" mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [snpstd] c:\windows\vsnpstd.exe mRun: [vmware-tray] "c:\program files\vmware\vmware workstation\vmware-tray.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [NetWorx] "c:\program files\networx\networx.exe" /auto mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe" mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\lolrec~1.lnk - c:\program files\lolreplay\LOLRecorder.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Download all by FlashGet3 - c:\users\user\appdata\roaming\flashgetbho\GetAllUrl.htm IE: Download by FlashGet3 - c:\users\user\appdata\roaming\flashgetbho\GetUrl.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll LSP: %SystemRoot%\system32\vsocklib.dll Trusted Zone: kuaiche.com\software DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: DhcpNameServer = 10.1.1.1 TCP: Interfaces\{24FB8EFC-7672-4355-9BE4-3994D80E84F3} : NameServer = 208.67.222.222,208.67.220.220 TCP: Interfaces\{24FB8EFC-7672-4355-9BE4-3994D80E84F3} : DhcpNameServer = 10.1.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\l3qjedju.default\ FF - prefs.js: browser.search.selectedEngine - Facemoods Search FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ddr FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\l3qjedju.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\l3qjedju.default\extensions\ffxtlbr@facemoods.com\components\FFHst.dll FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll FF - plugin: c:\users\user\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\users\user\appdata\roaming\mozilla\firefox\profiles\l3qjedju.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\alwil software\avast5\webrep\FF . ============= SERVICES / DRIVERS =============== . R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2011-3-24 40560] R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-12-21 11448] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-17 442200] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-21 320856] R1 networx;networx;c:\windows\system32\drivers\networx.sys [2011-10-21 51976] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-21 20568] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-21 54616] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-9-10 44768] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-12-21 366152] R2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi10-shared.sys [2011-7-8 22768] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-21 22216] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-1-29 122984] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-3-21 362600] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-12-20 1150880] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\s.a.d\cyberghost vpn\CGVPNCliService.exe [2011-1-28 2412680] S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2010-12-21 23456] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-12 15872] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-12 52224] . =============== File Associations =============== . .txt=UltraEdit.txt . =============== Created Last 30 ================ . 2011-11-03 06:04:39 -------- d-----w- c:\users\user\appdata\roaming\GarenaPlus 2011-11-03 06:01:47 -------- d-----w- c:\users\user\appdata\local\{7EEFD2FB-ABAC-4642-89DA-FBF79383EB41} 2011-11-03 06:01:34 -------- d-----w- c:\users\user\appdata\local\{0FCA292E-BB1C-4194-9776-BDED304BEAE0} 2011-11-02 09:14:38 -------- d-----w- c:\users\user\appdata\local\{CF9D0A69-647C-4E3D-AFA5-D9D963225A03} 2011-11-02 09:14:24 -------- d-----w- c:\users\user\appdata\local\{E44AB47C-E65D-475A-B310-BBFCD3ADCF75} 2011-11-02 09:07:26 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{bbd97f22-279e-4eae-bf31-c62146f115b6}\offreg.dll 2011-11-02 09:01:11 -------- d-sh--w- C:\$RECYCLE.BIN 2011-11-02 08:21:41 -------- d-----w- C:\ComboFix 2011-11-01 21:13:30 -------- d-----w- c:\users\user\appdata\local\{B3A626D7-115D-4CB0-AE18-A2CD53B98996} 2011-11-01 21:12:05 -------- d-----w- c:\users\user\appdata\local\{72E1C0D6-FD15-450E-B409-9D690D1135F1} 2011-11-01 06:31:03 -------- d-----w- c:\program files\Voxatron 2011-11-01 05:46:06 98816 ----a-w- c:\windows\sed.exe 2011-11-01 05:46:06 518144 ----a-w- c:\windows\SWREG.exe 2011-11-01 05:46:06 256000 ----a-w- c:\windows\PEV.exe 2011-11-01 05:46:06 208896 ----a-w- c:\windows\MBR.exe 2011-11-01 05:41:09 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{bbd97f22-279e-4eae-bf31-c62146f115b6}\mpengine.dll 2011-11-01 05:38:48 -------- d-----w- c:\users\user\appdata\local\{BF4E9C8E-CE20-438B-9C01-5E0E818A0C6A} 2011-11-01 05:37:58 -------- d-----w- c:\users\user\appdata\local\{6D04E194-0E6B-40AD-9B9B-9415B62A6849} 2011-10-31 06:10:16 -------- d-----w- c:\users\user\appdata\local\{657D47B9-06A4-4C7C-BEAE-21CAAB58EC2A} 2011-10-31 06:10:01 -------- d-----w- c:\users\user\appdata\local\{264B6F6D-CB28-44EB-9B72-8ED0E25BEFD9} 2011-10-30 10:10:01 -------- d-----w- c:\users\user\appdata\local\PMB Files 2011-10-30 10:09:57 -------- d-----w- c:\programdata\PMB Files 2011-10-29 23:11:15 -------- d-----w- c:\users\user\appdata\local\{FCFEF9A1-A4C7-472D-A477-1FEBCA402122} 2011-10-29 23:11:01 -------- d-----w- c:\users\user\appdata\local\{DF54D338-53A9-4C9F-9029-7CB627538282} 2011-10-29 09:50:58 -------- d-----w- c:\users\user\appdata\local\{5A7D2767-7B1E-4502-B427-B153411A94F5} 2011-10-29 09:50:45 -------- d-----w- c:\users\user\appdata\local\{78FCA731-DD06-4806-9031-9F498C7B8A01} 2011-10-28 21:50:16 -------- d-----w- c:\users\user\appdata\local\{9964E120-85CD-4774-8854-B6F23AFA3E90} 2011-10-28 21:50:02 -------- d-----w- c:\users\user\appdata\local\{29CB39C1-F26F-4AD6-B2F3-9FB67F5265FE} 2011-10-28 05:31:10 -------- d-----w- c:\users\user\appdata\local\{DFAA2B06-A7D2-4F2F-8CF2-B853B7612E3A} 2011-10-28 05:30:52 -------- d-----w- c:\users\user\appdata\local\{41CFE56B-3A17-4967-852A-D12082632E1A} 2011-10-27 08:21:03 -------- d-----w- c:\users\user\appdata\local\{D111B38B-3020-42DB-9629-C267AE4B9893} 2011-10-27 08:20:36 -------- d-----w- c:\users\user\appdata\local\{1F155FDD-E02B-4FD7-B8C9-2EF228CC0B9B} 2011-10-26 06:34:16 -------- d-----w- c:\users\user\appdata\local\{7AB18F2C-94B7-4323-997E-D951C86BD23C} 2011-10-26 06:33:58 -------- d-----w- c:\users\user\appdata\local\{D6081E1D-C36C-4230-95EA-3D96C39BD833} 2011-10-25 07:43:15 -------- d-----w- c:\users\user\appdata\local\{EFD8C543-9574-4CCD-8865-BD19684C0284} 2011-10-24 19:42:38 -------- d-----w- c:\users\user\appdata\local\{F9FAC156-118F-4B54-A382-EAC72E7E5A30} 2011-10-24 07:41:55 -------- d-----w- c:\users\user\appdata\local\{394749D1-8963-472C-B024-2036823AB7F8} 2011-10-24 07:41:18 -------- d-----w- c:\users\user\appdata\local\{A08E8147-2541-40C9-8B81-2A9370FEA54C} 2011-10-23 05:41:27 -------- d-----w- c:\users\user\appdata\local\{24BD33D9-8E4A-4376-B705-2AF8F82F992D} 2011-10-22 17:40:58 -------- d-----w- c:\users\user\appdata\local\{B8535FB1-72D7-4833-A9EE-A20306B8810C} 2011-10-22 07:03:47 -------- d-----w- c:\users\user\appdata\roaming\GetRightToGo 2011-10-22 06:59:44 -------- d-----w- c:\program files\Free Mouse Auto Clicker 2011-10-22 05:40:19 -------- d-----w- c:\users\user\appdata\local\{E98B6402-AA5F-467C-A11C-864E5365419C} 2011-10-21 17:39:50 -------- d-----w- c:\users\user\appdata\local\{44F7C052-0D30-4D95-BEC5-984493220D7C} 2011-10-21 17:39:26 -------- d-----w- c:\users\user\appdata\local\{D7CB0658-B243-404B-AA5E-907EF62A82A1} 2011-10-21 10:33:32 51976 ----a-w- c:\windows\system32\drivers\networx.sys 2011-10-21 10:33:32 -------- d-----w- c:\programdata\SoftPerfect 2011-10-21 10:33:32 -------- d-----w- c:\program files\NetWorx 2011-10-21 10:19:23 -------- d-----w- c:\program files\Uniblue 2011-10-21 05:37:04 -------- d-----w- c:\users\user\appdata\local\{7DC0662C-EE01-483D-8B87-0C07E0AEDA9B} 2011-10-21 05:36:26 -------- d-----w- c:\users\user\appdata\local\{0FF2BE0C-4879-4306-9D30-166755DC4AAC} 2011-10-20 07:51:04 -------- d-----w- c:\users\user\appdata\local\{04D906FA-119D-4D3B-8DD2-1B94EAA5C112} 2011-10-20 07:50:50 -------- d-----w- c:\users\user\appdata\local\{D4EC3EE8-760F-4EA1-BA1C-6E7FB76E87CE} 2011-10-19 07:41:05 -------- d-----w- c:\users\user\appdata\local\{428455CE-3A06-4FB8-A865-DA34501F4A84} 2011-10-19 07:40:52 -------- d-----w- c:\users\user\appdata\local\{AC1705C1-9784-4212-BBF1-7369DBBF096C} 2011-10-18 06:49:47 -------- d-----w- c:\users\user\appdata\local\{7646C9F2-2EC7-473E-954C-8941CEE8C67E} 2011-10-18 06:49:20 -------- d-----w- c:\users\user\appdata\local\{C88709BC-551D-4DD8-8315-86EA8720AE04} 2011-10-17 09:38:07 -------- d-----w- c:\users\user\appdata\local\{750E8690-12F9-45D6-A897-3B015F63F74A} 2011-10-17 09:37:50 -------- d-----w- c:\users\user\appdata\local\{AAB50043-7370-4777-BD74-25FC5A011DFE} 2011-10-16 05:33:27 -------- d-----w- c:\users\user\appdata\local\{6C843F83-CE03-45F5-BF5A-49512A8DBE34} 2011-10-15 17:32:57 -------- d-----w- c:\users\user\appdata\local\{624DD3E9-3CC6-4391-80CE-FFA00F52BBCD} 2011-10-15 05:33:42 -------- d-----w- c:\users\user\appdata\local\{F784805A-A5FE-4D32-9A72-590512605B32} 2011-10-14 17:33:12 -------- d-----w- c:\users\user\appdata\local\{3EA90B30-75AA-496F-9D38-4E290525658C} 2011-10-14 05:33:01 -------- d-----w- c:\users\user\appdata\local\{3B8AAE50-1B33-461C-9F32-14BF7213189E} 2011-10-14 05:32:46 -------- d-----w- c:\users\user\appdata\local\{9B076714-2640-4D72-B7D3-A0F8BDC7830C} 2011-10-13 20:29:40 42392 ----a-w- c:\windows\system32\xfcodec.dll 2011-10-13 08:15:55 -------- d-----w- c:\users\user\appdata\local\{CAE5B667-C7AC-4EE6-98B0-0EF85CD93EB2} 2011-10-13 08:15:40 -------- d-----w- c:\users\user\appdata\local\{32E4CAF1-B753-41BE-9C07-132CFFDD1E0C} 2011-10-13 08:03:46 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-13 08:03:46 233472 ----a-w- c:\windows\system32\oleacc.dll 2011-10-13 08:03:44 75776 ----a-w- c:\windows\system32\psisrndr.ax 2011-10-13 08:03:44 465408 ----a-w- c:\windows\system32\psisdecd.dll 2011-10-13 08:03:17 2334720 ----a-w- c:\windows\system32\win32k.sys 2011-10-12 08:02:35 -------- d-----w- c:\users\user\appdata\local\{D3376831-0D26-47AB-82CE-619ED342ACFB} 2011-10-12 08:02:16 -------- d-----w- c:\users\user\appdata\local\{709FD858-670E-4AFC-A3FD-E676B4F123C9} 2011-10-11 08:24:07 -------- d-----w- C:\V83 2011-10-11 07:52:29 -------- d-----w- c:\users\user\appdata\local\{895E5EED-D9E7-4ABC-9AE1-A0C11A3055A3} 2011-10-11 07:52:16 -------- d-----w- c:\users\user\appdata\local\{FC070CCC-593A-44DB-A5F9-C69C9B2A2EE9} 2011-10-10 05:25:30 -------- d-----w- c:\users\user\appdata\local\{FA90CB2A-6E7C-4EC9-95FC-CB977EE25D7F} 2011-10-10 05:25:11 -------- d-----w- c:\users\user\appdata\local\{ACA534C4-0551-4728-9BF0-BF1DBF799F7B} 2011-10-09 09:24:30 -------- d-----w- c:\users\user\appdata\local\{3E38B71B-6E13-45E9-B8F6-D50E214E26F5} 2011-10-09 09:24:11 -------- d-----w- c:\users\user\appdata\local\{D1490D0E-3E4A-4508-9125-D9B10314D5C8} 2011-10-09 00:26:03 -------- d-----w- c:\users\user\appdata\local\{18CD7B00-6DBF-49F6-8BCF-A3308E9CB1E6} 2011-10-09 00:25:03 -------- d-----w- c:\users\user\appdata\local\{CA07C6A3-148F-4457-9248-EE7EEE9B5AA9} 2011-10-08 10:58:24 -------- d-----w- c:\users\user\appdata\local\{B76AE250-793B-433E-B654-E72F44550994} 2011-10-08 10:57:56 -------- d-----w- c:\users\user\appdata\local\{B97D023F-B064-45FC-B83E-19E05F71083C} 2011-10-08 10:46:13 -------- d-----w- c:\users\user\appdata\local\{A1D1BC20-2AE5-4812-8A8D-BEB5B4CFB593} 2011-10-08 10:45:54 -------- d-----w- c:\users\user\appdata\local\{47AAE966-D71F-4EE9-9490-622CD9C83F0C} 2011-10-07 22:41:41 -------- d-----w- c:\users\user\appdata\local\{3C2EAFCC-D144-498D-B182-265757EF58BE} 2011-10-07 22:40:18 -------- d-----w- c:\users\user\appdata\local\{E984BB2F-DC40-4160-9EFF-5800FC0BEE89} 2011-10-07 11:22:15 -------- d-----w- c:\users\user\appdata\local\{79AFEC5B-3522-4DD2-A743-CDD7164C6B25} 2011-10-06 23:21:41 -------- d-----w- c:\users\user\appdata\local\{19DA6F0F-DD59-449F-96D3-E506C345B487} 2011-10-06 23:20:38 -------- d-----w- c:\users\user\appdata\local\{B725793D-4798-494B-9CEB-606A3F55B5A5} 2011-10-06 00:17:07 -------- d-----w- c:\users\user\appdata\local\{0DB1AC8E-2C29-46EB-897E-D1CFCE835CFE} 2011-10-06 00:16:54 -------- d-----w- c:\users\user\appdata\local\{11E2EDF8-33B0-4CAD-B5E3-11017D8D180A} 2011-10-05 00:58:28 -------- d-----w- c:\users\user\appdata\local\Procaster 2011-10-05 00:58:27 -------- d-----w- c:\program files\Livestream Procaster 2011-10-05 00:19:48 -------- d-----w- c:\users\user\appdata\local\{FECB5BFE-6880-4DDC-8AB1-8BFA3DF781E0} 2011-10-05 00:18:39 -------- d-----w- c:\users\user\appdata\local\{8CCF4D97-0009-4D83-A744-ABEF38E3E822} 2011-10-04 10:58:03 -------- d-----w- c:\users\user\appdata\local\{B33B65EB-433D-402A-9EC8-9431D0F6BC89} . ==================== Find3M ==================== . 2011-11-03 06:12:38 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-10-20 08:03:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr 2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-09-06 20:36:26 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll 2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-08-31 06:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-22 06:07:40 55280 ----a-w- c:\windows\system32\drivers\vmx86.sys 2011-08-22 06:07:32 354416 ----a-w- c:\windows\system32\vmnetdhcp.exe 2011-08-22 06:07:18 783472 ----a-w- c:\windows\system32\vnetlib.dll 2011-08-22 06:06:56 432752 ----a-w- c:\windows\system32\vmnat.exe 2011-08-22 06:06:06 25712 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys 2011-08-22 04:40:08 252016 ----a-w- c:\windows\system32\vmnc.dll 2011-08-22 04:12:26 55408 ----a-w- c:\windows\system32\vmnetbridge.dll 2011-08-22 04:12:26 49776 ----a-w- c:\windows\system32\vnetinst.dll 2011-08-22 04:12:26 36464 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys 2011-08-22 04:12:26 19568 ----a-w- c:\windows\system32\drivers\vmnet.sys 2011-08-22 04:12:26 16624 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys 2011-08-21 12:11:22 32496 ----a-w- c:\windows\system32\drivers\hcmon.sys 2011-08-21 12:01:24 31280 ----a-w- c:\windows\system32\drivers\vmusb.sys 2011-08-08 03:58:56 98928 ----a-w- c:\windows\system32\drivers\vmci.sys 2011-08-08 03:58:56 63088 ----a-w- c:\windows\system32\vsocklib.dll . ============= FINISH: 19:09:27.90 =============== I'm now doing combofix Attach.txt
- November 3, 2011
- 44 replies
I don't know why but i get random IP blocks from MWB

Jamesrulez1 replied to Jamesrulez1's topic in Resolved Malware Removal Logs

218.9.200.134 is another one from Garena Messenger
- November 3, 2011
- 44 replies
I don't know why but i get random IP blocks from MWB

Jamesrulez1 replied to Jamesrulez1's topic in Resolved Malware Removal Logs

220.70.239.49 is getting blocked from Garena Messinger?
- November 3, 2011
- 44 replies
I don't know why but i get random IP blocks from MWB

Jamesrulez1 replied to Jamesrulez1's topic in Resolved Malware Removal Logs

What if i don't use firefox? I haven't touched it and only have been using chrome
- November 3, 2011
- 44 replies
I don't know why but i get random IP blocks from MWB

Jamesrulez1 replied to Jamesrulez1's topic in Resolved Malware Removal Logs

Oh wait no. I just started up skype again and got a skype block for the IP : 193.68.68.78
- November 3, 2011
- 44 replies
I don't know why but i get random IP blocks from MWB

Jamesrulez1 replied to Jamesrulez1's topic in Resolved Malware Removal Logs

I think it's fixed now so thanks
- November 3, 2011
- 44 replies
I don't know why but i get random IP blocks from MWB

Jamesrulez1 replied to Jamesrulez1's topic in Resolved Malware Removal Logs

Here is the security scan log : Results of screen317's Security Check version 0.99.24 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 9 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! avast! Free Antivirus WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner Java 6 Update 24 Out of date Java installed! Adobe Flash Player 11.0.1.152 Adobe Reader X (10.1.1) Mozilla Firefox (3.6.22) Firefox Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe Alwil Software Avast5 AvastSvc.exe ``````````End of Log````````````
- November 2, 2011
- 44 replies
I don't know why but i get random IP blocks from MWB

Jamesrulez1 replied to Jamesrulez1's topic in Resolved Malware Removal Logs

new combofix log : ComboFix 11-11-02.01 - User 02/11/2011 19:24:23.3.4 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3575.1953 [GMT 11:00] Running from: c:\users\User\Desktop\ComboFix.exe Command switches used :: c:\users\User\Desktop\CFscript.txt AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2011-10-02 to 2011-11-02 ))))))))))))))))))))))))))))))) . . 2011-11-02 08:53 . 2011-11-02 08:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-02 08:21 . 2011-11-02 08:21 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBD97F22-279E-4EAE-BF31-C62146F115B6}\offreg.dll 2011-11-01 06:31 . 2011-11-01 06:31 -------- d-----w- c:\program files\Voxatron 2011-11-01 05:41 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBD97F22-279E-4EAE-BF31-C62146F115B6}\mpengine.dll 2011-10-30 10:10 . 2011-11-02 08:54 -------- d-----w- c:\users\User\AppData\Local\PMB Files 2011-10-30 10:09 . 2011-11-01 22:11 -------- d-----w- c:\programdata\PMB Files 2011-10-23 04:25 . 2011-10-23 04:25 -------- d-----w- c:\users\LoL 2011-10-22 07:03 . 2011-10-22 07:06 -------- d-----w- c:\users\User\AppData\Roaming\GetRightToGo 2011-10-22 06:59 . 2011-10-22 06:59 -------- d-----w- c:\program files\Free Mouse Auto Clicker 2011-10-21 10:33 . 2011-10-21 10:33 -------- d-----w- c:\program files\NetWorx 2011-10-21 10:33 . 2011-10-21 10:33 -------- d-----w- c:\programdata\SoftPerfect 2011-10-21 10:33 . 2011-09-19 10:58 51976 ----a-w- c:\windows\system32\drivers\networx.sys 2011-10-21 10:19 . 2011-10-21 10:34 -------- d-----w- c:\program files\Uniblue 2011-10-13 20:29 . 2011-10-13 20:29 42392 ----a-w- c:\windows\system32\xfcodec.dll 2011-10-13 08:03 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-13 08:03 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll 2011-10-13 08:03 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll 2011-10-13 08:03 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax 2011-10-13 08:03 . 2011-09-06 02:28 2334720 ----a-w- c:\windows\system32\win32k.sys 2011-10-11 08:24 . 2011-10-25 09:50 -------- d-----w- C:\V83 2011-10-05 00:58 . 2011-10-05 01:00 -------- d-----w- c:\users\User\AppData\Local\Procaster 2011-10-05 00:58 . 2011-10-05 00:58 -------- d-----w- c:\program files\Livestream Procaster 2011-10-04 02:09 . 2011-10-21 22:13 -------- d-----w- c:\users\User\AppData\Roaming\redsn0w 2011-10-03 10:15 . 2011-10-03 10:15 -------- d-----w- c:\program files\iPod 2011-10-03 10:15 . 2011-10-03 10:16 -------- d-----w- c:\program files\iTunes 2011-10-03 10:09 . 2011-10-03 10:09 -------- d-----w- c:\program files\Bonjour 2011-10-03 09:49 . 2011-10-03 09:49 -------- d-----w- c:\program files\Apple Software Update . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-20 08:03 . 2011-06-26 00:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-09-07 07:47 . 2011-03-30 09:16 165232 ---ha-w- c:\users\User\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll 2011-09-06 20:45 . 2010-12-21 04:34 41184 ----a-w- c:\windows\avastSS.scr 2011-09-06 20:45 . 2010-12-21 04:34 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-09-06 20:38 . 2011-03-17 09:11 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-09-06 20:37 . 2010-12-21 04:35 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-09-06 20:36 . 2010-12-21 04:35 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-09-06 20:36 . 2010-12-21 04:35 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-09-06 20:36 . 2010-12-21 04:35 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-09-06 20:36 . 2010-12-21 04:35 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-08-31 06:00 . 2010-12-21 04:29 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-22 06:07 . 2011-08-22 06:07 55280 ----a-w- c:\windows\system32\drivers\vmx86.sys 2011-08-22 06:07 . 2011-10-02 00:09 354416 ----a-w- c:\windows\system32\vmnetdhcp.exe 2011-08-22 06:07 . 2011-10-02 00:09 783472 ----a-w- c:\windows\system32\vnetlib.dll 2011-08-22 06:06 . 2011-10-02 00:09 432752 ----a-w- c:\windows\system32\vmnat.exe 2011-08-22 06:06 . 2011-10-02 00:09 25712 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys 2011-08-22 04:40 . 2011-08-22 04:40 252016 ----a-w- c:\windows\system32\vmnc.dll 2011-08-22 04:12 . 2011-08-22 04:12 55408 ----a-w- c:\windows\system32\vmnetbridge.dll 2011-08-22 04:12 . 2011-08-22 04:12 49776 ----a-w- c:\windows\system32\vnetinst.dll 2011-08-22 04:12 . 2011-08-22 04:12 36464 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys 2011-08-22 04:12 . 2011-08-22 04:12 19568 ----a-w- c:\windows\system32\drivers\vmnet.sys 2011-08-22 04:12 . 2011-08-22 04:12 16624 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys 2011-08-21 12:11 . 2011-08-21 12:11 32496 ----a-w- c:\windows\system32\drivers\hcmon.sys 2011-08-21 12:01 . 2011-08-21 12:01 31280 ----a-w- c:\windows\system32\drivers\vmusb.sys 2011-08-08 03:58 . 2011-08-08 03:58 98928 ----a-w- c:\windows\system32\drivers\vmci.sys 2011-08-08 03:58 . 2011-08-08 03:58 63088 ----a-w- c:\windows\system32\vsocklib.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-11-01_06.01.14 ))))))))))))))))))))))))))))))))))))))))) . + 2010-12-20 05:40 . 2011-11-02 08:20 63970 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 04:55 . 2011-11-02 08:20 30090 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-12-20 04:19 . 2011-11-02 07:50 17392 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3561220507-2474625922-2837830357-1001_UserData.bin + 2010-12-20 03:12 . 2011-11-02 08:18 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-12-20 03:12 . 2011-11-01 06:00 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-12-20 03:12 . 2011-11-02 08:18 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-12-20 03:12 . 2011-11-01 06:00 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:41 . 2011-11-02 08:18 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:41 . 2011-11-01 06:00 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-11-01 05:35 . 2011-11-01 06:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-11-02 08:18 . 2011-11-02 08:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-11-02 08:18 . 2011-11-02 08:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-11-01 05:35 . 2011-11-01 06:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 02:05 . 2011-11-01 06:30 667042 c:\windows\System32\perfh009.dat - 2009-07-14 02:05 . 2011-11-01 05:41 667042 c:\windows\System32\perfh009.dat - 2009-07-14 02:05 . 2011-11-01 05:41 126304 c:\windows\System32\perfc009.dat + 2009-07-14 02:05 . 2011-11-01 06:30 126304 c:\windows\System32\perfc009.dat - 2009-07-14 04:47 . 2011-10-31 11:05 388192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 04:47 . 2011-11-02 08:17 388192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-01-22 11:05 . 2011-11-02 08:17 7138279 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3561220507-2474625922-2837830357-1001-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-12-09 3911776] . [HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-11-29 04:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}] 2010-12-09 01:51 3911776 ----a-w- c:\program files\XfireXO\tbXfir.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192] "{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-12-09 3911776] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-12-09 3911776] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192] . [HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256] "Steam"="c:\program files\Steam\steam.exe" [2011-08-02 1242448] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "Presentation Pointer"="c:\program files\Presentation Pointer\PPointer.exe" [2011-06-08 2215936] "Window Hide Tool"="c:\program files\Window Hide Tool\Window Hide Tool.exe" [2008-01-18 307200] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-12-14 2424560] "Hobbyist Software VLC Streamer"="c:\program files\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe" [2011-01-21 1317376] "GarenaMessenger"="c:\program files\Garena Messenger\GarenaMessenger.exe" [2011-08-16 4926808] "FlashGet 3"="c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe" [2009-12-22 2127408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2010-05-24 1683360] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520] "Pidgin"="c:\program files\Pidgin\Pidgin.exe" [2010-12-20 48618] "Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2011-03-24 167936] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968] "vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2011-08-22 103536] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-18 421736] "NetWorx"="c:\program files\NetWorx\networx.exe" [2011-10-19 3332608] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-03 767312] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-25 2569616] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-09-05 35736] . c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-1-21 226176] Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-10-14 3510680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ LOLRecorder.lnk - c:\program files\LOLReplay\LOLRecorder.exe [2011-10-8 406016] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer3"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804] Ime File REG_SZ QQPINYIN.IME . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 ALSysIO;ALSysIO;c:\users\User\AppData\Local\Temp\ALSysIO.sys [x] R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2010-12-14 2412680] R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2010-12-21 23456] R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x] R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Messenger\Room\safedrv.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 VMwareHostd;VMware Workstation Server;c:\program files\VMware\VMware Workstation\vmware-hostd.exe [2011-08-22 11837440] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-21 1343400] S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-07-13 40560] S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 98928] S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-07-05 11448] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 networx;networx;c:\windows\system32\drivers\networx.sys [2011-09-19 51976] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984] S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-08-21 665200] S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi10-shared.sys [2011-07-08 22768] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-11-11 122984] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-03-21 362600] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-05-15 1150880] . . Contents of the 'Scheduled Tasks' folder . 2011-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3561220507-2474625922-2837830357-1001Core.job - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-21 04:22] . 2011-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3561220507-2474625922-2837830357-1001UA.job - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-21 04:22] . . ------- Supplementary Scan ------- . uStart Page = my.daemon-search.com uInternet Settings,ProxyOverride = *.local IE: Download all by FlashGet3 - c:\users\User\AppData\Roaming\FlashGetBHO\GetAllUrl.htm IE: Download by FlashGet3 - c:\users\User\AppData\Roaming\FlashGetBHO\GetUrl.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105 LSP: %SystemRoot%\system32\vsocklib.dll Trusted Zone: kuaiche.com\software TCP: DhcpNameServer = 10.1.1.1 TCP: Interfaces\{24FB8EFC-7672-4355-9BE4-3994D80E84F3}: NameServer = 208.67.222.222,208.67.220.220 FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\l3qjedju.default\ FF - prefs.js: browser.search.selectedEngine - Facemoods Search FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ddr FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF . . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(3048) c:\program files\Xfire\xfire_toucan_44598.dll c:\users\User\AppData\Local\FLVService\lib\FLVSrvLib.dll . Completion time: 2011-11-02 20:01:52 ComboFix-quarantined-files.txt 2011-11-02 09:01 ComboFix2.txt 2011-11-02 07:23 ComboFix3.txt 2011-11-01 06:09 . Pre-Run: 229,305,208,832 bytes free Post-Run: 229,246,160,896 bytes free . - - End Of File - - 6AE5DBE157B6F238A895D1D729B96EE7 Im doing the scan right now
- November 2, 2011
- 44 replies
I don't know why but i get random IP blocks from MWB

Jamesrulez1 replied to Jamesrulez1's topic in Resolved Malware Removal Logs

Where would i find what kaspersky found? There where no threats detected.
- November 2, 2011
- 44 replies
I don't know why but i get random IP blocks from MWB

Jamesrulez1 replied to Jamesrulez1's topic in Resolved Malware Removal Logs

Here is the new combofix log : ComboFix 11-11-02.01 - User 02/11/2011 17:33:22.2.4 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3575.2105 [GMT 11:00] Running from: c:\users\User\Desktop\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . Infected copy of c:\windows\system32\userinit.exe was found and disinfected Restored copy from - c:\windows\ERDNT\cache\userinit.exe . . ((((((((((((((((((((((((( Files Created from 2011-10-02 to 2011-11-02 ))))))))))))))))))))))))))))))) . . 2011-11-02 06:51 . 2011-11-02 06:51 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-01 06:31 . 2011-11-01 06:31 -------- d-----w- c:\program files\Voxatron 2011-11-01 06:27 . 2011-11-02 06:56 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBD97F22-279E-4EAE-BF31-C62146F115B6}\offreg.dll 2011-11-01 05:41 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBD97F22-279E-4EAE-BF31-C62146F115B6}\mpengine.dll 2011-10-30 10:10 . 2011-11-01 22:10 -------- d-----w- c:\users\User\AppData\Local\PMB Files 2011-10-30 10:09 . 2011-11-01 22:11 -------- d-----w- c:\programdata\PMB Files 2011-10-23 04:25 . 2011-10-23 04:25 -------- d-----w- c:\users\LoL 2011-10-22 07:03 . 2011-10-22 07:06 -------- d-----w- c:\users\User\AppData\Roaming\GetRightToGo 2011-10-22 06:59 . 2011-10-22 06:59 -------- d-----w- c:\program files\Free Mouse Auto Clicker 2011-10-21 10:33 . 2011-10-21 10:33 -------- d-----w- c:\program files\NetWorx 2011-10-21 10:33 . 2011-10-21 10:33 -------- d-----w- c:\programdata\SoftPerfect 2011-10-21 10:33 . 2011-09-19 10:58 51976 ----a-w- c:\windows\system32\drivers\networx.sys 2011-10-21 10:19 . 2011-10-21 10:34 -------- d-----w- c:\program files\Uniblue 2011-10-13 20:29 . 2011-10-13 20:29 42392 ----a-w- c:\windows\system32\xfcodec.dll 2011-10-13 08:03 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-13 08:03 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll 2011-10-13 08:03 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll 2011-10-13 08:03 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax 2011-10-13 08:03 . 2011-09-06 02:28 2334720 ----a-w- c:\windows\system32\win32k.sys 2011-10-11 08:24 . 2011-10-25 09:50 -------- d-----w- C:\V83 2011-10-05 00:58 . 2011-10-05 01:00 -------- d-----w- c:\users\User\AppData\Local\Procaster 2011-10-05 00:58 . 2011-10-05 00:58 -------- d-----w- c:\program files\Livestream Procaster 2011-10-04 02:09 . 2011-10-21 22:13 -------- d-----w- c:\users\User\AppData\Roaming\redsn0w 2011-10-03 10:15 . 2011-10-03 10:15 -------- d-----w- c:\program files\iPod 2011-10-03 10:15 . 2011-10-03 10:16 -------- d-----w- c:\program files\iTunes 2011-10-03 10:09 . 2011-10-03 10:09 -------- d-----w- c:\program files\Bonjour 2011-10-03 09:49 . 2011-10-03 09:49 -------- d-----w- c:\program files\Apple Software Update . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-20 08:03 . 2011-06-26 00:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-09-07 07:47 . 2011-03-30 09:16 165232 ---ha-w- c:\users\User\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll 2011-09-06 20:45 . 2010-12-21 04:34 41184 ----a-w- c:\windows\avastSS.scr 2011-09-06 20:45 . 2010-12-21 04:34 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-09-06 20:38 . 2011-03-17 09:11 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-09-06 20:37 . 2010-12-21 04:35 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-09-06 20:36 . 2010-12-21 04:35 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-09-06 20:36 . 2010-12-21 04:35 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-09-06 20:36 . 2010-12-21 04:35 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-09-06 20:36 . 2010-12-21 04:35 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-08-31 06:00 . 2010-12-21 04:29 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-22 06:07 . 2011-08-22 06:07 55280 ----a-w- c:\windows\system32\drivers\vmx86.sys 2011-08-22 06:07 . 2011-10-02 00:09 354416 ----a-w- c:\windows\system32\vmnetdhcp.exe 2011-08-22 06:07 . 2011-10-02 00:09 783472 ----a-w- c:\windows\system32\vnetlib.dll 2011-08-22 06:06 . 2011-10-02 00:09 432752 ----a-w- c:\windows\system32\vmnat.exe 2011-08-22 06:06 . 2011-10-02 00:09 25712 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys 2011-08-22 04:40 . 2011-08-22 04:40 252016 ----a-w- c:\windows\system32\vmnc.dll 2011-08-22 04:12 . 2011-08-22 04:12 55408 ----a-w- c:\windows\system32\vmnetbridge.dll 2011-08-22 04:12 . 2011-08-22 04:12 49776 ----a-w- c:\windows\system32\vnetinst.dll 2011-08-22 04:12 . 2011-08-22 04:12 36464 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys 2011-08-22 04:12 . 2011-08-22 04:12 19568 ----a-w- c:\windows\system32\drivers\vmnet.sys 2011-08-22 04:12 . 2011-08-22 04:12 16624 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys 2011-08-21 12:11 . 2011-08-21 12:11 32496 ----a-w- c:\windows\system32\drivers\hcmon.sys 2011-08-21 12:01 . 2011-08-21 12:01 31280 ----a-w- c:\windows\system32\drivers\vmusb.sys 2011-08-08 03:58 . 2011-08-08 03:58 98928 ----a-w- c:\windows\system32\drivers\vmci.sys 2011-08-08 03:58 . 2011-08-08 03:58 63088 ----a-w- c:\windows\system32\vsocklib.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-11-01_06.01.14 ))))))))))))))))))))))))))))))))))))))))) . + 2010-12-20 05:40 . 2011-11-01 21:12 63596 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 04:55 . 2011-11-01 21:12 30082 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-12-20 03:12 . 2011-11-02 06:53 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-12-20 03:12 . 2011-11-01 06:00 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-12-20 03:12 . 2011-11-02 06:53 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-12-20 03:12 . 2011-11-01 06:00 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:41 . 2011-11-02 06:53 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:41 . 2011-11-01 06:00 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-11-01 05:35 . 2011-11-01 06:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-11-01 21:10 . 2011-11-02 06:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-11-01 21:10 . 2011-11-02 06:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-11-01 05:35 . 2011-11-01 06:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 02:05 . 2011-11-01 05:41 667042 c:\windows\System32\perfh009.dat + 2009-07-14 02:05 . 2011-11-01 06:30 667042 c:\windows\System32\perfh009.dat - 2009-07-14 02:05 . 2011-11-01 05:41 126304 c:\windows\System32\perfc009.dat + 2009-07-14 02:05 . 2011-11-01 06:30 126304 c:\windows\System32\perfc009.dat + 2009-07-14 04:47 . 2011-11-01 11:43 388192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 04:47 . 2011-10-31 11:05 388192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-01-22 11:05 . 2011-11-01 11:43 7138279 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3561220507-2474625922-2837830357-1001-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-12-09 3911776] . [HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-11-29 04:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}] 2010-12-09 01:51 3911776 ----a-w- c:\program files\XfireXO\tbXfir.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192] "{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-12-09 3911776] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-12-09 3911776] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192] . [HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256] "Steam"="c:\program files\Steam\steam.exe" [2011-08-02 1242448] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-30 399736] "Presentation Pointer"="c:\program files\Presentation Pointer\PPointer.exe" [2011-06-08 2215936] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 16862600] "chromium"="c:\users\User\AppData\Local\Google\Chrome\Application\chrome.exe" [2011-10-26 1036344] "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-10-30 3077528] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-24 210472] "HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2010-05-24 1683360] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520] "Pidgin"="c:\program files\Pidgin\Pidgin.exe" [2010-12-20 48618] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2011-03-24 167936] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968] "vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2011-08-22 103536] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-18 421736] "NetWorx"="c:\program files\NetWorx\networx.exe" [2011-10-19 3332608] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208] . c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-1-21 226176] Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-10-14 3510680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ LOLRecorder.lnk - c:\program files\LOLReplay\LOLRecorder.exe [2011-10-8 406016] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer3"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804] Ime File REG_SZ QQPINYIN.IME . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 02:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-09-05 17:04 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2011-04-20 02:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter] 2010-07-25 15:08 2569616 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu] 2009-09-03 14:43 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashGet 3] 2009-12-22 08:48 2127408 ----a-w- c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarenaMessenger] 2011-08-16 08:14 4926808 ----a-w- c:\program files\Garena Messenger\GarenaMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hobbyist Software VLC Streamer] 2011-01-21 01:28 1317376 ----a-w- c:\program files\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4] 2007-02-04 01:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] 2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-12-03 05:46 16862600 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2010-12-14 20:02 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2011-03-30 05:28 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Hide Tool] 2008-01-18 02:01 307200 ----a-w- c:\program files\Window Hide Tool\Window Hide Tool.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 ALSysIO;ALSysIO;c:\users\User\AppData\Local\Temp\ALSysIO.sys [x] R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2010-12-14 2412680] R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2010-12-21 23456] R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x] R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Messenger\Room\safedrv.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 VMwareHostd;VMware Workstation Server;c:\program files\VMware\VMware Workstation\vmware-hostd.exe [2011-08-22 11837440] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-21 1343400] S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-07-13 40560] S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 98928] S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-07-05 11448] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 networx;networx;c:\windows\system32\drivers\networx.sys [2011-09-19 51976] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984] S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-08-21 665200] S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi10-shared.sys [2011-07-08 22768] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-11-11 122984] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-03-21 362600] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-05-15 1150880] . . Contents of the 'Scheduled Tasks' folder . 2011-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3561220507-2474625922-2837830357-1001Core.job - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-21 04:22] . 2011-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3561220507-2474625922-2837830357-1001UA.job - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-21 04:22] . . ------- Supplementary Scan ------- . uStart Page = my.daemon-search.com uInternet Settings,ProxyOverride = *.local IE: Download all by FlashGet3 - c:\users\User\AppData\Roaming\FlashGetBHO\GetAllUrl.htm IE: Download by FlashGet3 - c:\users\User\AppData\Roaming\FlashGetBHO\GetUrl.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105 LSP: %SystemRoot%\system32\vsocklib.dll Trusted Zone: kuaiche.com\software TCP: DhcpNameServer = 10.1.1.1 TCP: Interfaces\{24FB8EFC-7672-4355-9BE4-3994D80E84F3}: NameServer = 208.67.222.222,208.67.220.220 FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\l3qjedju.default\ FF - prefs.js: browser.search.selectedEngine - Facemoods Search FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ddr FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF . . ------- File Associations ------- . .txt=UltraEdit.txt . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file) WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3561220507-2474625922-2837830357-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (S-1-5-21-3561220507-2474625922-2837830357-1001) @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(2004) c:\program files\WinSCP\DragExt.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files\NVIDIA Corporation\Display\NvXDSync.exe c:\windows\system32\nvvsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Canon\IJPLM\IJPLMSVC.EXE c:\windows\system32\vmnat.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\VMware\VMware Workstation\vmware-authd.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\vmnetdhcp.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe . ************************************************************************** . Completion time: 2011-11-02 18:23:18 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-02 07:23 ComboFix2.txt 2011-11-01 06:09 . Pre-Run: 229,179,543,552 bytes free Post-Run: 229,132,480,512 bytes free . - - End Of File - - E1878C40A5B9D9D7D6F7A677CF7AAD0F
- November 2, 2011
- 44 replies
I don't know why but i get random IP blocks from MWB

Jamesrulez1 replied to Jamesrulez1's topic in Resolved Malware Removal Logs

0 threats I think it's fixed now? How can i tell?
- November 1, 2011
- 44 replies
I don't know why but i get random IP blocks from MWB

Jamesrulez1 replied to Jamesrulez1's topic in Resolved Malware Removal Logs

Heres the logs log.txt
- November 1, 2011
- 44 replies
I don't know why but i get random IP blocks from MWB

Jamesrulez1 replied to Jamesrulez1's topic in Resolved Malware Removal Logs

30 minutes at 99% and counting
- November 1, 2011
- 44 replies
I don't know why but i get random IP blocks from MWB

Jamesrulez1 replied to Jamesrulez1's topic in Resolved Malware Removal Logs

Wow it's been at 99% scanning for a few minutes now
- November 1, 2011
- 44 replies
I don't know why but i get random IP blocks from MWB

Jamesrulez1 replied to Jamesrulez1's topic in Resolved Malware Removal Logs

1 threat found i'm removing that. It's a Win32/Virut.NBP virus
- November 1, 2011
- 44 replies
Moongrams.com is blocked?

Jamesrulez1 posted a topic in Website Blocking

It's a popular private server and it's blocked? Why so?
- November 1, 2011
- 1 reply
I don't know why but i get random IP blocks from MWB

Jamesrulez1 replied to Jamesrulez1's topic in Resolved Malware Removal Logs

All i got when i got to the scanner site through internet explorer was a small picture in the top left.
- November 1, 2011
- 44 replies
I don't know why but i get random IP blocks from MWB

Jamesrulez1 replied to Jamesrulez1's topic in Resolved Malware Removal Logs

I did in fact completely closed it. It's not installed at all o.o only the Utorrent bar thingy in IE was still installed. I removed that now
- November 1, 2011
- 44 replies
I don't know why but i get random IP blocks from MWB

Jamesrulez1 replied to Jamesrulez1's topic in Resolved Malware Removal Logs

Ok I have attached the new files Also warn me next time that it would shut down google chrome and that it would take a long time for combofix to finish. I didn't know whether or not to attach the file called attach but i did anyways DDS: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24 Run by User at 17:27:30 on 2011-11-01 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3575.1138 [GMT 11:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe C:\Windows\system32\vmnat.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\VMware\VMware Workstation\vmware-authd.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\vmnetdhcp.exe C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe C:\Program Files\Pidgin\pidgin.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Freecorder\FLVSrvc.exe C:\Program Files\VMware\VMware Workstation\vmware-tray.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\rundll32.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\NetWorx\networx.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Steam\Steam.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Presentation Pointer\PPointer.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Pando Networks\Media Booster\PMB.exe C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files\Xfire\Xfire.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Common Files\Steam\SteamService.exe C:\Program Files\Xfire\Xfire.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\sppsvc.exe C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.33\deploy\LoLLauncher.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\LOLReplay\LOLRecorder.exe C:\Windows\system32\conhost.exe . ============== Pseudo HJT Report =============== . uStart Page = my.daemon-search.com uInternet Settings,ProxyOverride = *.local uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll uURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll mURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll BHO: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\users\user\appdata\roaming\flashgetbho\FlashGetBHO3.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll TB: &NetWorx Desk Band: {feea54b4-d80f-41c7-87b9-dc08e6d3255f} - c:\progra~1\networx\deskband.dll EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [steam] "c:\program files\steam\steam.exe" -silent uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" uRun: [Presentation Pointer] c:\program files\presentation pointer\PPointer.exe /m uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [chromium] c:\users\user\appdata\local\google\chrome\application\chrome.exe --no-startup-window uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [Pidgin] "c:\program files\pidgin\Pidgin.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [snpstd] c:\windows\vsnpstd.exe mRun: [vmware-tray] "c:\program files\vmware\vmware workstation\vmware-tray.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [NetWorx] "c:\program files\networx\networx.exe" /auto mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\lolrec~1.lnk - c:\program files\lolreplay\LOLRecorder.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Download all by FlashGet3 - c:\users\user\appdata\roaming\flashgetbho\GetAllUrl.htm IE: Download by FlashGet3 - c:\users\user\appdata\roaming\flashgetbho\GetUrl.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll LSP: %SystemRoot%\system32\vsocklib.dll Trusted Zone: kuaiche.com\software DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab TCP: DhcpNameServer = 10.1.1.1 TCP: Interfaces\{24FB8EFC-7672-4355-9BE4-3994D80E84F3} : NameServer = 208.67.222.222,208.67.220.220 TCP: Interfaces\{24FB8EFC-7672-4355-9BE4-3994D80E84F3} : DhcpNameServer = 10.1.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\l3qjedju.default\ FF - prefs.js: browser.search.selectedEngine - Facemoods Search FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ddr FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\l3qjedju.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\l3qjedju.default\extensions\ffxtlbr@facemoods.com\components\FFHst.dll FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll FF - plugin: c:\users\user\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\users\user\appdata\roaming\mozilla\firefox\profiles\l3qjedju.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\alwil software\avast5\webrep\FF . ============= SERVICES / DRIVERS =============== . R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2011-3-24 40560] R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-12-21 11448] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-17 442200] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-21 320856] R1 networx;networx;c:\windows\system32\drivers\networx.sys [2011-10-21 51976] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-21 20568] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-21 54616] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-9-10 44768] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-12-21 366152] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-1-7 378984] R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2010-12-24 2228008] R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2011-8-21 665200] R2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi10-shared.sys [2011-7-8 22768] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-21 22216] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-1-29 122984] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-3-21 362600] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-12-20 1150880] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\s.a.d\cyberghost vpn\CGVPNCliService.exe [2011-1-28 2412680] S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2010-12-21 23456] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-12 15872] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-12 52224] S3 VMwareHostd;VMware Workstation Server;c:\program files\vmware\vmware workstation\vmware-hostd.exe [2011-8-22 11837440] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-21 1343400] . =============== File Associations =============== . .txt=UltraEdit.txt . =============== Created Last 30 ================ . 2011-11-01 06:27:51 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{bbd97f22-279e-4eae-bf31-c62146f115b6}\offreg.dll 2011-11-01 06:01:09 -------- d-----w- C:\$RECYCLE.BIN 2011-11-01 05:46:06 98816 ----a-w- c:\windows\sed.exe 2011-11-01 05:46:06 518144 ----a-w- c:\windows\SWREG.exe 2011-11-01 05:46:06 256000 ----a-w- c:\windows\PEV.exe 2011-11-01 05:46:06 208896 ----a-w- c:\windows\MBR.exe 2011-11-01 05:41:09 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{bbd97f22-279e-4eae-bf31-c62146f115b6}\mpengine.dll 2011-11-01 05:38:48 -------- d-----w- c:\users\user\appdata\local\{BF4E9C8E-CE20-438B-9C01-5E0E818A0C6A} 2011-11-01 05:37:58 -------- d-----w- c:\users\user\appdata\local\{6D04E194-0E6B-40AD-9B9B-9415B62A6849} 2011-10-31 06:10:16 -------- d-----w- c:\users\user\appdata\local\{657D47B9-06A4-4C7C-BEAE-21CAAB58EC2A} 2011-10-31 06:10:01 -------- d-----w- c:\users\user\appdata\local\{264B6F6D-CB28-44EB-9B72-8ED0E25BEFD9} 2011-10-30 10:10:01 -------- d-----w- c:\users\user\appdata\local\PMB Files 2011-10-30 10:09:57 -------- d-----w- c:\programdata\PMB Files 2011-10-29 23:11:15 -------- d-----w- c:\users\user\appdata\local\{FCFEF9A1-A4C7-472D-A477-1FEBCA402122} 2011-10-29 23:11:01 -------- d-----w- c:\users\user\appdata\local\{DF54D338-53A9-4C9F-9029-7CB627538282} 2011-10-29 09:50:58 -------- d-----w- c:\users\user\appdata\local\{5A7D2767-7B1E-4502-B427-B153411A94F5} 2011-10-29 09:50:45 -------- d-----w- c:\users\user\appdata\local\{78FCA731-DD06-4806-9031-9F498C7B8A01} 2011-10-28 21:50:16 -------- d-----w- c:\users\user\appdata\local\{9964E120-85CD-4774-8854-B6F23AFA3E90} 2011-10-28 21:50:02 -------- d-----w- c:\users\user\appdata\local\{29CB39C1-F26F-4AD6-B2F3-9FB67F5265FE} 2011-10-28 05:31:10 -------- d-----w- c:\users\user\appdata\local\{DFAA2B06-A7D2-4F2F-8CF2-B853B7612E3A} 2011-10-28 05:30:52 -------- d-----w- c:\users\user\appdata\local\{41CFE56B-3A17-4967-852A-D12082632E1A} 2011-10-27 08:21:03 -------- d-----w- c:\users\user\appdata\local\{D111B38B-3020-42DB-9629-C267AE4B9893} 2011-10-27 08:20:36 -------- d-----w- c:\users\user\appdata\local\{1F155FDD-E02B-4FD7-B8C9-2EF228CC0B9B} 2011-10-26 06:34:16 -------- d-----w- c:\users\user\appdata\local\{7AB18F2C-94B7-4323-997E-D951C86BD23C} 2011-10-26 06:33:58 -------- d-----w- c:\users\user\appdata\local\{D6081E1D-C36C-4230-95EA-3D96C39BD833} 2011-10-25 07:43:15 -------- d-----w- c:\users\user\appdata\local\{EFD8C543-9574-4CCD-8865-BD19684C0284} 2011-10-24 19:42:38 -------- d-----w- c:\users\user\appdata\local\{F9FAC156-118F-4B54-A382-EAC72E7E5A30} 2011-10-24 07:41:55 -------- d-----w- c:\users\user\appdata\local\{394749D1-8963-472C-B024-2036823AB7F8} 2011-10-24 07:41:18 -------- d-----w- c:\users\user\appdata\local\{A08E8147-2541-40C9-8B81-2A9370FEA54C} 2011-10-23 05:41:27 -------- d-----w- c:\users\user\appdata\local\{24BD33D9-8E4A-4376-B705-2AF8F82F992D} 2011-10-22 17:40:58 -------- d-----w- c:\users\user\appdata\local\{B8535FB1-72D7-4833-A9EE-A20306B8810C} 2011-10-22 07:03:47 -------- d-----w- c:\users\user\appdata\roaming\GetRightToGo 2011-10-22 06:59:44 -------- d-----w- c:\program files\Free Mouse Auto Clicker 2011-10-22 05:40:19 -------- d-----w- c:\users\user\appdata\local\{E98B6402-AA5F-467C-A11C-864E5365419C} 2011-10-21 17:39:50 -------- d-----w- c:\users\user\appdata\local\{44F7C052-0D30-4D95-BEC5-984493220D7C} 2011-10-21 17:39:26 -------- d-----w- c:\users\user\appdata\local\{D7CB0658-B243-404B-AA5E-907EF62A82A1} 2011-10-21 10:33:32 51976 ----a-w- c:\windows\system32\drivers\networx.sys 2011-10-21 10:33:32 -------- d-----w- c:\programdata\SoftPerfect 2011-10-21 10:33:32 -------- d-----w- c:\program files\NetWorx 2011-10-21 10:19:23 -------- d-----w- c:\program files\Uniblue 2011-10-21 05:37:04 -------- d-----w- c:\users\user\appdata\local\{7DC0662C-EE01-483D-8B87-0C07E0AEDA9B} 2011-10-21 05:36:26 -------- d-----w- c:\users\user\appdata\local\{0FF2BE0C-4879-4306-9D30-166755DC4AAC} 2011-10-20 07:51:04 -------- d-----w- c:\users\user\appdata\local\{04D906FA-119D-4D3B-8DD2-1B94EAA5C112} 2011-10-20 07:50:50 -------- d-----w- c:\users\user\appdata\local\{D4EC3EE8-760F-4EA1-BA1C-6E7FB76E87CE} 2011-10-19 07:41:05 -------- d-----w- c:\users\user\appdata\local\{428455CE-3A06-4FB8-A865-DA34501F4A84} 2011-10-19 07:40:52 -------- d-----w- c:\users\user\appdata\local\{AC1705C1-9784-4212-BBF1-7369DBBF096C} 2011-10-18 06:49:47 -------- d-----w- c:\users\user\appdata\local\{7646C9F2-2EC7-473E-954C-8941CEE8C67E} 2011-10-18 06:49:20 -------- d-----w- c:\users\user\appdata\local\{C88709BC-551D-4DD8-8315-86EA8720AE04} 2011-10-17 09:38:07 -------- d-----w- c:\users\user\appdata\local\{750E8690-12F9-45D6-A897-3B015F63F74A} 2011-10-17 09:37:50 -------- d-----w- c:\users\user\appdata\local\{AAB50043-7370-4777-BD74-25FC5A011DFE} 2011-10-16 05:33:27 -------- d-----w- c:\users\user\appdata\local\{6C843F83-CE03-45F5-BF5A-49512A8DBE34} 2011-10-15 17:32:57 -------- d-----w- c:\users\user\appdata\local\{624DD3E9-3CC6-4391-80CE-FFA00F52BBCD} 2011-10-15 05:33:42 -------- d-----w- c:\users\user\appdata\local\{F784805A-A5FE-4D32-9A72-590512605B32} 2011-10-14 17:33:12 -------- d-----w- c:\users\user\appdata\local\{3EA90B30-75AA-496F-9D38-4E290525658C} 2011-10-14 05:33:01 -------- d-----w- c:\users\user\appdata\local\{3B8AAE50-1B33-461C-9F32-14BF7213189E} 2011-10-14 05:32:46 -------- d-----w- c:\users\user\appdata\local\{9B076714-2640-4D72-B7D3-A0F8BDC7830C} 2011-10-13 20:29:40 42392 ----a-w- c:\windows\system32\xfcodec.dll 2011-10-13 08:15:55 -------- d-----w- c:\users\user\appdata\local\{CAE5B667-C7AC-4EE6-98B0-0EF85CD93EB2} 2011-10-13 08:15:40 -------- d-----w- c:\users\user\appdata\local\{32E4CAF1-B753-41BE-9C07-132CFFDD1E0C} 2011-10-13 08:03:46 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-13 08:03:46 233472 ----a-w- c:\windows\system32\oleacc.dll 2011-10-13 08:03:44 75776 ----a-w- c:\windows\system32\psisrndr.ax 2011-10-13 08:03:44 465408 ----a-w- c:\windows\system32\psisdecd.dll 2011-10-13 08:03:17 2334720 ----a-w- c:\windows\system32\win32k.sys 2011-10-12 08:02:35 -------- d-----w- c:\users\user\appdata\local\{D3376831-0D26-47AB-82CE-619ED342ACFB} 2011-10-12 08:02:16 -------- d-----w- c:\users\user\appdata\local\{709FD858-670E-4AFC-A3FD-E676B4F123C9} 2011-10-11 08:24:07 -------- d-----w- C:\V83 2011-10-11 07:52:29 -------- d-----w- c:\users\user\appdata\local\{895E5EED-D9E7-4ABC-9AE1-A0C11A3055A3} 2011-10-11 07:52:16 -------- d-----w- c:\users\user\appdata\local\{FC070CCC-593A-44DB-A5F9-C69C9B2A2EE9} 2011-10-10 05:25:30 -------- d-----w- c:\users\user\appdata\local\{FA90CB2A-6E7C-4EC9-95FC-CB977EE25D7F} 2011-10-10 05:25:11 -------- d-----w- c:\users\user\appdata\local\{ACA534C4-0551-4728-9BF0-BF1DBF799F7B} 2011-10-09 09:24:30 -------- d-----w- c:\users\user\appdata\local\{3E38B71B-6E13-45E9-B8F6-D50E214E26F5} 2011-10-09 09:24:11 -------- d-----w- c:\users\user\appdata\local\{D1490D0E-3E4A-4508-9125-D9B10314D5C8} 2011-10-09 00:26:03 -------- d-----w- c:\users\user\appdata\local\{18CD7B00-6DBF-49F6-8BCF-A3308E9CB1E6} 2011-10-09 00:25:03 -------- d-----w- c:\users\user\appdata\local\{CA07C6A3-148F-4457-9248-EE7EEE9B5AA9} 2011-10-08 10:58:24 -------- d-----w- c:\users\user\appdata\local\{B76AE250-793B-433E-B654-E72F44550994} 2011-10-08 10:57:56 -------- d-----w- c:\users\user\appdata\local\{B97D023F-B064-45FC-B83E-19E05F71083C} 2011-10-08 10:46:13 -------- d-----w- c:\users\user\appdata\local\{A1D1BC20-2AE5-4812-8A8D-BEB5B4CFB593} 2011-10-08 10:45:54 -------- d-----w- c:\users\user\appdata\local\{47AAE966-D71F-4EE9-9490-622CD9C83F0C} 2011-10-07 22:41:41 -------- d-----w- c:\users\user\appdata\local\{3C2EAFCC-D144-498D-B182-265757EF58BE} 2011-10-07 22:40:18 -------- d-----w- c:\users\user\appdata\local\{E984BB2F-DC40-4160-9EFF-5800FC0BEE89} 2011-10-07 11:22:15 -------- d-----w- c:\users\user\appdata\local\{79AFEC5B-3522-4DD2-A743-CDD7164C6B25} 2011-10-06 23:21:41 -------- d-----w- c:\users\user\appdata\local\{19DA6F0F-DD59-449F-96D3-E506C345B487} 2011-10-06 23:20:38 -------- d-----w- c:\users\user\appdata\local\{B725793D-4798-494B-9CEB-606A3F55B5A5} 2011-10-06 00:17:07 -------- d-----w- c:\users\user\appdata\local\{0DB1AC8E-2C29-46EB-897E-D1CFCE835CFE} 2011-10-06 00:16:54 -------- d-----w- c:\users\user\appdata\local\{11E2EDF8-33B0-4CAD-B5E3-11017D8D180A} 2011-10-05 00:58:28 -------- d-----w- c:\users\user\appdata\local\Procaster 2011-10-05 00:58:27 -------- d-----w- c:\program files\Livestream Procaster 2011-10-05 00:19:48 -------- d-----w- c:\users\user\appdata\local\{FECB5BFE-6880-4DDC-8AB1-8BFA3DF781E0} 2011-10-05 00:18:39 -------- d-----w- c:\users\user\appdata\local\{8CCF4D97-0009-4D83-A744-ABEF38E3E822} 2011-10-04 10:58:03 -------- d-----w- c:\users\user\appdata\local\{B33B65EB-433D-402A-9EC8-9431D0F6BC89} 2011-10-04 02:09:16 -------- d-----w- c:\users\user\appdata\roaming\redsn0w 2011-10-03 22:57:23 -------- d-----w- c:\users\user\appdata\local\{7517B5E0-EC9C-4CBF-8BE2-1750956043C3} 2011-10-03 22:57:05 -------- d-----w- c:\users\user\appdata\local\{1AD26829-FEC5-4569-B494-846105564528} 2011-10-03 10:15:54 -------- d-----w- c:\program files\iPod 2011-10-03 10:15:53 -------- d-----w- c:\program files\iTunes 2011-10-03 10:09:53 -------- d-----w- c:\program files\Bonjour 2011-10-03 01:10:03 -------- d-----w- c:\users\user\appdata\local\{13AB0E85-7B35-4396-A3C2-E9EA3DF59EF3} 2011-10-03 01:09:12 -------- d-----w- c:\users\user\appdata\local\{7ED3B83F-8F84-43BA-8473-29552972E5A4} . ==================== Find3M ==================== . 2011-10-20 08:03:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr 2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-09-06 20:36:26 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll 2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-08-31 06:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-22 06:07:40 55280 ----a-w- c:\windows\system32\drivers\vmx86.sys 2011-08-22 06:07:32 354416 ----a-w- c:\windows\system32\vmnetdhcp.exe 2011-08-22 06:07:18 783472 ----a-w- c:\windows\system32\vnetlib.dll 2011-08-22 06:06:56 432752 ----a-w- c:\windows\system32\vmnat.exe 2011-08-22 06:06:06 25712 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys 2011-08-22 04:40:08 252016 ----a-w- c:\windows\system32\vmnc.dll 2011-08-22 04:12:26 55408 ----a-w- c:\windows\system32\vmnetbridge.dll 2011-08-22 04:12:26 49776 ----a-w- c:\windows\system32\vnetinst.dll 2011-08-22 04:12:26 36464 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys 2011-08-22 04:12:26 19568 ----a-w- c:\windows\system32\drivers\vmnet.sys 2011-08-22 04:12:26 16624 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys 2011-08-21 12:11:22 32496 ----a-w- c:\windows\system32\drivers\hcmon.sys 2011-08-21 12:01:24 31280 ----a-w- c:\windows\system32\drivers\vmusb.sys 2011-08-08 03:58:56 98928 ----a-w- c:\windows\system32\drivers\vmci.sys 2011-08-08 03:58:56 63088 ----a-w- c:\windows\system32\vsocklib.dll . ============= FINISH: 17:35:42.09 =============== ComboFix.txt Attach.txt
- November 1, 2011
- 44 replies
I don't know why but i get random IP blocks from MWB

Jamesrulez1 replied to Jamesrulez1's topic in Resolved Malware Removal Logs

Here is the quick scan. mbam-log-2011-10-31 (17-26-14).txt
- October 31, 2011
- 44 replies
I don't know why but i get random IP blocks from MWB

Jamesrulez1 replied to Jamesrulez1's topic in Resolved Malware Removal Logs

I have attached all the protection logs. I'm still doing the quick scan and will make another post with it protection-log-2011-10-24.txt protection-log-2011-10-25.txt protection-log-2011-10-27.txt protection-log-2011-10-26.txt protection-log-2011-10-28.txt protection-log-2011-10-29.txt protection-log-2011-10-30.txt protection-log-2011-10-31.txt
- October 31, 2011
- 44 replies

Events

Profiles

Forums

Everything posted by Jamesrulez1

Important Information