I don't know why but i get random IP blocks from MWB

[Jamesrulez1]

Hi could someone check these because i was told to do this.

DDS.txt

Attach.txt

[Jamesrulez1]

I just realized a mistake that I was supposed to copy and paste these logs I can't seem to edit it though.

Here it is :

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24

Run by User at 19:30:31 on 2011-10-27

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3575.1222 [GMT 11:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe

C:\Windows\system32\vmnat.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\VMware\VMware Workstation\vmware-authd.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\vmnetdhcp.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files\Pidgin\pidgin.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Freecorder\FLVSrvc.exe

C:\Program Files\VMware\VMware Workstation\vmware-tray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\NetWorx\networx.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Presentation Pointer\PPointer.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Pando Networks\Media Booster\PMB.exe

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files\Xfire\Xfire.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Steam\SteamService.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Xfire\Xfire.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.33\deploy\LoLLauncher.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.93\deploy\LolClient.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = my.daemon-search.com

uInternet Settings,ProxyOverride = *.local

mSearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4

uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll

uURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll

mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll

mURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll

BHO: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll

BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - c:\program files\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\users\user\appdata\roaming\flashgetbho\FlashGetBHO3.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL

BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll

TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll

TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - c:\program files\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

TB: &NetWorx Desk Band: {feea54b4-d80f-41c7-87b9-dc08e6d3255f} - c:\progra~1\networx\deskband.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [steam] "c:\program files\steam\steam.exe" -silent

uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"

uRun: [Presentation Pointer] c:\program files\presentation pointer\PPointer.exe /m

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe

uRun: [uniblue ProcessQuickLink 2] "c:\program files\uniblue\processquicklink 2\ProcessQuickLink2.exe" /autostart

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r

mRun: [AlterXfire] c:\users\user\desktop\alterxfire\AlterXfire.exe

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [Pidgin] "c:\program files\pidgin\Pidgin.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [snpstd] c:\windows\vsnpstd.exe

mRun: [vmware-tray] "c:\program files\vmware\vmware workstation\vmware-tray.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [NetWorx] "c:\program files\networx\networx.exe" /auto

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE

StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\lolrec~1.lnk - c:\program files\lolreplay\LOLRecorder.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Download all by FlashGet3 - c:\users\user\appdata\roaming\flashgetbho\GetAllUrl.htm

IE: Download by FlashGet3 - c:\users\user\appdata\roaming\flashgetbho\GetUrl.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

LSP: %SystemRoot%\system32\vsocklib.dll

Trusted Zone: kuaiche.com\software

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TCP: DhcpNameServer = 10.1.1.1

TCP: Interfaces\{24FB8EFC-7672-4355-9BE4-3994D80E84F3} : NameServer = 208.67.222.222,208.67.220.220

TCP: Interfaces\{24FB8EFC-7672-4355-9BE4-3994D80E84F3} : DhcpNameServer = 10.1.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\l3qjedju.default\

FF - prefs.js: browser.search.selectedEngine - Facemoods Search

FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ddr

FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\l3qjedju.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll

FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\l3qjedju.default\extensions\ffxtlbr@facemoods.com\components\FFHst.dll

FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll

FF - plugin: c:\users\user\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\users\user\appdata\roaming\mozilla\firefox\profiles\l3qjedju.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com

FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com

FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com

FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\alwil software\avast5\webrep\FF

.

============= SERVICES / DRIVERS ===============

.

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2011-3-24 40560]

R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-12-21 11448]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-17 442200]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-21 320856]

R1 networx;networx;c:\windows\system32\drivers\networx.sys [2011-10-21 51976]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-21 20568]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-21 54616]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-9-10 44768]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-12-21 366152]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-1-7 378984]

R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2010-12-24 2228008]

R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2011-8-21 665200]

R2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi10-shared.sys [2011-7-8 22768]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-21 22216]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-1-29 122984]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-3-21 362600]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-12-20 1150880]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\s.a.d\cyberghost vpn\CGVPNCliService.exe [2011-1-28 2412680]

S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2010-12-21 23456]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-12 15872]

S3 TesSafe;TesSafe;c:\windows\system32\TesSafe.sys [2011-7-7 541824]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-12 52224]

S3 VMwareHostd;VMware Workstation Server;c:\program files\vmware\vmware workstation\vmware-hostd.exe [2011-8-22 11837440]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-21 1343400]

.

=============== File Associations ===============

.

.txt=UltraEdit.txt

.

=============== Created Last 30 ================

.

2011-10-27 08:21:07 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{763a35ef-e765-4e1b-a432-e072966eef66}\offreg.dll

2011-10-27 08:21:03 -------- d-----w- c:\users\user\appdata\local\{D111B38B-3020-42DB-9629-C267AE4B9893}

2011-10-27 08:20:36 -------- d-----w- c:\users\user\appdata\local\{1F155FDD-E02B-4FD7-B8C9-2EF228CC0B9B}

2011-10-26 06:34:16 -------- d-----w- c:\users\user\appdata\local\{7AB18F2C-94B7-4323-997E-D951C86BD23C}

2011-10-26 06:33:58 -------- d-----w- c:\users\user\appdata\local\{D6081E1D-C36C-4230-95EA-3D96C39BD833}

2011-10-26 05:41:48 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{763a35ef-e765-4e1b-a432-e072966eef66}\mpengine.dll

2011-10-25 07:43:15 -------- d-----w- c:\users\user\appdata\local\{EFD8C543-9574-4CCD-8865-BD19684C0284}

2011-10-24 19:42:38 -------- d-----w- c:\users\user\appdata\local\{F9FAC156-118F-4B54-A382-EAC72E7E5A30}

2011-10-24 07:41:55 -------- d-----w- c:\users\user\appdata\local\{394749D1-8963-472C-B024-2036823AB7F8}

2011-10-24 07:41:18 -------- d-----w- c:\users\user\appdata\local\{A08E8147-2541-40C9-8B81-2A9370FEA54C}

2011-10-23 05:41:27 -------- d-----w- c:\users\user\appdata\local\{24BD33D9-8E4A-4376-B705-2AF8F82F992D}

2011-10-22 17:40:58 -------- d-----w- c:\users\user\appdata\local\{B8535FB1-72D7-4833-A9EE-A20306B8810C}

2011-10-22 07:03:47 -------- d-----w- c:\users\user\appdata\roaming\GetRightToGo

2011-10-22 06:59:44 -------- d-----w- c:\program files\Free Mouse Auto Clicker

2011-10-22 05:40:19 -------- d-----w- c:\users\user\appdata\local\{E98B6402-AA5F-467C-A11C-864E5365419C}

2011-10-21 17:39:50 -------- d-----w- c:\users\user\appdata\local\{44F7C052-0D30-4D95-BEC5-984493220D7C}

2011-10-21 17:39:26 -------- d-----w- c:\users\user\appdata\local\{D7CB0658-B243-404B-AA5E-907EF62A82A1}

2011-10-21 10:33:32 51976 ----a-w- c:\windows\system32\drivers\networx.sys

2011-10-21 10:33:32 -------- d-----w- c:\programdata\SoftPerfect

2011-10-21 10:33:32 -------- d-----w- c:\program files\NetWorx

2011-10-21 10:19:23 -------- d-----w- c:\program files\Uniblue

2011-10-21 05:37:04 -------- d-----w- c:\users\user\appdata\local\{7DC0662C-EE01-483D-8B87-0C07E0AEDA9B}

2011-10-21 05:36:26 -------- d-----w- c:\users\user\appdata\local\{0FF2BE0C-4879-4306-9D30-166755DC4AAC}

2011-10-20 07:51:04 -------- d-----w- c:\users\user\appdata\local\{04D906FA-119D-4D3B-8DD2-1B94EAA5C112}

2011-10-20 07:50:50 -------- d-----w- c:\users\user\appdata\local\{D4EC3EE8-760F-4EA1-BA1C-6E7FB76E87CE}

2011-10-19 07:41:05 -------- d-----w- c:\users\user\appdata\local\{428455CE-3A06-4FB8-A865-DA34501F4A84}

2011-10-19 07:40:52 -------- d-----w- c:\users\user\appdata\local\{AC1705C1-9784-4212-BBF1-7369DBBF096C}

2011-10-18 06:49:47 -------- d-----w- c:\users\user\appdata\local\{7646C9F2-2EC7-473E-954C-8941CEE8C67E}

2011-10-18 06:49:20 -------- d-----w- c:\users\user\appdata\local\{C88709BC-551D-4DD8-8315-86EA8720AE04}

2011-10-17 09:38:07 -------- d-----w- c:\users\user\appdata\local\{750E8690-12F9-45D6-A897-3B015F63F74A}

2011-10-17 09:37:50 -------- d-----w- c:\users\user\appdata\local\{AAB50043-7370-4777-BD74-25FC5A011DFE}

2011-10-16 05:33:27 -------- d-----w- c:\users\user\appdata\local\{6C843F83-CE03-45F5-BF5A-49512A8DBE34}

2011-10-15 17:32:57 -------- d-----w- c:\users\user\appdata\local\{624DD3E9-3CC6-4391-80CE-FFA00F52BBCD}

2011-10-15 05:33:42 -------- d-----w- c:\users\user\appdata\local\{F784805A-A5FE-4D32-9A72-590512605B32}

2011-10-14 17:33:12 -------- d-----w- c:\users\user\appdata\local\{3EA90B30-75AA-496F-9D38-4E290525658C}

2011-10-14 05:33:01 -------- d-----w- c:\users\user\appdata\local\{3B8AAE50-1B33-461C-9F32-14BF7213189E}

2011-10-14 05:32:46 -------- d-----w- c:\users\user\appdata\local\{9B076714-2640-4D72-B7D3-A0F8BDC7830C}

2011-10-13 20:29:40 42392 ----a-w- c:\windows\system32\xfcodec.dll

2011-10-13 08:15:55 -------- d-----w- c:\users\user\appdata\local\{CAE5B667-C7AC-4EE6-98B0-0EF85CD93EB2}

2011-10-13 08:15:40 -------- d-----w- c:\users\user\appdata\local\{32E4CAF1-B753-41BE-9C07-132CFFDD1E0C}

2011-10-13 08:03:46 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-13 08:03:46 233472 ----a-w- c:\windows\system32\oleacc.dll

2011-10-13 08:03:44 75776 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-13 08:03:44 465408 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-13 08:03:17 2334720 ----a-w- c:\windows\system32\win32k.sys

2011-10-12 08:02:35 -------- d-----w- c:\users\user\appdata\local\{D3376831-0D26-47AB-82CE-619ED342ACFB}

2011-10-12 08:02:16 -------- d-----w- c:\users\user\appdata\local\{709FD858-670E-4AFC-A3FD-E676B4F123C9}

2011-10-11 08:24:07 -------- d-----w- C:\V83

2011-10-11 07:52:29 -------- d-----w- c:\users\user\appdata\local\{895E5EED-D9E7-4ABC-9AE1-A0C11A3055A3}

2011-10-11 07:52:16 -------- d-----w- c:\users\user\appdata\local\{FC070CCC-593A-44DB-A5F9-C69C9B2A2EE9}

2011-10-10 05:25:30 -------- d-----w- c:\users\user\appdata\local\{FA90CB2A-6E7C-4EC9-95FC-CB977EE25D7F}

2011-10-10 05:25:11 -------- d-----w- c:\users\user\appdata\local\{ACA534C4-0551-4728-9BF0-BF1DBF799F7B}

2011-10-09 09:24:30 -------- d-----w- c:\users\user\appdata\local\{3E38B71B-6E13-45E9-B8F6-D50E214E26F5}

2011-10-09 09:24:11 -------- d-----w- c:\users\user\appdata\local\{D1490D0E-3E4A-4508-9125-D9B10314D5C8}

2011-10-09 00:26:03 -------- d-----w- c:\users\user\appdata\local\{18CD7B00-6DBF-49F6-8BCF-A3308E9CB1E6}

2011-10-09 00:25:03 -------- d-----w- c:\users\user\appdata\local\{CA07C6A3-148F-4457-9248-EE7EEE9B5AA9}

2011-10-08 10:58:24 -------- d-----w- c:\users\user\appdata\local\{B76AE250-793B-433E-B654-E72F44550994}

2011-10-08 10:57:56 -------- d-----w- c:\users\user\appdata\local\{B97D023F-B064-45FC-B83E-19E05F71083C}

2011-10-08 10:46:13 -------- d-----w- c:\users\user\appdata\local\{A1D1BC20-2AE5-4812-8A8D-BEB5B4CFB593}

2011-10-08 10:45:54 -------- d-----w- c:\users\user\appdata\local\{47AAE966-D71F-4EE9-9490-622CD9C83F0C}

2011-10-07 22:41:41 -------- d-----w- c:\users\user\appdata\local\{3C2EAFCC-D144-498D-B182-265757EF58BE}

2011-10-07 22:40:18 -------- d-----w- c:\users\user\appdata\local\{E984BB2F-DC40-4160-9EFF-5800FC0BEE89}

2011-10-07 11:22:15 -------- d-----w- c:\users\user\appdata\local\{79AFEC5B-3522-4DD2-A743-CDD7164C6B25}

2011-10-06 23:21:41 -------- d-----w- c:\users\user\appdata\local\{19DA6F0F-DD59-449F-96D3-E506C345B487}

2011-10-06 23:20:38 -------- d-----w- c:\users\user\appdata\local\{B725793D-4798-494B-9CEB-606A3F55B5A5}

2011-10-06 00:17:07 -------- d-----w- c:\users\user\appdata\local\{0DB1AC8E-2C29-46EB-897E-D1CFCE835CFE}

2011-10-06 00:16:54 -------- d-----w- c:\users\user\appdata\local\{11E2EDF8-33B0-4CAD-B5E3-11017D8D180A}

2011-10-05 00:58:28 -------- d-----w- c:\users\user\appdata\local\Procaster

2011-10-05 00:58:27 -------- d-----w- c:\program files\Livestream Procaster

2011-10-05 00:19:48 -------- d-----w- c:\users\user\appdata\local\{FECB5BFE-6880-4DDC-8AB1-8BFA3DF781E0}

2011-10-05 00:18:39 -------- d-----w- c:\users\user\appdata\local\{8CCF4D97-0009-4D83-A744-ABEF38E3E822}

2011-10-04 10:58:03 -------- d-----w- c:\users\user\appdata\local\{B33B65EB-433D-402A-9EC8-9431D0F6BC89}

2011-10-04 02:09:16 -------- d-----w- c:\users\user\appdata\roaming\redsn0w

2011-10-03 22:57:23 -------- d-----w- c:\users\user\appdata\local\{7517B5E0-EC9C-4CBF-8BE2-1750956043C3}

2011-10-03 22:57:05 -------- d-----w- c:\users\user\appdata\local\{1AD26829-FEC5-4569-B494-846105564528}

2011-10-03 10:15:54 -------- d-----w- c:\program files\iPod

2011-10-03 10:15:53 -------- d-----w- c:\program files\iTunes

2011-10-03 10:09:53 -------- d-----w- c:\program files\Bonjour

2011-10-03 01:10:03 -------- d-----w- c:\users\user\appdata\local\{13AB0E85-7B35-4396-A3C2-E9EA3DF59EF3}

2011-10-03 01:09:12 -------- d-----w- c:\users\user\appdata\local\{7ED3B83F-8F84-43BA-8473-29552972E5A4}

2011-10-02 00:09:37 354416 ----a-w- c:\windows\system32\vmnetdhcp.exe

2011-10-02 00:09:36 432752 ----a-w- c:\windows\system32\vmnat.exe

2011-10-02 00:09:35 25712 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys

2011-10-02 00:09:30 783472 ----a-w- c:\windows\system32\vnetlib.dll

2011-10-02 00:07:50 -------- d-----w- c:\program files\common files\VMware

2011-10-02 00:05:29 -------- d-----w- c:\users\user\appdata\local\{EDAEE26E-0AAC-473B-94C2-DD0510453121}

2011-10-02 00:04:55 -------- d-----w- c:\users\user\appdata\local\{525DFDF0-C783-4514-89C9-C090E6E9E75C}

2011-10-01 00:59:34 -------- d-----w- c:\users\user\appdata\local\{BAE46EB8-03EB-43A6-B12C-7F2F22F0CA50}

2011-10-01 00:59:17 -------- d-----w- c:\users\user\appdata\local\{80CC1395-E362-4EF2-8A20-36C614F07DE3}

2011-09-30 10:34:26 -------- d-----w- c:\users\user\appdata\local\{9B183752-D30C-4AB5-90B3-9692DF18E750}

2011-09-30 08:17:06 -------- d-----w- c:\windows\system32\TVUAx

2011-09-29 22:33:55 -------- d-----w- c:\users\user\appdata\local\{4A33FA4A-2122-441F-B6D2-072944D451B1}

2011-09-29 22:33:39 -------- d-----w- c:\users\user\appdata\local\{E8C4B760-2792-4E08-9DAF-ED1FF265370D}

2011-09-29 08:34:28 -------- d-----w- c:\program files\Cheat Engine 6.1

2011-09-29 00:00:15 -------- d-----w- c:\users\user\appdata\local\{69EE112C-21F9-4F13-97A9-F9A5B121BC61}

2011-09-28 23:59:46 -------- d-----w- c:\users\user\appdata\local\{D1CD4578-3042-4820-BBFB-9CAC2487CBC9}

2011-09-28 11:30:12 -------- d-----w- c:\users\user\appdata\local\{6138F494-8901-4CD6-AEF0-5FD7A6EE278E}

2011-09-27 23:30:18 -------- d-----w- c:\users\user\appdata\local\{80A377B9-BFB6-4F0B-A3C9-7BEF958A638C}

2011-09-27 23:30:00 -------- d-----w- c:\users\user\appdata\local\{6CF83698-F316-44F0-AC67-F6738C3DA4E0}

2011-09-27 09:57:18 -------- d-----w- c:\users\user\appdata\local\{30B6EAFD-621E-4D2B-B091-19DFCA4C8DF6}

2011-09-27 09:57:05 -------- d-----w- c:\users\user\appdata\local\{526BE4D6-9ED1-4793-BE47-87257357239C}

.

==================== Find3M ====================

.

2011-10-20 08:03:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr

2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-09-06 20:36:26 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-31 06:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-22 06:07:40 55280 ----a-w- c:\windows\system32\drivers\vmx86.sys

2011-08-22 04:40:08 252016 ----a-w- c:\windows\system32\vmnc.dll

2011-08-22 04:12:26 55408 ----a-w- c:\windows\system32\vmnetbridge.dll

2011-08-22 04:12:26 49776 ----a-w- c:\windows\system32\vnetinst.dll

2011-08-22 04:12:26 36464 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys

2011-08-22 04:12:26 19568 ----a-w- c:\windows\system32\drivers\vmnet.sys

2011-08-22 04:12:26 16624 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys

2011-08-21 12:11:22 32496 ----a-w- c:\windows\system32\drivers\hcmon.sys

2011-08-21 12:01:24 31280 ----a-w- c:\windows\system32\drivers\vmusb.sys

2011-08-08 03:58:56 98928 ----a-w- c:\windows\system32\drivers\vmci.sys

2011-08-08 03:58:56 63088 ----a-w- c:\windows\system32\vsocklib.dll

.

============= FINISH: 19:31:46.04 ===============

[Jamesrulez1]

This is the original thread for my problems : http://forums.malwarebytes.org/index.php?showtopic=98536&st=0&p=488999entry488999

[Jamesrulez1]

Bump no help?

[Jamesrulez1]

Bump it keeps on jumping off the first page and why does no one respond?

[Jamesrulez1]

Bump ...... Do i PM someone since i haven't received a reply in so long?

[Jamesrulez1]

Bump ........

[AdvancedSetup]

Please update MBAM and post back a Quick Scan log as well as a recent Protection Module log where this block has happened.

Log File Locations

Scan Logs

Windows 2000 & Windows XP:

C:\Documents and Settings\<USERNAME>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Windows Vista & Win7:

C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs

File Protection and IP Protection Logs

Windows 2000 & Windows XP:

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Windows Vista & Win7:

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs

[Jamesrulez1]

I have attached all the protection logs. I'm still doing the quick scan and will make another post with it

protection-log-2011-10-24.txt

protection-log-2011-10-25.txt

protection-log-2011-10-27.txt

protection-log-2011-10-26.txt

protection-log-2011-10-28.txt

protection-log-2011-10-29.txt

protection-log-2011-10-30.txt

protection-log-2011-10-31.txt

[Jamesrulez1]

Here is the quick scan.

mbam-log-2011-10-31 (17-26-14).txt

[AdvancedSetup]

Please uninstall or fully disable uTorrent and any other Peer2Peer software before continuing.

Please visit this webpage for instructions for running ComboFix:

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

[Jamesrulez1]

Ok I have attached the new files

Also warn me next time that it would shut down google chrome and that it would take a long time for combofix to finish.

I didn't know whether or not to attach the file called attach but i did anyways

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24

Run by User at 17:27:30 on 2011-11-01

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3575.1138 [GMT 11:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe

C:\Windows\system32\vmnat.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\VMware\VMware Workstation\vmware-authd.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\vmnetdhcp.exe

C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files\Pidgin\pidgin.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Freecorder\FLVSrvc.exe

C:\Program Files\VMware\VMware Workstation\vmware-tray.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\NetWorx\networx.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Presentation Pointer\PPointer.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Pando Networks\Media Booster\PMB.exe

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files\Xfire\Xfire.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Common Files\Steam\SteamService.exe

C:\Program Files\Xfire\Xfire.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\sppsvc.exe

C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.33\deploy\LoLLauncher.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\LOLReplay\LOLRecorder.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = my.daemon-search.com

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll

uURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll

mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll

mURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll

BHO: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\users\user\appdata\roaming\flashgetbho\FlashGetBHO3.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL

BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll

TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

TB: &NetWorx Desk Band: {feea54b4-d80f-41c7-87b9-dc08e6d3255f} - c:\progra~1\networx\deskband.dll

EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [steam] "c:\program files\steam\steam.exe" -silent

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"

uRun: [Presentation Pointer] c:\program files\presentation pointer\PPointer.exe /m

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [chromium] c:\users\user\appdata\local\google\chrome\application\chrome.exe --no-startup-window

uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [Pidgin] "c:\program files\pidgin\Pidgin.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [snpstd] c:\windows\vsnpstd.exe

mRun: [vmware-tray] "c:\program files\vmware\vmware workstation\vmware-tray.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [NetWorx] "c:\program files\networx\networx.exe" /auto

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE

StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\lolrec~1.lnk - c:\program files\lolreplay\LOLRecorder.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Download all by FlashGet3 - c:\users\user\appdata\roaming\flashgetbho\GetAllUrl.htm

IE: Download by FlashGet3 - c:\users\user\appdata\roaming\flashgetbho\GetUrl.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

LSP: %SystemRoot%\system32\vsocklib.dll

Trusted Zone: kuaiche.com\software

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TCP: DhcpNameServer = 10.1.1.1

TCP: Interfaces\{24FB8EFC-7672-4355-9BE4-3994D80E84F3} : NameServer = 208.67.222.222,208.67.220.220

TCP: Interfaces\{24FB8EFC-7672-4355-9BE4-3994D80E84F3} : DhcpNameServer = 10.1.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\l3qjedju.default\

FF - prefs.js: browser.search.selectedEngine - Facemoods Search

FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ddr

FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\l3qjedju.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll

FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\l3qjedju.default\extensions\ffxtlbr@facemoods.com\components\FFHst.dll

FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll

FF - plugin: c:\users\user\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\users\user\appdata\roaming\mozilla\firefox\profiles\l3qjedju.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com

FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com

FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com

FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\alwil software\avast5\webrep\FF

.

============= SERVICES / DRIVERS ===============

.

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2011-3-24 40560]

R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-12-21 11448]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-17 442200]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-21 320856]

R1 networx;networx;c:\windows\system32\drivers\networx.sys [2011-10-21 51976]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-21 20568]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-21 54616]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-9-10 44768]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-12-21 366152]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-1-7 378984]

R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2010-12-24 2228008]

R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2011-8-21 665200]

R2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi10-shared.sys [2011-7-8 22768]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-21 22216]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-1-29 122984]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-3-21 362600]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-12-20 1150880]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\s.a.d\cyberghost vpn\CGVPNCliService.exe [2011-1-28 2412680]

S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2010-12-21 23456]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-12 15872]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-12 52224]

S3 VMwareHostd;VMware Workstation Server;c:\program files\vmware\vmware workstation\vmware-hostd.exe [2011-8-22 11837440]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-21 1343400]

.

=============== File Associations ===============

.

.txt=UltraEdit.txt

.

=============== Created Last 30 ================

.

2011-11-01 06:27:51 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{bbd97f22-279e-4eae-bf31-c62146f115b6}\offreg.dll

2011-11-01 06:01:09 -------- d-----w- C:\$RECYCLE.BIN

2011-11-01 05:46:06 98816 ----a-w- c:\windows\sed.exe

2011-11-01 05:46:06 518144 ----a-w- c:\windows\SWREG.exe

2011-11-01 05:46:06 256000 ----a-w- c:\windows\PEV.exe

2011-11-01 05:46:06 208896 ----a-w- c:\windows\MBR.exe

2011-11-01 05:41:09 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{bbd97f22-279e-4eae-bf31-c62146f115b6}\mpengine.dll

2011-11-01 05:38:48 -------- d-----w- c:\users\user\appdata\local\{BF4E9C8E-CE20-438B-9C01-5E0E818A0C6A}

2011-11-01 05:37:58 -------- d-----w- c:\users\user\appdata\local\{6D04E194-0E6B-40AD-9B9B-9415B62A6849}

2011-10-31 06:10:16 -------- d-----w- c:\users\user\appdata\local\{657D47B9-06A4-4C7C-BEAE-21CAAB58EC2A}

2011-10-31 06:10:01 -------- d-----w- c:\users\user\appdata\local\{264B6F6D-CB28-44EB-9B72-8ED0E25BEFD9}

2011-10-30 10:10:01 -------- d-----w- c:\users\user\appdata\local\PMB Files

2011-10-30 10:09:57 -------- d-----w- c:\programdata\PMB Files

2011-10-29 23:11:15 -------- d-----w- c:\users\user\appdata\local\{FCFEF9A1-A4C7-472D-A477-1FEBCA402122}

2011-10-29 23:11:01 -------- d-----w- c:\users\user\appdata\local\{DF54D338-53A9-4C9F-9029-7CB627538282}

2011-10-29 09:50:58 -------- d-----w- c:\users\user\appdata\local\{5A7D2767-7B1E-4502-B427-B153411A94F5}

2011-10-29 09:50:45 -------- d-----w- c:\users\user\appdata\local\{78FCA731-DD06-4806-9031-9F498C7B8A01}

2011-10-28 21:50:16 -------- d-----w- c:\users\user\appdata\local\{9964E120-85CD-4774-8854-B6F23AFA3E90}

2011-10-28 21:50:02 -------- d-----w- c:\users\user\appdata\local\{29CB39C1-F26F-4AD6-B2F3-9FB67F5265FE}

2011-10-28 05:31:10 -------- d-----w- c:\users\user\appdata\local\{DFAA2B06-A7D2-4F2F-8CF2-B853B7612E3A}

2011-10-28 05:30:52 -------- d-----w- c:\users\user\appdata\local\{41CFE56B-3A17-4967-852A-D12082632E1A}

2011-10-27 08:21:03 -------- d-----w- c:\users\user\appdata\local\{D111B38B-3020-42DB-9629-C267AE4B9893}

2011-10-27 08:20:36 -------- d-----w- c:\users\user\appdata\local\{1F155FDD-E02B-4FD7-B8C9-2EF228CC0B9B}

2011-10-26 06:34:16 -------- d-----w- c:\users\user\appdata\local\{7AB18F2C-94B7-4323-997E-D951C86BD23C}

2011-10-26 06:33:58 -------- d-----w- c:\users\user\appdata\local\{D6081E1D-C36C-4230-95EA-3D96C39BD833}

2011-10-25 07:43:15 -------- d-----w- c:\users\user\appdata\local\{EFD8C543-9574-4CCD-8865-BD19684C0284}

2011-10-24 19:42:38 -------- d-----w- c:\users\user\appdata\local\{F9FAC156-118F-4B54-A382-EAC72E7E5A30}

2011-10-24 07:41:55 -------- d-----w- c:\users\user\appdata\local\{394749D1-8963-472C-B024-2036823AB7F8}

2011-10-24 07:41:18 -------- d-----w- c:\users\user\appdata\local\{A08E8147-2541-40C9-8B81-2A9370FEA54C}

2011-10-23 05:41:27 -------- d-----w- c:\users\user\appdata\local\{24BD33D9-8E4A-4376-B705-2AF8F82F992D}

2011-10-22 17:40:58 -------- d-----w- c:\users\user\appdata\local\{B8535FB1-72D7-4833-A9EE-A20306B8810C}

2011-10-22 07:03:47 -------- d-----w- c:\users\user\appdata\roaming\GetRightToGo

2011-10-22 06:59:44 -------- d-----w- c:\program files\Free Mouse Auto Clicker

2011-10-22 05:40:19 -------- d-----w- c:\users\user\appdata\local\{E98B6402-AA5F-467C-A11C-864E5365419C}

2011-10-21 17:39:50 -------- d-----w- c:\users\user\appdata\local\{44F7C052-0D30-4D95-BEC5-984493220D7C}

2011-10-21 17:39:26 -------- d-----w- c:\users\user\appdata\local\{D7CB0658-B243-404B-AA5E-907EF62A82A1}

2011-10-21 10:33:32 51976 ----a-w- c:\windows\system32\drivers\networx.sys

2011-10-21 10:33:32 -------- d-----w- c:\programdata\SoftPerfect

2011-10-21 10:33:32 -------- d-----w- c:\program files\NetWorx

2011-10-21 10:19:23 -------- d-----w- c:\program files\Uniblue

2011-10-21 05:37:04 -------- d-----w- c:\users\user\appdata\local\{7DC0662C-EE01-483D-8B87-0C07E0AEDA9B}

2011-10-21 05:36:26 -------- d-----w- c:\users\user\appdata\local\{0FF2BE0C-4879-4306-9D30-166755DC4AAC}

2011-10-20 07:51:04 -------- d-----w- c:\users\user\appdata\local\{04D906FA-119D-4D3B-8DD2-1B94EAA5C112}

2011-10-20 07:50:50 -------- d-----w- c:\users\user\appdata\local\{D4EC3EE8-760F-4EA1-BA1C-6E7FB76E87CE}

2011-10-19 07:41:05 -------- d-----w- c:\users\user\appdata\local\{428455CE-3A06-4FB8-A865-DA34501F4A84}

2011-10-19 07:40:52 -------- d-----w- c:\users\user\appdata\local\{AC1705C1-9784-4212-BBF1-7369DBBF096C}

2011-10-18 06:49:47 -------- d-----w- c:\users\user\appdata\local\{7646C9F2-2EC7-473E-954C-8941CEE8C67E}

2011-10-18 06:49:20 -------- d-----w- c:\users\user\appdata\local\{C88709BC-551D-4DD8-8315-86EA8720AE04}

2011-10-17 09:38:07 -------- d-----w- c:\users\user\appdata\local\{750E8690-12F9-45D6-A897-3B015F63F74A}

2011-10-17 09:37:50 -------- d-----w- c:\users\user\appdata\local\{AAB50043-7370-4777-BD74-25FC5A011DFE}

2011-10-16 05:33:27 -------- d-----w- c:\users\user\appdata\local\{6C843F83-CE03-45F5-BF5A-49512A8DBE34}

2011-10-15 17:32:57 -------- d-----w- c:\users\user\appdata\local\{624DD3E9-3CC6-4391-80CE-FFA00F52BBCD}

2011-10-15 05:33:42 -------- d-----w- c:\users\user\appdata\local\{F784805A-A5FE-4D32-9A72-590512605B32}

2011-10-14 17:33:12 -------- d-----w- c:\users\user\appdata\local\{3EA90B30-75AA-496F-9D38-4E290525658C}

2011-10-14 05:33:01 -------- d-----w- c:\users\user\appdata\local\{3B8AAE50-1B33-461C-9F32-14BF7213189E}

2011-10-14 05:32:46 -------- d-----w- c:\users\user\appdata\local\{9B076714-2640-4D72-B7D3-A0F8BDC7830C}

2011-10-13 20:29:40 42392 ----a-w- c:\windows\system32\xfcodec.dll

2011-10-13 08:15:55 -------- d-----w- c:\users\user\appdata\local\{CAE5B667-C7AC-4EE6-98B0-0EF85CD93EB2}

2011-10-13 08:15:40 -------- d-----w- c:\users\user\appdata\local\{32E4CAF1-B753-41BE-9C07-132CFFDD1E0C}

2011-10-13 08:03:46 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-13 08:03:46 233472 ----a-w- c:\windows\system32\oleacc.dll

2011-10-13 08:03:44 75776 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-13 08:03:44 465408 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-13 08:03:17 2334720 ----a-w- c:\windows\system32\win32k.sys

2011-10-12 08:02:35 -------- d-----w- c:\users\user\appdata\local\{D3376831-0D26-47AB-82CE-619ED342ACFB}

2011-10-12 08:02:16 -------- d-----w- c:\users\user\appdata\local\{709FD858-670E-4AFC-A3FD-E676B4F123C9}

2011-10-11 08:24:07 -------- d-----w- C:\V83

2011-10-11 07:52:29 -------- d-----w- c:\users\user\appdata\local\{895E5EED-D9E7-4ABC-9AE1-A0C11A3055A3}

2011-10-11 07:52:16 -------- d-----w- c:\users\user\appdata\local\{FC070CCC-593A-44DB-A5F9-C69C9B2A2EE9}

2011-10-10 05:25:30 -------- d-----w- c:\users\user\appdata\local\{FA90CB2A-6E7C-4EC9-95FC-CB977EE25D7F}

2011-10-10 05:25:11 -------- d-----w- c:\users\user\appdata\local\{ACA534C4-0551-4728-9BF0-BF1DBF799F7B}

2011-10-09 09:24:30 -------- d-----w- c:\users\user\appdata\local\{3E38B71B-6E13-45E9-B8F6-D50E214E26F5}

2011-10-09 09:24:11 -------- d-----w- c:\users\user\appdata\local\{D1490D0E-3E4A-4508-9125-D9B10314D5C8}

2011-10-09 00:26:03 -------- d-----w- c:\users\user\appdata\local\{18CD7B00-6DBF-49F6-8BCF-A3308E9CB1E6}

2011-10-09 00:25:03 -------- d-----w- c:\users\user\appdata\local\{CA07C6A3-148F-4457-9248-EE7EEE9B5AA9}

2011-10-08 10:58:24 -------- d-----w- c:\users\user\appdata\local\{B76AE250-793B-433E-B654-E72F44550994}

2011-10-08 10:57:56 -------- d-----w- c:\users\user\appdata\local\{B97D023F-B064-45FC-B83E-19E05F71083C}

2011-10-08 10:46:13 -------- d-----w- c:\users\user\appdata\local\{A1D1BC20-2AE5-4812-8A8D-BEB5B4CFB593}

2011-10-08 10:45:54 -------- d-----w- c:\users\user\appdata\local\{47AAE966-D71F-4EE9-9490-622CD9C83F0C}

2011-10-07 22:41:41 -------- d-----w- c:\users\user\appdata\local\{3C2EAFCC-D144-498D-B182-265757EF58BE}

2011-10-07 22:40:18 -------- d-----w- c:\users\user\appdata\local\{E984BB2F-DC40-4160-9EFF-5800FC0BEE89}

2011-10-07 11:22:15 -------- d-----w- c:\users\user\appdata\local\{79AFEC5B-3522-4DD2-A743-CDD7164C6B25}

2011-10-06 23:21:41 -------- d-----w- c:\users\user\appdata\local\{19DA6F0F-DD59-449F-96D3-E506C345B487}

2011-10-06 23:20:38 -------- d-----w- c:\users\user\appdata\local\{B725793D-4798-494B-9CEB-606A3F55B5A5}

2011-10-06 00:17:07 -------- d-----w- c:\users\user\appdata\local\{0DB1AC8E-2C29-46EB-897E-D1CFCE835CFE}

2011-10-06 00:16:54 -------- d-----w- c:\users\user\appdata\local\{11E2EDF8-33B0-4CAD-B5E3-11017D8D180A}

2011-10-05 00:58:28 -------- d-----w- c:\users\user\appdata\local\Procaster

2011-10-05 00:58:27 -------- d-----w- c:\program files\Livestream Procaster

2011-10-05 00:19:48 -------- d-----w- c:\users\user\appdata\local\{FECB5BFE-6880-4DDC-8AB1-8BFA3DF781E0}

2011-10-05 00:18:39 -------- d-----w- c:\users\user\appdata\local\{8CCF4D97-0009-4D83-A744-ABEF38E3E822}

2011-10-04 10:58:03 -------- d-----w- c:\users\user\appdata\local\{B33B65EB-433D-402A-9EC8-9431D0F6BC89}

2011-10-04 02:09:16 -------- d-----w- c:\users\user\appdata\roaming\redsn0w

2011-10-03 22:57:23 -------- d-----w- c:\users\user\appdata\local\{7517B5E0-EC9C-4CBF-8BE2-1750956043C3}

2011-10-03 22:57:05 -------- d-----w- c:\users\user\appdata\local\{1AD26829-FEC5-4569-B494-846105564528}

2011-10-03 10:15:54 -------- d-----w- c:\program files\iPod

2011-10-03 10:15:53 -------- d-----w- c:\program files\iTunes

2011-10-03 10:09:53 -------- d-----w- c:\program files\Bonjour

2011-10-03 01:10:03 -------- d-----w- c:\users\user\appdata\local\{13AB0E85-7B35-4396-A3C2-E9EA3DF59EF3}

2011-10-03 01:09:12 -------- d-----w- c:\users\user\appdata\local\{7ED3B83F-8F84-43BA-8473-29552972E5A4}

.

==================== Find3M ====================

.

2011-10-20 08:03:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr

2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-09-06 20:36:26 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-31 06:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-22 06:07:40 55280 ----a-w- c:\windows\system32\drivers\vmx86.sys

2011-08-22 06:07:32 354416 ----a-w- c:\windows\system32\vmnetdhcp.exe

2011-08-22 06:07:18 783472 ----a-w- c:\windows\system32\vnetlib.dll

2011-08-22 06:06:56 432752 ----a-w- c:\windows\system32\vmnat.exe

2011-08-22 06:06:06 25712 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys

2011-08-22 04:40:08 252016 ----a-w- c:\windows\system32\vmnc.dll

2011-08-22 04:12:26 55408 ----a-w- c:\windows\system32\vmnetbridge.dll

2011-08-22 04:12:26 49776 ----a-w- c:\windows\system32\vnetinst.dll

2011-08-22 04:12:26 36464 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys

2011-08-22 04:12:26 19568 ----a-w- c:\windows\system32\drivers\vmnet.sys

2011-08-22 04:12:26 16624 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys

2011-08-21 12:11:22 32496 ----a-w- c:\windows\system32\drivers\hcmon.sys

2011-08-21 12:01:24 31280 ----a-w- c:\windows\system32\drivers\vmusb.sys

2011-08-08 03:58:56 98928 ----a-w- c:\windows\system32\drivers\vmci.sys

2011-08-08 03:58:56 63088 ----a-w- c:\windows\system32\vsocklib.dll

.

============= FINISH: 17:35:42.09 ===============

ComboFix.txt

Attach.txt

[AdvancedSetup]

Please uninstall all versions of Java.

Then fully disable µTorrent or uninstall it as well and reboot the computer and make sure it is either disabled or removed.

Then run the following online AV scan and send me back the results please.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

1. Tick the box next to YES, I accept the Terms of Use.
   
2. Click Start
   
3. When asked, allow the ActiveX control to install
   
4. Click Start
   
5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
   
6. Click Scan
   Wait for the scan to finish
   
7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
   
8. Copy and paste that log as a reply to this topic
   

[Jamesrulez1]

Please uninstall all versions of Java.

Then fully disable µTorrent or uninstall it as well and reboot the computer and make sure it is either disabled or removed.

Then run the following online AV scan and send me back the results please.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

1. Tick the box next to YES, I accept the Terms of Use.
   
2. Click Start
   
3. When asked, allow the ActiveX control to install
   
4. Click Start
   
5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
   
6. Click Scan
   Wait for the scan to finish
   
7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
   
8. Copy and paste that log as a reply to this topic
   

I did in fact completely closed it. It's not installed at all o.o only the Utorrent bar thingy in IE was still installed. I removed that now

[Jamesrulez1]

All i got when i got to the scanner site through internet explorer was a small picture in the top left.

[Jamesrulez1]

1 threat found i'm removing that.

It's a Win32/Virut.NBP virus

[Jamesrulez1]

Wow it's been at 99% scanning for a few minutes now

[Jamesrulez1]

30 minutes at 99% and counting

[Jamesrulez1]

Heres the logs

log.txt

[AdvancedSetup]

Please download and run the following tool from Kaspersky.

virutkiller.exe

[Jamesrulez1]

0 threats I think it's fixed now? How can i tell?

[AdvancedSetup]

Please post what the Kaspersky tool found.

Then download a new fresh copy of Combofix and run it again and post back the new log.

Thanks

[Jamesrulez1]

Here is the new combofix log :

ComboFix 11-11-02.01 - User 02/11/2011 17:33:22.2.4 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3575.2105 [GMT 11:00]

Running from: c:\users\User\Desktop\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

Infected copy of c:\windows\system32\userinit.exe was found and disinfected

Restored copy from - c:\windows\ERDNT\cache\userinit.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-10-02 to 2011-11-02 )))))))))))))))))))))))))))))))

.

.

2011-11-02 06:51 . 2011-11-02 06:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-01 06:31 . 2011-11-01 06:31 -------- d-----w- c:\program files\Voxatron

2011-11-01 06:27 . 2011-11-02 06:56 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBD97F22-279E-4EAE-BF31-C62146F115B6}\offreg.dll

2011-11-01 05:41 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBD97F22-279E-4EAE-BF31-C62146F115B6}\mpengine.dll

2011-10-30 10:10 . 2011-11-01 22:10 -------- d-----w- c:\users\User\AppData\Local\PMB Files

2011-10-30 10:09 . 2011-11-01 22:11 -------- d-----w- c:\programdata\PMB Files

2011-10-23 04:25 . 2011-10-23 04:25 -------- d-----w- c:\users\LoL

2011-10-22 07:03 . 2011-10-22 07:06 -------- d-----w- c:\users\User\AppData\Roaming\GetRightToGo

2011-10-22 06:59 . 2011-10-22 06:59 -------- d-----w- c:\program files\Free Mouse Auto Clicker

2011-10-21 10:33 . 2011-10-21 10:33 -------- d-----w- c:\program files\NetWorx

2011-10-21 10:33 . 2011-10-21 10:33 -------- d-----w- c:\programdata\SoftPerfect

2011-10-21 10:33 . 2011-09-19 10:58 51976 ----a-w- c:\windows\system32\drivers\networx.sys

2011-10-21 10:19 . 2011-10-21 10:34 -------- d-----w- c:\program files\Uniblue

2011-10-13 20:29 . 2011-10-13 20:29 42392 ----a-w- c:\windows\system32\xfcodec.dll

2011-10-13 08:03 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-13 08:03 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll

2011-10-13 08:03 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-13 08:03 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-13 08:03 . 2011-09-06 02:28 2334720 ----a-w- c:\windows\system32\win32k.sys

2011-10-11 08:24 . 2011-10-25 09:50 -------- d-----w- C:\V83

2011-10-05 00:58 . 2011-10-05 01:00 -------- d-----w- c:\users\User\AppData\Local\Procaster

2011-10-05 00:58 . 2011-10-05 00:58 -------- d-----w- c:\program files\Livestream Procaster

2011-10-04 02:09 . 2011-10-21 22:13 -------- d-----w- c:\users\User\AppData\Roaming\redsn0w

2011-10-03 10:15 . 2011-10-03 10:15 -------- d-----w- c:\program files\iPod

2011-10-03 10:15 . 2011-10-03 10:16 -------- d-----w- c:\program files\iTunes

2011-10-03 10:09 . 2011-10-03 10:09 -------- d-----w- c:\program files\Bonjour

2011-10-03 09:49 . 2011-10-03 09:49 -------- d-----w- c:\program files\Apple Software Update

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-20 08:03 . 2011-06-26 00:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-07 07:47 . 2011-03-30 09:16 165232 ---ha-w- c:\users\User\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll

2011-09-06 20:45 . 2010-12-21 04:34 41184 ----a-w- c:\windows\avastSS.scr

2011-09-06 20:45 . 2010-12-21 04:34 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-09-06 20:38 . 2011-03-17 09:11 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-09-06 20:37 . 2010-12-21 04:35 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-09-06 20:36 . 2010-12-21 04:35 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-09-06 20:36 . 2010-12-21 04:35 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-09-06 20:36 . 2010-12-21 04:35 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-09-06 20:36 . 2010-12-21 04:35 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-08-31 06:00 . 2010-12-21 04:29 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-22 06:07 . 2011-08-22 06:07 55280 ----a-w- c:\windows\system32\drivers\vmx86.sys

2011-08-22 06:07 . 2011-10-02 00:09 354416 ----a-w- c:\windows\system32\vmnetdhcp.exe

2011-08-22 06:07 . 2011-10-02 00:09 783472 ----a-w- c:\windows\system32\vnetlib.dll

2011-08-22 06:06 . 2011-10-02 00:09 432752 ----a-w- c:\windows\system32\vmnat.exe

2011-08-22 06:06 . 2011-10-02 00:09 25712 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys

2011-08-22 04:40 . 2011-08-22 04:40 252016 ----a-w- c:\windows\system32\vmnc.dll

2011-08-22 04:12 . 2011-08-22 04:12 55408 ----a-w- c:\windows\system32\vmnetbridge.dll

2011-08-22 04:12 . 2011-08-22 04:12 49776 ----a-w- c:\windows\system32\vnetinst.dll

2011-08-22 04:12 . 2011-08-22 04:12 36464 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys

2011-08-22 04:12 . 2011-08-22 04:12 19568 ----a-w- c:\windows\system32\drivers\vmnet.sys

2011-08-22 04:12 . 2011-08-22 04:12 16624 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys

2011-08-21 12:11 . 2011-08-21 12:11 32496 ----a-w- c:\windows\system32\drivers\hcmon.sys

2011-08-21 12:01 . 2011-08-21 12:01 31280 ----a-w- c:\windows\system32\drivers\vmusb.sys

2011-08-08 03:58 . 2011-08-08 03:58 98928 ----a-w- c:\windows\system32\drivers\vmci.sys

2011-08-08 03:58 . 2011-08-08 03:58 63088 ----a-w- c:\windows\system32\vsocklib.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-11-01_06.01.14 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-12-20 05:40 . 2011-11-01 21:12 63596 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 04:55 . 2011-11-01 21:12 30082 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-12-20 03:12 . 2011-11-02 06:53 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-12-20 03:12 . 2011-11-01 06:00 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-12-20 03:12 . 2011-11-02 06:53 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-12-20 03:12 . 2011-11-01 06:00 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:41 . 2011-11-02 06:53 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:41 . 2011-11-01 06:00 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-11-01 05:35 . 2011-11-01 06:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-11-01 21:10 . 2011-11-02 06:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-11-01 21:10 . 2011-11-02 06:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-11-01 05:35 . 2011-11-01 06:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 02:05 . 2011-11-01 05:41 667042 c:\windows\System32\perfh009.dat

+ 2009-07-14 02:05 . 2011-11-01 06:30 667042 c:\windows\System32\perfh009.dat

- 2009-07-14 02:05 . 2011-11-01 05:41 126304 c:\windows\System32\perfc009.dat

+ 2009-07-14 02:05 . 2011-11-01 06:30 126304 c:\windows\System32\perfc009.dat

+ 2009-07-14 04:47 . 2011-11-01 11:43 388192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 04:47 . 2011-10-31 11:05 388192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-01-22 11:05 . 2011-11-01 11:43 7138279 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3561220507-2474625922-2837830357-1001-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-12-09 3911776]

.

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2010-11-29 04:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

2010-12-09 01:51 3911776 ----a-w- c:\program files\XfireXO\tbXfir.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]

"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-12-09 3911776]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-12-09 3911776]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]

.

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]

"Steam"="c:\program files\Steam\steam.exe" [2011-08-02 1242448]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-30 399736]

"Presentation Pointer"="c:\program files\Presentation Pointer\PPointer.exe" [2011-06-08 2215936]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 16862600]

"chromium"="c:\users\User\AppData\Local\Google\Chrome\Application\chrome.exe" [2011-10-26 1036344]

"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-10-30 3077528]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-24 210472]

"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2010-05-24 1683360]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]

"Pidgin"="c:\program files\Pidgin\Pidgin.exe" [2010-12-20 48618]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2011-03-24 167936]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]

"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2011-08-22 103536]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-18 421736]

"NetWorx"="c:\program files\NetWorx\networx.exe" [2011-10-19 3332608]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]

.

c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-1-21 226176]

Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-10-14 3510680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

LOLRecorder.lnk - c:\program files\LOLReplay\LOLRecorder.exe [2011-10-8 406016]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]

Ime File REG_SZ QQPINYIN.IME

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 02:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-05 17:04 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2011-04-20 02:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]

2010-07-25 15:08 2569616 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]

2009-09-03 14:43 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashGet 3]

2009-12-22 08:48 2127408 ----a-w- c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarenaMessenger]

2011-08-16 08:14 4926808 ----a-w- c:\program files\Garena Messenger\GarenaMessenger.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hobbyist Software VLC Streamer]

2011-01-21 01:28 1317376 ----a-w- c:\program files\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]

2007-02-04 01:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-12-03 05:46 16862600 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2010-12-14 20:02 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2011-03-30 05:28 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Hide Tool]

2008-01-18 02:01 307200 ----a-w- c:\program files\Window Hide Tool\Window Hide Tool.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 ALSysIO;ALSysIO;c:\users\User\AppData\Local\Temp\ALSysIO.sys [x]

R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2010-12-14 2412680]

R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2010-12-21 23456]

R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]

R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Messenger\Room\safedrv.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 VMwareHostd;VMware Workstation Server;c:\program files\VMware\VMware Workstation\vmware-hostd.exe [2011-08-22 11837440]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-21 1343400]

S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-07-13 40560]

S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 98928]

S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-07-05 11448]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 networx;networx;c:\windows\system32\drivers\networx.sys [2011-09-19 51976]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]

S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]

S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-08-21 665200]

S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi10-shared.sys [2011-07-08 22768]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-11-11 122984]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-03-21 362600]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-05-15 1150880]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3561220507-2474625922-2837830357-1001Core.job

- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-21 04:22]

.

2011-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3561220507-2474625922-2837830357-1001UA.job

- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-21 04:22]

.

.

------- Supplementary Scan -------

.

uStart Page = my.daemon-search.com

uInternet Settings,ProxyOverride = *.local

IE: Download all by FlashGet3 - c:\users\User\AppData\Roaming\FlashGetBHO\GetAllUrl.htm

IE: Download by FlashGet3 - c:\users\User\AppData\Roaming\FlashGetBHO\GetUrl.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105

LSP: %SystemRoot%\system32\vsocklib.dll

Trusted Zone: kuaiche.com\software

TCP: DhcpNameServer = 10.1.1.1

TCP: Interfaces\{24FB8EFC-7672-4355-9BE4-3994D80E84F3}: NameServer = 208.67.222.222,208.67.220.220

FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\l3qjedju.default\

FF - prefs.js: browser.search.selectedEngine - Facemoods Search

FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ddr

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com

FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com

FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com

FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF

.

.

------- File Associations -------

.

.txt=UltraEdit.txt

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3561220507-2474625922-2837830357-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (S-1-5-21-3561220507-2474625922-2837830357-1001)

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(2004)

c:\program files\WinSCP\DragExt.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files\NVIDIA Corporation\Display\NvXDSync.exe

c:\windows\system32\nvvsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Canon\IJPLM\IJPLMSVC.EXE

c:\windows\system32\vmnat.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\VMware\VMware Workstation\vmware-authd.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\vmnetdhcp.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

.

**************************************************************************

.

Completion time: 2011-11-02 18:23:18 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-02 07:23

ComboFix2.txt 2011-11-01 06:09

.

Pre-Run: 229,179,543,552 bytes free

Post-Run: 229,132,480,512 bytes free

.

- - End Of File - - E1878C40A5B9D9D7D6F7A677CF7AAD0F

[Jamesrulez1]

Where would i find what kaspersky found? There where no threats detected.

[AdvancedSetup]

STEP 01

Click on START -and type in MSCONFIG into the search bar and when it shown on the menu right click and choose Run as administrator

Then set it to NORMAL and immediately reboot the computer when asked.

STEP 02

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines

registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=-
"Skype"=-
"chromium"=-
"Pando Media Booster"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"=-
"SunJavaUpdateSched"=-
reglock::
[HKEY_USERS\S-1-5-21-3561220507-2474625922-2837830357-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW]

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .

Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:

• Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
  
• Disable your Antivirus software. If it has Script Blocking features, please disable these as well.
  
• A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
  When the scan completes Notepad will open with with your results log open. Do a File, Exit.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post back the Combofix log on your next reply.

STEP 03

Update Avast AV and scan your system and let me know if it finds anything or not.

STEP 04

Next, download Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Let me know how things are running now and what issues remain.