I have a problem...

[amann95]

ok. I have the same problems as some other guys here and its about malwarebytes blocking some random IPs from Nederland and China. This blocking is about every 10mins or so when im not browsing, but when im entering some random sites its more like every 1 min. Also my computer browser is very slow and sometimes wont start at all, so i think i have malware problems in general. So when u read this(if u do) pls give me some advice. Here are the logs:

DDS :

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_29

Run by Shrooms at 11:57:35 on 2011-10-27

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2004 [GMT 2:00]

.

AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: PC Security Guardian *Enabled/Updated* {1FCEF370-070F-4836-879E-2C418C5C7ABF}

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

FW: PC Security Guardian *Enabled*

FW: AVG Firewall *Enabled*

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Razer\Copperhead\razerhid.exe

C:\Program Files\SweetIM\Messenger\SweetIM.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\Razer\DeathAdder\razerhid.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\Program Files\LOLReplay\LOLRecorder.exe

C:\Program Files\hott notes 4\hottnotes.exe

C:\WINDOWS\System32\svchost.exe -k Akamai

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Razer\Copperhead\razerofa.exe

C:\Program Files\Razer\DeathAdder\razertra.exe

C:\Program Files\Razer\DeathAdder\razerofa.exe

C:\Program Files\Razer\DeathAdder\vdDaemon.exe

C:\Program Files\AVG\AVG2012\avgfws.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Common Files\Corel\Standby\Standby.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.bigseekpro.com/mediaget/{5FF7ECB8-6D08-4C83-996A-01C297A8E99E}

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

mStart Page = hxxp://www.bigseekpro.com/mediaget/{5FF7ECB8-6D08-4C83-996A-01C297A8E99E}

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = http=127.0.0.1:25507;

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant =

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll

uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {15531a3f-2691-26a5-5d8a-029c7846098d} - c:\windows\system32\ntmsaapi.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe"

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Google Update] "c:\documents and settings\shrooms\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"

uRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup

uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"

mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM

mRun: [razer] c:\program files\razer\copperhead\razerhid.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [sweetIM] c:\program files\sweetim\messenger\SweetIM.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [standby] "c:\program files\common files\corel\standby\Standby.exe" -START

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe

mRun: [QuickTime Task] "c:\program files\k-lite codec pack\quicktime\QTTask.exe" -atboottime

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\shrooms\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\shrooms\startm~1\programs\startup\hottno~1.lnk - c:\program files\hott notes 4\hottnotes.exe

StartupFolder: c:\docume~1\shrooms\startm~1\programs\startup\regist~2.lnk - d:\pop3\pop\support\register\RegistrationReminder.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\lolrec~1.lnk - c:\program files\lolreplay\LOLRecorder.exe

IE: &Search

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

IFEO: image file execution options - svchost.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\shrooms\application data\mozilla\firefox\profiles\mwkxrc77.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT315908&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZRfox000&ptb=jFSzIIdODiWFC3uHHD9mXQ&ind=2010072314&ptnrS=ZRfox000&si=&n=77cf44fa&psa=&st=kwd&searchfor=

FF - component: c:\documents and settings\shrooms\application data\mozilla\firefox\profiles\mwkxrc77.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\shrooms\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin.dll

FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin2.dll

FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin3.dll

FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin4.dll

FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin5.dll

FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin6.dll

FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin7.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.50917.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]

R0 vax347b;vax347b;c:\windows\system32\drivers\vax347b.sys [2008-7-1 159616]

R0 vax347s;vax347s;c:\windows\system32\drivers\vax347s.sys [2008-7-1 5248]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-19 36000]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-19 86224]

R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-10-19 110032]

R2 avgfws;AVG zaštitni zid;c:\program files\avg\avg2012\avgfws.exe [2011-8-19 2399560]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-12 5265248]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-19 74640]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-13 366152]

R2 StarWindService;StarWind iSCSI Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindService.exe [2005-4-2 217600]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]

R3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [2011-6-29 11136]

R3 hidkmdf;Filter Driver Service for HID-KMDF Interface layer;c:\windows\system32\drivers\hidkmdf.sys [2011-6-29 6656]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-13 22216]

R3 VKbms;Virtual HID Minidriver;c:\windows\system32\drivers\VKbms.sys [2011-6-29 10240]

S0 ps6ah4nb;DiRT Synchronization Driver (ps6ah4nb);c:\windows\system32\drivers\ps6ah4nb.sys --> c:\windows\system32\drivers\ps6ah4nb.sys [?]

S0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys --> c:\windows\system32\drivers\ps6ah4nc.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 pr2ah4nb;DiRT Drivers Auto Removal (pr2ah4nb);c:\windows\system32\pr2ah4nb.exe svc --> c:\windows\system32\pr2ah4nb.exe svc [?]

S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc --> c:\windows\system32\pr2ah4nc.exe svc [?]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]

S3 hid7906;hid7906;c:\windows\system32\drivers\hid7906.sys [2008-1-4 53793]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [2009-6-26 19020]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 XDva370;XDva370;\??\c:\windows\system32\xdva370.sys --> c:\windows\system32\XDva370.sys [?]

.

=============== Created Last 30 ================

.

2011-10-26 12:06:46 -------- d-----w- c:\documents and settings\shrooms\application data\AVG2012

2011-10-26 12:05:02 -------- d-----w- c:\windows\system32\drivers\AVG

2011-10-26 12:05:02 -------- d-----w- c:\documents and settings\all users\application data\AVG2012

2011-10-26 12:04:00 -------- d-----w- c:\program files\AVG

2011-10-26 11:52:14 -------- d--h--w- c:\documents and settings\all users\application data\Common Files

2011-10-26 11:51:41 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2011-10-25 20:38:58 -------- d-----w- c:\program files\common files\PC Tools

2011-10-25 20:38:57 -------- d-----w- c:\program files\PC Tools Security

2011-10-25 20:33:58 -------- d-----w- c:\documents and settings\all users\application data\PC Tools

2011-10-24 18:56:03 -------- d-----r- c:\program files\Skype

2011-10-22 12:24:03 -------- d-----w- c:\program files\Rainmeter

2011-10-19 21:37:11 -------- d-----w- c:\documents and settings\shrooms\application data\Avira

2011-10-19 21:36:36 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2011-10-19 21:36:35 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-10-19 21:36:21 -------- d-----w- c:\program files\Avira

2011-10-19 21:36:21 -------- d-----w- c:\documents and settings\all users\application data\Avira

2011-10-11 12:08:06 -------- d-----w- c:\windows\system32\1008

2011-10-01 10:49:24 -------- d-----w- C:\FPC

.

==================== Find3M ====================

.

2011-10-03 03:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-03 00:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-09-28 11:35:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-26 09:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 09:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 09:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-13 04:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-09-05 13:56:22 667136 ----a-w- c:\windows\system32\wininet.dll

2011-09-05 13:56:22 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-09-05 13:56:21 81920 ----a-w- c:\windows\system32\ieencode.dll

2011-09-05 12:35:09 369664 ----a-w- c:\windows\system32\html.iec

2011-08-31 15:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-26 21:49:51 443448 ----a-w- c:\windows\system32\drivers\sptd.sys

2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-08-09 20:32:40 6060 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys

.

============= FINISH: 11:58:30,03 ===============

And here is attach :

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 12.3.2011 16:08:43

System Uptime: 27.10.2011 11:07:33 (0 hours ago)

.

Motherboard: MSI | | MS-7369

Processor: AMD Athlon 64 X2 Dual Core Processor 4400+ | CPU 1 | 2310/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 40 GiB total, 2,397 GiB free.

D: is FIXED (NTFS) - 193 GiB total, 58,224 GiB free.

E: is CDROM ()

F: is CDROM ()

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Hamachi Network Interface

Device ID: ROOT\NET\0000

Manufacturer: LogMeIn, Inc.

Name: Hamachi Network Interface

PNP Device ID: ROOT\NET\0000

Service: hamachi

.

==== System Restore Points ===================

.

RP197: 17.10.2011 12:00:33 - Removed Assassin's Creed II

RP198: 17.10.2011 12:18:42 - Installé Pro Evolution Soccer 2012.

RP199: 21.10.2011 11:42:35 - System Checkpoint

RP200: 21.10.2011 13:00:19 - Pro Evolution Soccer 2012 supprimé.

RP201: 21.10.2011 13:17:34 - Software Distribution Service 3.0

RP202: 21.10.2011 21:19:25 - Removed Assassin's Creed Brotherhood

RP203: 21.10.2011 21:20:49 - Removed Titan Quest

RP204: 21.10.2011 21:21:26 - Removed Titan Quest Immortal Throne

RP205: 21.10.2011 21:35:01 - Installed Pro Evolution Soccer 2012.

RP206: 22.10.2011 0:54:40 - Software Distribution Service 3.0

RP207: 22.10.2011 13:03:36 - Installed Java 6 Update 29

RP208: 23.10.2011 13:28:01 - System Checkpoint

RP209: 24.10.2011 20:54:32 - Removed Skype Click to Call

RP210: 24.10.2011 20:54:52 - Removed Skype™ 5.5

RP211: 26.10.2011 14:03:59 - Instalirano AVG 2012

RP212: 26.10.2011 14:04:38 - Instalirano AVG 2012

.

==== Installed Programs ======================

.

µTorrent

ACDSee

Adobe AIR

Adobe Bridge 1.0

Adobe Common File Installer

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Help Center 2.1

Adobe Photoshop CS2

Adobe Reader X (10.1.1)

Adobe Shockwave Player 11.5

Adobe Stock Photos 1.0

AIMP2

Akamai NetSession Interface

AMD APP SDK Runtime

Apple Application Support

Apple Software Update

Ask Toolbar

ASUS nVIDIA Driver

ATI AVIVO Codecs

ATI Catalyst Control Center

ATI Catalyst Install Manager

ATI Parental Control & Encoder

AVG 2012

Avira Free Antivirus

Bastion

Beowulf TM

BitLocker To Go Reader

Bonjour

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center HydraVision Full

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-preinstall

ccc-core-static

ccc-utility

CCC Help English

CCleaner

CDCheck (remove only)

Chessmaster Challenge

Chicken Invaders: Revenge of the Yolk (Christmas Edition) v3.20

Compatibility Pack for the 2007 Office system

Contents

Corel PaintShop Photo Pro X3

CorelDRAW Graphics Suite 12

DAEMON Tools Lite

DAEMON Tools Toolbar

DarksidersInstaller

Deus Ex - Human Revolution version 1.0

DeviceIO

DEVIL MAY CRY 4

Fraps (remove only)

Free Pascal 2.4.4

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Gutterball 2

Hamachi 1.0.1.5

HighMAT Extension to Microsoft Windows XP CD Writing Wizard

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB961118)

hott notes 4

ICA

IPM_PSP_Pro

J2SE Runtime Environment 5.0 Update 8

Java Auto Updater

Java 6 Update 29

Jelen SuperLiga by EDIT TEAM version 2011

K-Lite Mega Codec Pack 1.52

League of Legends

Little Fighter 2.5 - v2.0

LOLReplay

Luxor 2

Luxor 3

Macro Vibration Joystick

Mad Caps

Magic ISO Maker v5.5 (build 0276)

Malwarebytes' Anti-Malware version 1.51.2.1300

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft Office Live Add-in 1.3

Microsoft Office Outlook Connector

Microsoft Office Professional Edition 2003

Microsoft Office Word Viewer 2003

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Windows Journal Viewer

Microsoft XNA Framework Redistributable 3.1

MLE

Motherboard Monitor 5

Mozilla Firefox 7.0.1 (x86 en-US)

MP3 Player Utilities 1.40

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 6 Service Pack 2 (KB973686)

MSXML4 Parser

Nero 6 Ultra Edition

Nero 7 Premium

Norton Security Scan

NVIDIA Drivers

NVIDIA PhysX

OLYMPUS Master 2

OLYMPUS muvee theaterPack

OpenAL

Pando Media Booster

PCI SoftV92 Modem

Plants vs. Zombies

PowerDVD

Prince of Persia T2T

Pro Evolution Soccer 2011 1.0

Pro Evolution Soccer 2012

PSPH10Pro

PSPPContent

PSPPRO_DCRAW

PunkBuster Services

PureHD

QuickTime

Razer Copperhead

Razer DeathAdder Mouse

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

REALTEK GbE & FE Ethernet PCI-E NIC Driver

Realtek High Definition Audio Driver

RealUpgrade 1.1

RegCure

Rockstar Games Social Club

Rubber Ninjas 1.05

S4 League_EU

Saitek Dual Analog Rumble Pad

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Windows Media Encoder (KB2447961)

Security Update for Windows Media Encoder (KB954156)

Security Update for Windows Media Encoder (KB979332)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2530548)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544521)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2559049)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2586448)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982381)

Security Update for Windows XP (KB982665)

Setup

Share

Skype™ 5.3

Snail Mail

Sonic & SEGA All-Stars Racing

SpeedFan (remove only)

Steam

SweetIM for Messenger 3.3

SweetIM Toolbar for Internet Explorer 3.9

TeamSpeak 2 RC2

Total Commander (Remove or Repair)

Ubisoft Game Launcher

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VIO

VLC media player 1.1.4

WARRIORS OROCHI

WebFldrs XP

Windows Media Encoder 9 Series

Windows Media Format 11 runtime

Windows Media Player 10

Windows Media Player Firefox Plugin

Windows Presentation Foundation

Windows XP Service Pack 3

WinRAR archiver

Xbox 360 Controller for Windows

XML Paper Specification Shared Components Pack 1.0

XP Royale Theme

.

==== Event Viewer Messages From Past Week ========

.

26.10.2011 16:15:51, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PC Tools Security Service service to connect.

26.10.2011 16:15:51, error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

26.10.2011 14:06:01, error: Service Control Manager [7000] - The AVG TDI Driver service failed to start due to the following error: The parameter is incorrect.

24.10.2011 7:51:29, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The system cannot find the file specified.

24.10.2011 7:50:16, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0019DBD16D0B has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

24.10.2011 20:48:41, error: System Error [1003] - Error code 1000008e, parameter1 c0000047, parameter2 804fcf44, parameter3 f78b6774, parameter4 00000000.

24.10.2011 20:45:28, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: gagp30kx ViaIde

24.10.2011 20:45:08, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

24.10.2011 18:03:07, error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The system cannot find the file specified.

.

==== End Of File ===========================

[screen317]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

[amann95]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Here is mbams log :

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8059

Windows 5.1.2600 Service Pack 3

Here are mbam logs :

Internet Explorer 6.0.2900.5512

1.11.2011 9:45:21

mbam-log-2011-11-01 (09-45-20).txt

Scan type: Quick scan

Objects scanned: 194153

Time elapsed: 10 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Here is combofix :

ComboFix 11-10-30.03 - Shrooms 01.11.2011 9:57:56.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2041 [GMT 1:00]

Running from: C:\Documents and Settings\Shrooms\Desktop\ComboFix.exe

AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}

* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\ImageDB.ddf

C:\Documents and Settings\All Users\Application Data\ae8077

C:\Documents and Settings\All Users\Application Data\ae8077\6775.mof

C:\Documents and Settings\All Users\Application Data\ae8077\BackUp\Adobe Gamma.lnk

C:\Documents and Settings\All Users\Application Data\ae8077\BackUp\Adobe Reader Speed Launch.lnk

C:\Documents and Settings\All Users\Application Data\ae8077\BackUp\hott notes 4.lnk

C:\Documents and Settings\All Users\Application Data\ae8077\BackUp\LOLRecorder.lnk

C:\Documents and Settings\All Users\Application Data\ae8077\BackUp\Registration Prince of Persia T2T.LNK

C:\Documents and Settings\All Users\Application Data\ae8077\PSG.ico

C:\Documents and Settings\Shrooms\Application Data\Toolbar4

C:\Documents and Settings\Shrooms\Local Settings\Application Data\.#

C:\Documents and Settings\Shrooms\Recent\ANTIGEN.dll

C:\Documents and Settings\Shrooms\Recent\cb.drv

C:\Documents and Settings\Shrooms\Recent\cb.exe

C:\Documents and Settings\Shrooms\Recent\cb.sys

C:\Documents and Settings\Shrooms\Recent\eb.sys

C:\Documents and Settings\Shrooms\Recent\exec.drv

C:\Documents and Settings\Shrooms\Recent\fan.exe

C:\Documents and Settings\Shrooms\Recent\fan.sys

C:\Documents and Settings\Shrooms\Recent\FW.tmp

C:\Documents and Settings\Shrooms\Recent\Linking Park - In th.m3u

C:\Documents and Settings\Shrooms\Recent\pal.dll

C:\Documents and Settings\Shrooms\Recent\pal.tmp

C:\Documents and Settings\Shrooms\Recent\PE.drv

C:\Documents and Settings\Shrooms\Recent\PE.sys

C:\Documents and Settings\Shrooms\Recent\ppal.tmp

C:\Documents and Settings\Shrooms\Recent\runddl.dll

C:\Documents and Settings\Shrooms\Recent\sld.exe

C:\Documents and Settings\Shrooms\Recent\Thumbs.db

C:\Documents and Settings\Shrooms\Recent\tjd.dll

C:\Documents and Settings\Shrooms\Recent\tjd.drv

C:\Documents and Settings\Shrooms\WINDOWS

C:\WINDOWS\help\tours\htmltour\unlock_playing.htm

C:\WINDOWS\pkunzip.pif

C:\WINDOWS\pkzip.pif

C:\WINDOWS\system\oeminfo.ini

C:\WINDOWS\system32\d3d9caps.dat

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_MYWEBSEARCHSERVICE

-------\Legacy_SSHNAS

((((((((((((((((((((((((( Files Created from 2011-10-01 to 2011-11-01 )))))))))))))))))))))))))))))))

2011-10-27 20:03:17 . 2011-10-27 20:03:17 -------- d-----w- C:\$AVG

2011-10-26 12:06:46 . 2011-10-26 12:06:46 -------- d-----w- C:\Documents and Settings\Shrooms\Application Data\AVG2012

2011-10-26 12:05:02 . 2011-11-01 07:13:26 -------- d-----w- C:\WINDOWS\system32\drivers\AVG

2011-10-26 12:05:02 . 2011-10-26 14:20:00 -------- d-----w- C:\Documents and Settings\All Users\Application Data\AVG2012

2011-10-26 12:04:00 . 2011-10-26 12:04:00 -------- d-----w- C:\Program Files\AVG

2011-10-26 11:52:14 . 2011-10-26 11:52:14 -------- d--h--w- C:\Documents and Settings\All Users\Application Data\Common Files

2011-10-26 11:51:41 . 2011-11-01 07:49:04 -------- d-----w- C:\Documents and Settings\All Users\Application Data\MFAData

2011-10-25 20:38:58 . 2011-10-27 09:07:58 -------- d-----w- C:\Program Files\Common Files\PC Tools

2011-10-25 20:38:57 . 2011-10-27 09:07:58 -------- d-----w- C:\Program Files\PC Tools Security

2011-10-25 20:33:58 . 2011-10-26 14:44:52 -------- d-----w- C:\Documents and Settings\All Users\Application Data\PC Tools

2011-10-24 18:56:06 . 2011-10-24 18:56:06 -------- d-----w- C:\Program Files\Common Files\Skype

2011-10-24 18:56:03 . 2011-10-24 18:56:06 -------- d-----r- C:\Program Files\Skype

2011-10-22 12:24:03 . 2011-10-22 13:13:25 -------- d-----w- C:\Program Files\Rainmeter

2011-10-19 21:37:11 . 2011-10-19 21:37:11 -------- d-----w- C:\Documents and Settings\Shrooms\Application Data\Avira

2011-10-19 21:36:36 . 2011-10-11 13:00:32 36000 ----a-w- C:\WINDOWS\system32\drivers\avkmgr.sys

2011-10-19 21:36:35 . 2011-10-11 13:00:32 74640 ----a-w- C:\WINDOWS\system32\drivers\avgntflt.sys

2011-10-19 21:36:35 . 2011-10-11 13:00:32 134344 ----a-w- C:\WINDOWS\system32\drivers\avipbb.sys

2011-10-19 21:36:21 . 2011-10-19 21:36:21 -------- d-----w- C:\Program Files\Avira

2011-10-19 21:36:21 . 2011-10-19 21:36:21 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Avira

2011-10-11 12:08:06 . 2011-10-11 12:08:06 -------- d-----w- C:\WINDOWS\system32\1008

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-10-03 03:06:03 . 2010-06-12 20:50:53 472808 ----a-w- C:\WINDOWS\system32\deployJava1.dll

2011-10-03 00:37:52 . 2011-05-13 16:02:47 73728 ----a-w- C:\WINDOWS\system32\javacpl.cpl

2011-09-28 11:35:25 . 2011-05-13 15:59:08 404640 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

2011-09-26 09:41:20 . 2008-07-29 17:59:58 611328 ----a-w- C:\WINDOWS\system32\uiautomationcore.dll

2011-09-26 09:41:20 . 2002-11-22 16:19:26 220160 ----a-w- C:\WINDOWS\system32\oleacc.dll

2011-09-26 09:41:14 . 2002-11-22 16:19:26 20480 ----a-w- C:\WINDOWS\system32\oleaccrc.dll

2011-09-13 04:30:10 . 2011-09-13 04:30:10 32592 ----a-w- C:\WINDOWS\system32\drivers\avgrkx86.sys

2011-09-09 09:12:13 . 2004-08-04 00:56:42 599040 ----a-w- C:\WINDOWS\system32\crypt32.dll

2011-09-06 13:20:51 . 2004-08-03 23:17:42 1858944 ----a-w- C:\WINDOWS\system32\win32k.sys

2011-09-05 13:56:22 . 2004-08-04 00:56:48 667136 ----a-w- C:\WINDOWS\system32\wininet.dll

2011-09-05 13:56:22 . 2004-08-03 22:59:30 61952 ----a-w- C:\WINDOWS\system32\tdc.ocx

2011-09-05 13:56:21 . 2004-08-04 00:56:44 81920 ----a-w- C:\WINDOWS\system32\ieencode.dll

2011-09-05 12:35:09 . 2004-08-03 22:59:58 369664 ----a-w- C:\WINDOWS\system32\html.iec

2011-08-31 15:00:50 . 2011-05-13 12:32:36 22216 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

2011-08-26 21:49:51 . 2007-10-20 13:20:17 443448 ----a-w- C:\WINDOWS\system32\drivers\sptd.sys

2011-08-17 13:49:54 . 2004-08-03 23:14:16 138496 ----a-w- C:\WINDOWS\system32\drivers\afd.sys

2011-08-09 20:32:40 . 2011-03-15 17:35:44 6060 --sha-w- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys

2011-08-08 04:08:58 . 2011-08-08 04:08:58 40016 ----a-w- C:\WINDOWS\system32\drivers\avgmfx86.sys

2011-10-05 08:19:38 . 2011-05-10 13:00:26 134104 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll

heres new dds :

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_29

Run by Shrooms at 10:22:37 on 2011-11-01

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2073 [GMT 1:00]

.

AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

FW: AVG Firewall *Enabled*

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe -k Akamai

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\AVG\AVG2012\avgfws.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Razer\Copperhead\razerhid.exe

C:\WINDOWS\RTHDCPL.EXE

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Razer\DeathAdder\razerhid.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

C:\Program Files\Pando Networks\Media Booster\PMB.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\LOLReplay\LOLRecorder.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\hott notes 4\hottnotes.exe

C:\Program Files\Razer\Copperhead\razerofa.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Razer\DeathAdder\razertra.exe

C:\Program Files\Razer\DeathAdder\razerofa.exe

C:\Program Files\Razer\DeathAdder\vdDaemon.exe

C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Program Files\Common Files\Corel\Standby\Standby.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.bigseekpro.com/mediaget/{5FF7ECB8-6D08-4C83-996A-01C297A8E99E}

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

mDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.bigseekpro.com/mediaget/{5FF7ECB8-6D08-4C83-996A-01C297A8E99E}

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = http=127.0.0.1:25507;

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll

uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {15531a3f-2691-26a5-5d8a-029c7846098d} - c:\windows\system32\ntmsaapi.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe"

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"

uRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup

uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"

mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM

mRun: [razer] c:\program files\razer\copperhead\razerhid.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [sweetIM] c:\program files\sweetim\messenger\SweetIM.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [standby] "c:\program files\common files\corel\standby\Standby.exe" -START

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe

mRun: [QuickTime Task] "c:\program files\k-lite codec pack\quicktime\QTTask.exe" -atboottime

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\shrooms\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\shrooms\startm~1\programs\startup\hottno~1.lnk - c:\program files\hott notes 4\hottnotes.exe

StartupFolder: c:\docume~1\shrooms\startm~1\programs\startup\regist~2.lnk - d:\pop3\pop\support\register\RegistrationReminder.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\lolrec~1.lnk - c:\program files\lolreplay\LOLRecorder.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{43BC0FBC-1456-4AF8-AEED-2467AAF98CC5} : DhcpNameServer = 192.168.1.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\shrooms\application data\mozilla\firefox\profiles\mwkxrc77.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT315908&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZRfox000&ptb=jFSzIIdODiWFC3uHHD9mXQ&ind=2010072314&ptnrS=ZRfox000&si=&n=77cf44fa&psa=&st=kwd&searchfor=

FF - component: c:\documents and settings\shrooms\application data\mozilla\firefox\profiles\mwkxrc77.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\shrooms\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin.dll

FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin2.dll

FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin3.dll

FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin4.dll

FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin5.dll

FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin6.dll

FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin7.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.50917.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]

R0 vax347b;vax347b;c:\windows\system32\drivers\vax347b.sys [2008-7-1 159616]

R0 vax347s;vax347s;c:\windows\system32\drivers\vax347s.sys [2008-7-1 5248]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-19 36000]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-19 86224]

R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-10-19 110032]

R2 avgfws;AVG zaštitni zid;c:\program files\avg\avg2012\avgfws.exe [2011-8-19 2399560]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-12 5265248]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-19 74640]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-13 366152]

R2 StarWindService;StarWind iSCSI Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindService.exe [2005-4-2 217600]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]

R3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [2011-6-29 11136]

R3 hidkmdf;Filter Driver Service for HID-KMDF Interface layer;c:\windows\system32\drivers\hidkmdf.sys [2011-6-29 6656]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-13 22216]

R3 VKbms;Virtual HID Minidriver;c:\windows\system32\drivers\VKbms.sys [2011-6-29 10240]

S0 ps6ah4nb;DiRT Synchronization Driver (ps6ah4nb);c:\windows\system32\drivers\ps6ah4nb.sys --> c:\windows\system32\drivers\ps6ah4nb.sys [?]

S0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys --> c:\windows\system32\drivers\ps6ah4nc.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 pr2ah4nb;DiRT Drivers Auto Removal (pr2ah4nb);c:\windows\system32\pr2ah4nb.exe svc --> c:\windows\system32\pr2ah4nb.exe svc [?]

S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc --> c:\windows\system32\pr2ah4nc.exe svc [?]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]

S3 hid7906;hid7906;c:\windows\system32\drivers\hid7906.sys [2008-1-4 53793]

S3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [2009-6-26 19020]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 XDva370;XDva370;\??\c:\windows\system32\xdva370.sys --> c:\windows\system32\XDva370.sys [?]

.

=============== Created Last 30 ================

.

2011-11-01 08:56:37 -------- d-sha-r- C:\cmdcons

2011-11-01 08:54:05 256000 ----a-w- c:\windows\PEV.exe

2011-11-01 08:54:05 208896 ----a-w- c:\windows\MBR.exe

2011-11-01 08:54:04 98816 ----a-w- c:\windows\sed.exe

2011-11-01 08:54:04 518144 ----a-w- c:\windows\SWREG.exe

2011-11-01 08:53:27 -------- d-----w- C:\ComboFix

2011-10-27 20:03:17 -------- d-----w- C:\$AVG

2011-10-26 12:06:46 -------- d-----w- c:\documents and settings\shrooms\application data\AVG2012

2011-10-26 12:05:02 -------- d-----w- c:\windows\system32\drivers\AVG

2011-10-26 12:05:02 -------- d-----w- c:\documents and settings\all users\application data\AVG2012

2011-10-26 12:04:00 -------- d-----w- c:\program files\AVG

2011-10-26 11:52:14 -------- d--h--w- c:\documents and settings\all users\application data\Common Files

2011-10-26 11:51:41 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2011-10-25 20:38:58 -------- d-----w- c:\program files\common files\PC Tools

2011-10-25 20:38:57 -------- d-----w- c:\program files\PC Tools Security

2011-10-25 20:33:58 -------- d-----w- c:\documents and settings\all users\application data\PC Tools

2011-10-24 18:56:03 -------- d-----r- c:\program files\Skype

2011-10-22 12:24:03 -------- d-----w- c:\program files\Rainmeter

2011-10-19 21:37:11 -------- d-----w- c:\documents and settings\shrooms\application data\Avira

2011-10-19 21:36:36 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2011-10-19 21:36:35 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-10-19 21:36:21 -------- d-----w- c:\program files\Avira

2011-10-19 21:36:21 -------- d-----w- c:\documents and settings\all users\application data\Avira

2011-10-11 12:08:06 -------- d-----w- c:\windows\system32\1008

.

==================== Find3M ====================

.

2011-10-03 03:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-03 00:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-09-28 11:35:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-26 09:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 09:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 09:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-13 04:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-09-05 13:56:22 667136 ----a-w- c:\windows\system32\wininet.dll

2011-09-05 13:56:22 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-09-05 13:56:21 81920 ----a-w- c:\windows\system32\ieencode.dll

2011-09-05 12:35:09 369664 ----a-w- c:\windows\system32\html.iec

2011-08-31 15:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-26 21:49:51 443448 ----a-w- c:\windows\system32\drivers\sptd.sys

2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-08-09 20:32:40 6060 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys

.

============= FINISH: 10:22:55,92 ===============

And im not sure if im suppose to give u new attach too, but since comment is this big... Attach :

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 12.3.2011 16:08:43

System Uptime: 1.11.2011 10:07:20 (0 hours ago)

.

Motherboard: MSI | | MS-7369

Processor: AMD Athlon 64 X2 Dual Core Processor 4400+ | CPU 1 | 2310/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 40 GiB total, 2,58 GiB free.

D: is FIXED (NTFS) - 193 GiB total, 58,19 GiB free.

E: is CDROM ()

F: is CDROM ()

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Hamachi Network Interface

Device ID: ROOT\NET\0000

Manufacturer: LogMeIn, Inc.

Name: Hamachi Network Interface

PNP Device ID: ROOT\NET\0000

Service: hamachi

.

==== System Restore Points ===================

.

RP197: 17.10.2011 12:00:33 - Removed Assassin's Creed II

RP198: 17.10.2011 12:18:42 - Installé Pro Evolution Soccer 2012.

RP199: 21.10.2011 11:42:35 - System Checkpoint

RP200: 21.10.2011 13:00:19 - Pro Evolution Soccer 2012 supprimé.

RP201: 21.10.2011 13:17:34 - Software Distribution Service 3.0

RP202: 21.10.2011 21:19:25 - Removed Assassin's Creed Brotherhood

RP203: 21.10.2011 21:20:49 - Removed Titan Quest

RP204: 21.10.2011 21:21:26 - Removed Titan Quest Immortal Throne

RP205: 21.10.2011 21:35:01 - Installed Pro Evolution Soccer 2012.

RP206: 22.10.2011 0:54:40 - Software Distribution Service 3.0

RP207: 22.10.2011 13:03:36 - Installed Java 6 Update 29

RP208: 23.10.2011 13:28:01 - System Checkpoint

RP209: 24.10.2011 20:54:32 - Removed Skype Click to Call

RP210: 24.10.2011 20:54:52 - Removed Skype™ 5.5

RP211: 26.10.2011 14:03:59 - Instalirano AVG 2012

RP212: 26.10.2011 14:04:38 - Instalirano AVG 2012

RP213: 27.10.2011 19:42:10 - System Checkpoint

RP214: 28.10.2011 22:07:03 - System Checkpoint

RP215: 29.10.2011 23:30:32 - System Checkpoint

RP216: 1.11.2011 9:54:15 - ComboFix created restore point

.

==== Installed Programs ======================

.

µTorrent

ACDSee

Adobe AIR

Adobe Bridge 1.0

Adobe Common File Installer

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Help Center 2.1

Adobe Photoshop CS2

Adobe Reader X (10.1.1)

Adobe Shockwave Player 11.5

Adobe Stock Photos 1.0

AIMP2

Akamai NetSession Interface

AMD APP SDK Runtime

Apple Application Support

Apple Software Update

Ask Toolbar

ASUS nVIDIA Driver

ATI AVIVO Codecs

ATI Catalyst Control Center

ATI Catalyst Install Manager

ATI Parental Control & Encoder

AVG 2012

Avira Free Antivirus

Bastion

Beowulf TM

BitLocker To Go Reader

Bonjour

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center HydraVision Full

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-preinstall

ccc-core-static

ccc-utility

CCC Help English

CCleaner

CDCheck (remove only)

Chessmaster Challenge

Chicken Invaders: Revenge of the Yolk (Christmas Edition) v3.20

Compatibility Pack for the 2007 Office system

Contents

Corel PaintShop Photo Pro X3

CorelDRAW Graphics Suite 12

DAEMON Tools Lite

DAEMON Tools Toolbar

DarksidersInstaller

Deus Ex - Human Revolution version 1.0

DeviceIO

DEVIL MAY CRY 4

Fraps (remove only)

Free Pascal 2.4.4

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Gutterball 2

Hamachi 1.0.1.5

HighMAT Extension to Microsoft Windows XP CD Writing Wizard

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB961118)

hott notes 4

ICA

IPM_PSP_Pro

J2SE Runtime Environment 5.0 Update 8

Java Auto Updater

Java 6 Update 29

Jelen SuperLiga by EDIT TEAM version 2011

K-Lite Mega Codec Pack 1.52

League of Legends

Little Fighter 2.5 - v2.0

LOLReplay

Luxor 2

Luxor 3

Macro Vibration Joystick

Mad Caps

Magic ISO Maker v5.5 (build 0276)

Malwarebytes' Anti-Malware version 1.51.2.1300

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft Office Live Add-in 1.3

Microsoft Office Outlook Connector

Microsoft Office Professional Edition 2003

Microsoft Office Word Viewer 2003

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Windows Journal Viewer

Microsoft XNA Framework Redistributable 3.1

MLE

Motherboard Monitor 5

Mozilla Firefox 7.0.1 (x86 en-US)

MP3 Player Utilities 1.40

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 6 Service Pack 2 (KB973686)

MSXML4 Parser

Nero 6 Ultra Edition

Nero 7 Premium

Norton Security Scan

NVIDIA Drivers

NVIDIA PhysX

OLYMPUS Master 2

OLYMPUS muvee theaterPack

OpenAL

Pando Media Booster

PCI SoftV92 Modem

Plants vs. Zombies

PowerDVD

Prince of Persia T2T

Pro Evolution Soccer 2011 1.0

Pro Evolution Soccer 2012

PSPH10Pro

PSPPContent

PSPPRO_DCRAW

PunkBuster Services

PureHD

QuickTime

Razer Copperhead

Razer DeathAdder Mouse

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

REALTEK GbE & FE Ethernet PCI-E NIC Driver

Realtek High Definition Audio Driver

RealUpgrade 1.1

RegCure

Rockstar Games Social Club

Rubber Ninjas 1.05

S4 League_EU

Saitek Dual Analog Rumble Pad

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Windows Media Encoder (KB2447961)

Security Update for Windows Media Encoder (KB954156)

Security Update for Windows Media Encoder (KB979332)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2530548)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544521)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2559049)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2586448)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982381)

Security Update for Windows XP (KB982665)

Setup

Share

Skype™ 5.3

Snail Mail

Sonic & SEGA All-Stars Racing

SpeedFan (remove only)

Steam

SweetIM for Messenger 3.3

SweetIM Toolbar for Internet Explorer 3.9

TeamSpeak 2 RC2

Total Commander (Remove or Repair)

Ubisoft Game Launcher

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VIO

VLC media player 1.1.4

WARRIORS OROCHI

WebFldrs XP

Windows Media Encoder 9 Series

Windows Media Format 11 runtime

Windows Media Player 10

Windows Media Player Firefox Plugin

Windows Presentation Foundation

Windows XP Service Pack 3

WinRAR archiver

Xbox 360 Controller for Windows

XML Paper Specification Shared Components Pack 1.0

XP Royale Theme

.

==== Event Viewer Messages From Past Week ========

.

27.10.2011 11:10:24, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The system cannot find the file specified.

27.10.2011 11:08:05, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0019DBD16D0B has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

26.10.2011 16:15:51, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PC Tools Security Service service to connect.

26.10.2011 16:15:51, error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

26.10.2011 14:06:35, error: Service Control Manager [7000] - The AVG TDI Driver service failed to start due to the following error: The parameter is incorrect.

1.11.2011 8:10:41, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVGIDSAgent service to connect.

1.11.2011 8:10:41, error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

[screen317]

Hi,

I notice that you are using more than one antivirus program (AVG and Avira). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

I see the Ask Toolbar in your log.

I strongly recommend you remove Ask Toolbar from your computer because:

• It promotes its toolbars on sites targeted at kids.
  
• It promotes its toolbars through ads that appear to be part of other companies' sites.
  
• It promotes its toolbars through other companies' spyware.
  
• It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
  
• It Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  
• It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.
  

You can read more about Ask.com here

To remove it:

Click Start-->Control Panel-->Programs and Features

Click on the program name AskBarDis and/or Ask Toolbar to highlight it

From the menu at the top, select Uninstall or Remove.

Please reboot the computer.

Grab a fresh copy of ComboFix, run it, and post its log.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

1. Tick the box next to YES, I accept the Terms of Use.
   
2. Click Start
   
3. When asked, allow the ActiveX control to install
   
4. Click Start
   
5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
   
6. Click Scan
   Wait for the scan to finish
   
7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
   
8. Copy and paste that log as a reply to this topic
   

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Let me know how things are running now and what issues remain.

-screen317

[amann95]

Ok...i done this combofix just after uninstalling ask and avira and here is the log :

ComboFix 11-11-04.04 - Shrooms 09.11.2011 17:16:00.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2107 [GMT 1:00]

Running from: D:\My Documents\Downloads\ComboFix.exe

AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\ImageDB.ddf

C:\Documents and Settings\All Users\Application Data\TEMP

((((((((((((((((((((((((( Files Created from 2011-10-09 to 2011-11-09 )))))))))))))))))))))))))))))))

2011-11-09 11:53:28 . 2011-11-09 11:53:28 -------- d-----w- C:\WINDOWS\LastGood

2011-11-03 09:03:55 . 2011-11-08 21:34:53 -------- d-----w- C:\Documents and Settings\Shrooms\Local Settings\Application Data\Akamai

2011-10-27 20:03:17 . 2011-10-27 20:03:17 -------- d-----w- C:\$AVG

2011-10-26 12:06:46 . 2011-10-26 12:06:46 -------- d-----w- C:\Documents and Settings\Shrooms\Application Data\AVG2012

2011-10-26 12:05:02 . 2011-11-09 11:53:10 -------- d-----w- C:\WINDOWS\system32\drivers\AVG

2011-10-26 12:05:02 . 2011-10-26 14:20:00 -------- d-----w- C:\Documents and Settings\All Users\Application Data\AVG2012

2011-10-26 12:04:00 . 2011-10-26 12:04:00 -------- d-----w- C:\Program Files\AVG

2011-10-26 11:52:14 . 2011-10-26 11:52:14 -------- d--h--w- C:\Documents and Settings\All Users\Application Data\Common Files

2011-10-26 11:51:41 . 2011-11-09 11:53:16 -------- d-----w- C:\Documents and Settings\All Users\Application Data\MFAData

2011-10-25 20:38:58 . 2011-10-27 09:07:58 -------- d-----w- C:\Program Files\Common Files\PC Tools

2011-10-25 20:38:57 . 2011-10-27 09:07:58 -------- d-----w- C:\Program Files\PC Tools Security

2011-10-25 20:33:58 . 2011-10-26 14:44:52 -------- d-----w- C:\Documents and Settings\All Users\Application Data\PC Tools

2011-10-24 18:56:03 . 2011-11-02 10:23:28 -------- d-----r- C:\Program Files\Skype

2011-10-22 12:24:03 . 2011-10-22 13:13:25 -------- d-----w- C:\Program Files\Rainmeter

2011-10-11 12:08:06 . 2011-10-11 12:08:06 -------- d-----w- C:\WINDOWS\system32\1008

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-10-07 05:23:48 . 2011-07-10 23:13:46 230608 ----a-w- C:\WINDOWS\system32\drivers\avgldx86.sys

2011-10-04 05:21:42 . 2011-07-10 23:14:30 16720 ----a-w- C:\WINDOWS\system32\drivers\AVGIDSShim.sys

2011-10-03 03:06:03 . 2010-06-12 20:50:53 472808 ----a-w- C:\WINDOWS\system32\deployJava1.dll

2011-10-03 00:37:52 . 2011-05-13 16:02:47 73728 ----a-w- C:\WINDOWS\system32\javacpl.cpl

2011-09-28 11:35:25 . 2011-05-13 15:59:08 404640 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

2011-09-26 09:41:20 . 2008-07-29 17:59:58 611328 ----a-w- C:\WINDOWS\system32\uiautomationcore.dll

2011-09-26 09:41:20 . 2002-11-22 16:19:26 220160 ----a-w- C:\WINDOWS\system32\oleacc.dll

2011-09-26 09:41:14 . 2002-11-22 16:19:26 20480 ----a-w- C:\WINDOWS\system32\oleaccrc.dll

2011-09-13 04:30:10 . 2011-09-13 04:30:10 32592 ----a-w- C:\WINDOWS\system32\drivers\avgrkx86.sys

2011-09-09 09:12:13 . 2004-08-04 00:56:42 599040 ----a-w- C:\WINDOWS\system32\crypt32.dll

2011-09-06 13:20:51 . 2004-08-03 23:17:42 1858944 ----a-w- C:\WINDOWS\system32\win32k.sys

2011-09-05 13:56:22 . 2004-08-04 00:56:48 667136 ----a-w- C:\WINDOWS\system32\wininet.dll

2011-09-05 13:56:22 . 2004-08-03 22:59:30 61952 ----a-w- C:\WINDOWS\system32\tdc.ocx

2011-09-05 13:56:21 . 2004-08-04 00:56:44 81920 ----a-w- C:\WINDOWS\system32\ieencode.dll

2011-09-05 12:35:09 . 2004-08-03 22:59:58 369664 ----a-w- C:\WINDOWS\system32\html.iec

2011-08-31 15:00:50 . 2011-05-13 12:32:36 22216 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

2011-08-26 21:49:51 . 2007-10-20 13:20:17 443448 ----a-w- C:\WINDOWS\system32\drivers\sptd.sys

2011-08-17 13:49:54 . 2004-08-03 23:14:16 138496 ----a-w- C:\WINDOWS\system32\drivers\afd.sys

2011-10-05 08:19:38 . 2011-05-10 13:00:26 134104 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2010-06-13 15:25:14 138552]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15531A3F-2691-26A5-5D8A-029C7846098D}]

2008-04-14 03:42:04 98304 ----a-w- C:\WINDOWS\system32\ntmsaapi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]

2010-06-13 15:25:12 1438520 ----a-r- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-06-13 15:25:12 1438520]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-06-13 15:25:12 1438520]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 13:52:08 95536]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-04 20:51:48 39408]

"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2011-03-30 13:08:23 399736]

"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2009-12-30 17:47:38 523408]

"Pando Media Booster"="C:\Program Files\Pando Networks\Media Booster\PMB.exe" [2011-07-05 22:29:13 3077528]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 07:33:30 4910912]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2011-10-13 08:27:14 17351304]

"Akamai NetSession Interface"="C:\Documents and Settings\Shrooms\Local Settings\Application Data\Akamai\netsession_win.exe" [2011-11-08 04:10:12 3295320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50:42 155648]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 20:57:00 30208]

"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 09:09:00 49152]

"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 13:52:08 54576]

"razer"="C:\Program Files\Razer\Copperhead\razerhid.exe" [2005-10-08 14:27:48 155648]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-13 19:24:54 98304]

"SweetIM"="C:\Program Files\SweetIM\Messenger\SweetIM.exe" [2010-08-30 09:44:20 111928]

"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 13:38:02 16384512]

"Standby"="C:\Program Files\Common Files\Corel\Standby\Standby.exe" [2010-01-07 12:09:38 105632]

"TkBellExe"="C:\program files\real\realplayer\update\realsched.exe" [2011-06-02 20:32:19 273544]

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 10:55:28 937920]

"DeathAdder"="C:\Program Files\Razer\DeathAdder\razerhid.exe" [2011-03-21 09:06:08 248320]

"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2011-07-05 16:36:48 421888]

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 11:06:06 254696]

"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 15:00:48 449608]

"AVG_TRAY"="C:\Program Files\AVG\AVG2012\avgtray.exe" [2011-10-24 19:29:16 2415456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 03:42:18 15360]

C:\Documents and Settings\Shrooms\Start Menu\Programs\Startup\

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

hott notes 4.lnk - C:\Program Files\hott notes 4\hottnotes.exe [2007-5-16 1249280]

Registration Prince of Persia T2T (2).LNK - D:\pop3\POP\Support\Register\RegistrationReminder.exe [N/A]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

LOLRecorder.lnk - C:\Program Files\LOLReplay\LOLRecorder.exe [2011-10-7 406016]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Shrooms^Start Menu^Programs^Startup^Registration .LNK]

backup=C:\WINDOWS\pss\Registration .LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Shrooms^Start Menu^Programs^Startup^Registration RAYMAN]

backup=C:\WINDOWS\pss\Registration RAYMANStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-03 16:43:28 69632 ----a-r- C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2007-08-20 13:38:02 16384512 ----a-r- C:\WINDOWS\RTHDCPL.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"D:\\Igrice\\Little Fighter 4 Turbo\\LF4t.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"D:\\WOW\\Launcher.exe"=

"D:\\WOW\\BackgroundDownloader.exe"=

"D:\\pes11\\Pro Evolution Soccer 2011\\pes2011.exe"=

"C:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"C:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Program Files\\LOLReplay\\LOLReplay.exe"=

"C:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"D:\\pes11\\Pro Evolution Soccer 2011\\Pro Evolution Soccer 2011\\JSL-2011.exe"=

"C:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

"C:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"C:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"C:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

"C:\\Documents and Settings\\Shrooms\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8380:TCP"= 8380:TCP:League of Legends Launcher

"8380:UDP"= 8380:UDP:League of Legends Launcher

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"8394:TCP"= 8394:TCP:League of Legends Launcher

"8394:UDP"= 8394:UDP:League of Legends Launcher

"6931:TCP"= 6931:TCP:League of Legends Launcher

"6931:UDP"= 6931:UDP:League of Legends Launcher

"8395:TCP"= 8395:TCP:League of Legends Launcher

"8395:UDP"= 8395:UDP:League of Legends Launcher

"8396:TCP"= 8396:TCP:League of Legends Launcher

"8396:UDP"= 8396:UDP:League of Legends Launcher

"6889:TCP"= 6889:TCP:League of Legends Launcher

"6889:UDP"= 6889:UDP:League of Legends Launcher

"6894:TCP"= 6894:TCP:League of Legends Launcher

"6894:UDP"= 6894:UDP:League of Legends Launcher

"6914:TCP"= 6914:TCP:League of Legends Launcher

"6914:UDP"= 6914:UDP:League of Legends Launcher

"6913:TCP"= 6913:TCP:League of Legends Launcher

"6913:UDP"= 6913:UDP:League of Legends Launcher

"6933:TCP"= 6933:TCP:League of Legends Launcher

"6933:UDP"= 6933:UDP:League of Legends Launcher

"6984:TCP"= 6984:TCP:League of Legends Launcher

"6984:UDP"= 6984:UDP:League of Legends Launcher

"6912:TCP"= 6912:TCP:League of Legends Launcher

"6912:UDP"= 6912:UDP:League of Legends Launcher

"6896:TCP"= 6896:TCP:League of Legends Launcher

"6896:UDP"= 6896:UDP:League of Legends Launcher

"6892:TCP"= 6892:TCP:League of Legends Launcher

"6892:UDP"= 6892:UDP:League of Legends Launcher

"6988:TCP"= 6988:TCP:League of Legends Launcher

"6988:UDP"= 6988:UDP:League of Legends Launcher

"6881:TCP"= 6881:TCP:League of Legends Launcher

"6881:UDP"= 6881:UDP:League of Legends Launcher

"8397:TCP"= 8397:TCP:League of Legends Launcher

"8397:UDP"= 8397:UDP:League of Legends Launcher

"6958:TCP"= 6958:TCP:League of Legends Launcher

"6958:UDP"= 6958:UDP:League of Legends Launcher

"6920:TCP"= 6920:TCP:League of Legends Launcher

"6920:UDP"= 6920:UDP:League of Legends Launcher

"6941:TCP"= 6941:TCP:League of Legends Launcher

"6941:UDP"= 6941:UDP:League of Legends Launcher

"6968:TCP"= 6968:TCP:League of Legends Launcher

"6968:UDP"= 6968:UDP:League of Legends Launcher

"8398:TCP"= 8398:TCP:League of Legends Launcher

"8398:UDP"= 8398:UDP:League of Legends Launcher

"8393:TCP"= 8393:TCP:League of Legends Lobby

"8393:UDP"= 8393:UDP:League of Legends Lobby

"8390:TCP"= 8390:TCP:League of Legends Game Client

"8390:UDP"= 8390:UDP:League of Legends Game Client

"56296:TCP"= 56296:TCP:Pando Media Booster

"56296:UDP"= 56296:UDP:Pando Media Booster

R0 AVGIDSEH;AVGIDSEH;C:\WINDOWS\system32\drivers\AVGIDSEH.sys [11.7.2011 0:14:28 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;C:\WINDOWS\system32\drivers\avgrkx86.sys [13.9.2011 5:30:10 32592]

R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]

R0 vax347b;vax347b;C:\WINDOWS\system32\drivers\vax347b.sys [1.7.2008 13:27:59 159616]

R0 vax347s;vax347s;C:\WINDOWS\system32\drivers\vax347s.sys [1.7.2008 13:27:59 5248]

R1 Avgldx86;AVG AVI Loader Driver;C:\WINDOWS\system32\drivers\avgldx86.sys [11.7.2011 0:13:46 230608]

R1 Avgtdix;AVG TDI Driver;C:\WINDOWS\system32\drivers\avgtdix.sys [11.7.2011 0:14:38 295248]

R2 Akamai;Akamai NetSession Interface;C:\WINDOWS\System32\svchost.exe -k Akamai [4.8.2004 1:56:58 14336]

R2 avgwd;AVG WatchDog;C:\Program Files\AVG\AVG2012\avgwdsvc.exe [2.8.2011 5:09:08 192776]

R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [13.5.2011 13:32:40 366152]

R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\drivers\avgfwdx.sys [23.5.2011 0:03:20 30944]

R3 AVGIDSDriver;AVGIDSDriver;C:\WINDOWS\system32\drivers\AVGIDSDriver.sys [11.7.2011 0:14:26 134608]

R3 AVGIDSFilter;AVGIDSFilter;C:\WINDOWS\system32\drivers\AVGIDSFilter.sys [11.7.2011 0:14:28 24272]

R3 AVGIDSShim;AVGIDSShim;C:\WINDOWS\system32\drivers\AVGIDSShim.sys [11.7.2011 0:14:30 16720]

R3 danewFltr;NewDeathAdder Mouse;C:\WINDOWS\system32\drivers\danew.sys [29.6.2011 20:17:52 11136]

R3 hidkmdf;Filter Driver Service for HID-KMDF Interface layer;C:\WINDOWS\system32\drivers\hidkmdf.sys [29.6.2011 20:17:43 6656]

R3 MBAMProtector;MBAMProtector;C:\WINDOWS\system32\drivers\mbam.sys [13.5.2011 13:32:36 22216]

R3 VKbms;Virtual HID Minidriver;C:\WINDOWS\system32\drivers\VKbms.sys [29.6.2011 20:17:43 10240]

S0 ps6ah4nb;DiRT Synchronization Driver (ps6ah4nb);C:\WINDOWS\system32\drivers\ps6ah4nb.sys --> C:\WINDOWS\system32\drivers\ps6ah4nb.sys [?]

S0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\WINDOWS\system32\drivers\ps6ah4nc.sys --> C:\WINDOWS\system32\drivers\ps6ah4nc.sys [?]

S2 avgfws;AVG zaštitni zid;C:\Program Files\AVG\AVG2012\avgfws.exe [24.10.2011 20:29:34 2398512]

S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [12.10.2011 6:25:22 4433248]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16:28 130384]

S2 pr2ah4nb;DiRT Drivers Auto Removal (pr2ah4nb);C:\WINDOWS\system32\pr2ah4nb.exe svc --> C:\WINDOWS\system32\pr2ah4nb.exe svc [?]

S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\WINDOWS\system32\pr2ah4nc.exe svc --> C:\WINDOWS\system32\pr2ah4nc.exe svc [?]

S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\drivers\avgfwdx.sys [23.5.2011 0:03:20 30944]

S3 hid7906;hid7906;C:\WINDOWS\system32\drivers\hid7906.sys [4.1.2008 17:39:40 53793]

S3 Razerlow;Razer Copperhead Driver;C:\WINDOWS\system32\drivers\Razerlow.sys [26.6.2009 17:18:28 19020]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16:28 753504]

S3 XDva370;XDva370;\??\C:\WINDOWS\system32\XDva370.sys --> C:\WINDOWS\system32\XDva370.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

Contents of the 'Scheduled Tasks' folder

2011-11-03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57:16 . 2011-06-01 15:57:16]

2011-11-01 C:\WINDOWS\Tasks\At1.job

- C:\WINDOWS\system32\gpuppdate.exe [2002-11-22 16:19:04 . 2002-11-22 16:19:04]

2011-11-09 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-04 20:51:51 . 2010-06-04 20:51:50]

2011-11-09 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-04 20:51:51 . 2010-06-04 20:51:50]

2011-11-08 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1390067357-839522115-1003Core.job

- C:\Documents and Settings\Shrooms\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-20 13:35:56 . 2010-06-04 20:51:50]

2011-11-09 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1390067357-839522115-1003UA.job

- C:\Documents and Settings\Shrooms\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-20 13:35:56 . 2010-06-04 20:51:50]

2011-11-09 C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-854245398-1390067357-839522115-1003.job

- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47:46 . 2011-03-29 08:47:46]

2011-11-09 C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-854245398-1390067357-839522115-1003.job

- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47:46 . 2011-03-29 08:47:46]

------- Supplementary Scan -------

uStart Page = hxxp://www.bigseekpro.com/mediaget/{5FF7ECB8-6D08-4C83-996A-01C297A8E99E}

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

mStart Page = hxxp://www.bigseekpro.com/mediaget/{5FF7ECB8-6D08-4C83-996A-01C297A8E99E}

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = http=127.0.0.1:25507;

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - C:\Documents and Settings\Shrooms\Application Data\Mozilla\Firefox\Profiles\mwkxrc77.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT315908&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZRfox000&ptb=jFSzIIdODiWFC3uHHD9mXQ&ind=2010072314&ptnrS=ZRfox000&si=&n=77cf44fa&psa=&st=kwd&searchfor=

- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-NSS - C:\Program Files\Norton Security Scan\Engine\3.1.1.6\InstWrap.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-09 17:21:17

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_a74ca62.dll"

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-854245398-1390067357-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"??"=hex:ee,db,4a,c8,cb,b9,10,b6,55,ca,85,e0,92,54,73,c4,70,5e,3c,bd,d9,f2,b8,

d9,0f,9c,1c,74,44,79,e4,4e,b6,bc,c1,a2,ef,9c,e7,b5,a7,f4,5d,e8,cb,8c,71,6b,\

"??"=hex:3e,b6,f3,f9,a1,ac,f4,92,43,c4,f6,ee,4c,91,13,4e

[HKEY_USERS\S-1-5-21-854245398-1390067357-839522115-1003\Software\SecuROM\License information*]

"datasecu"=hex:ab,f8,ed,3c,5f,bd,2d,8b,c4,d9,7d,9d,49,38,1a,42,04,b4,79,e0,99,

b2,00,03,a8,75,4a,cd,43,17,dd,b0,64,26,8a,08,75,aa,54,8d,e8,dc,c8,6f,a5,12,\

"rkeysecu"=hex:64,b3,78,c0,11,d6,cf,ba,66,4d,42,15,76,f1,19,89

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1072)

C:\WINDOWS\system32\Ati2evxx.dll

C:\WINDOWS\system32\atiadlxx.dll

Completion time: 2011-11-09 17:23:58

ComboFix-quarantined-files.txt 2011-11-09 16:23:12

Pre-Run: 5.996.097.536 bytes free

Post-Run: 5.989.167.104 bytes free

- - End Of File - - 02128C58A875BBF536B5DD8F9C1D9C48

Heres the scaners log :

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=d886e142bad6744b87ce5477ec95e927

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-11-09 07:26:53

# local_time=2011-11-09 08:26:53 (+0100, Central Europe Standard Time)

# country="Serbia and Montenegro"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1024 16777175 100 0 1229402 1229402 0 0

# compatibility_mode=8192 67108863 100 0 4078 4078 0 0

# scanned=163285

# found=12

# cleaned=12

# scan_time=6771

C:\Program Files\MP3 Player Utilities 1.40\DelDrv.exe Win32/KillFiles.NEM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{7684B190-BCA8-4BF4-BB3F-F552D1CEC818}\RP222\A0060189.exe Win32/KillFiles.NEM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\My Documents\Downloads\cnet_fpc-2_4_4_i386-win32_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\My Documents\Downloads\installer_free_pascal.exe Win32/Toggle application (deleted - quarantined) 00000000000000000000000000000000 C

D:\My Documents\Downloads\installer_reginout_2_0_0_1000_English.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

D:\My Documents\Downloads\SoftonicDownloader_for_daemon-tools.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\My Documents\Downloads\SoftonicDownloader_for_microsoft-office-word-viewer.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\My Documents\Downloads\SoftonicDownloader_for_pes-2012(1).exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\My Documents\Downloads\SoftonicDownloader_for_pes-2012.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\My Documents\Downloads\speedupmypc(2).exe Win32/SpeedUpMyPC application (deleted - quarantined) 00000000000000000000000000000000 C

D:\My Documents\Downloads\speedupmypc(3).exe Win32/SpeedUpMyPC application (deleted - quarantined) 00000000000000000000000000000000 C

D:\My Documents\Downloads\speedupmypc.exe Win32/SpeedUpMyPC application (deleted - quarantined) 00000000000000000000000000000000 C

Heres Security Check u asked for :

Results of screen317's Security Check version 0.99.25

Windows XP Service Pack 3 x86

Internet Explorer 6 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

AVG 2012

ESET Online Scanner v3

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 29

Adobe Flash Player ( 10.3.183.10) Flash Player Out of Date!

Adobe Reader X (10.1.1)

Mozilla Firefox (Player..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

``````````End of Log````````````

I dont know if i did something wrong but this combofix log is shorter than the last ones i thing maybe AVG interfeered...and yea these blokings from mbam keep up comeing, but from this scan i didnt seen any of them ill post if i get some again

[amann95]

Ok...i done this combofix just after uninstalling ask and avira and here is the log :

ComboFix 11-11-04.04 - Shrooms 09.11.2011 17:16:00.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2107 [GMT 1:00]

Running from: D:\My Documents\Downloads\ComboFix.exe

AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\ImageDB.ddf

C:\Documents and Settings\All Users\Application Data\TEMP

((((((((((((((((((((((((( Files Created from 2011-10-09 to 2011-11-09 )))))))))))))))))))))))))))))))

2011-11-09 11:53:28 . 2011-11-09 11:53:28 -------- d-----w- C:\WINDOWS\LastGood

2011-11-03 09:03:55 . 2011-11-08 21:34:53 -------- d-----w- C:\Documents and Settings\Shrooms\Local Settings\Application Data\Akamai

2011-10-27 20:03:17 . 2011-10-27 20:03:17 -------- d-----w- C:\$AVG

2011-10-26 12:06:46 . 2011-10-26 12:06:46 -------- d-----w- C:\Documents and Settings\Shrooms\Application Data\AVG2012

2011-10-26 12:05:02 . 2011-11-09 11:53:10 -------- d-----w- C:\WINDOWS\system32\drivers\AVG

2011-10-26 12:05:02 . 2011-10-26 14:20:00 -------- d-----w- C:\Documents and Settings\All Users\Application Data\AVG2012

2011-10-26 12:04:00 . 2011-10-26 12:04:00 -------- d-----w- C:\Program Files\AVG

2011-10-26 11:52:14 . 2011-10-26 11:52:14 -------- d--h--w- C:\Documents and Settings\All Users\Application Data\Common Files

2011-10-26 11:51:41 . 2011-11-09 11:53:16 -------- d-----w- C:\Documents and Settings\All Users\Application Data\MFAData

2011-10-25 20:38:58 . 2011-10-27 09:07:58 -------- d-----w- C:\Program Files\Common Files\PC Tools

2011-10-25 20:38:57 . 2011-10-27 09:07:58 -------- d-----w- C:\Program Files\PC Tools Security

2011-10-25 20:33:58 . 2011-10-26 14:44:52 -------- d-----w- C:\Documents and Settings\All Users\Application Data\PC Tools

2011-10-24 18:56:03 . 2011-11-02 10:23:28 -------- d-----r- C:\Program Files\Skype

2011-10-22 12:24:03 . 2011-10-22 13:13:25 -------- d-----w- C:\Program Files\Rainmeter

2011-10-11 12:08:06 . 2011-10-11 12:08:06 -------- d-----w- C:\WINDOWS\system32\1008

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-10-07 05:23:48 . 2011-07-10 23:13:46 230608 ----a-w- C:\WINDOWS\system32\drivers\avgldx86.sys

2011-10-04 05:21:42 . 2011-07-10 23:14:30 16720 ----a-w- C:\WINDOWS\system32\drivers\AVGIDSShim.sys

2011-10-03 03:06:03 . 2010-06-12 20:50:53 472808 ----a-w- C:\WINDOWS\system32\deployJava1.dll

2011-10-03 00:37:52 . 2011-05-13 16:02:47 73728 ----a-w- C:\WINDOWS\system32\javacpl.cpl

2011-09-28 11:35:25 . 2011-05-13 15:59:08 404640 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

2011-09-26 09:41:20 . 2008-07-29 17:59:58 611328 ----a-w- C:\WINDOWS\system32\uiautomationcore.dll

2011-09-26 09:41:20 . 2002-11-22 16:19:26 220160 ----a-w- C:\WINDOWS\system32\oleacc.dll

2011-09-26 09:41:14 . 2002-11-22 16:19:26 20480 ----a-w- C:\WINDOWS\system32\oleaccrc.dll

2011-09-13 04:30:10 . 2011-09-13 04:30:10 32592 ----a-w- C:\WINDOWS\system32\drivers\avgrkx86.sys

2011-09-09 09:12:13 . 2004-08-04 00:56:42 599040 ----a-w- C:\WINDOWS\system32\crypt32.dll

2011-09-06 13:20:51 . 2004-08-03 23:17:42 1858944 ----a-w- C:\WINDOWS\system32\win32k.sys

2011-09-05 13:56:22 . 2004-08-04 00:56:48 667136 ----a-w- C:\WINDOWS\system32\wininet.dll

2011-09-05 13:56:22 . 2004-08-03 22:59:30 61952 ----a-w- C:\WINDOWS\system32\tdc.ocx

2011-09-05 13:56:21 . 2004-08-04 00:56:44 81920 ----a-w- C:\WINDOWS\system32\ieencode.dll

2011-09-05 12:35:09 . 2004-08-03 22:59:58 369664 ----a-w- C:\WINDOWS\system32\html.iec

2011-08-31 15:00:50 . 2011-05-13 12:32:36 22216 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

2011-08-26 21:49:51 . 2007-10-20 13:20:17 443448 ----a-w- C:\WINDOWS\system32\drivers\sptd.sys

2011-08-17 13:49:54 . 2004-08-03 23:14:16 138496 ----a-w- C:\WINDOWS\system32\drivers\afd.sys

2011-10-05 08:19:38 . 2011-05-10 13:00:26 134104 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2010-06-13 15:25:14 138552]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15531A3F-2691-26A5-5D8A-029C7846098D}]

2008-04-14 03:42:04 98304 ----a-w- C:\WINDOWS\system32\ntmsaapi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]

2010-06-13 15:25:12 1438520 ----a-r- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-06-13 15:25:12 1438520]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-06-13 15:25:12 1438520]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 13:52:08 95536]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-04 20:51:48 39408]

"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2011-03-30 13:08:23 399736]

"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2009-12-30 17:47:38 523408]

"Pando Media Booster"="C:\Program Files\Pando Networks\Media Booster\PMB.exe" [2011-07-05 22:29:13 3077528]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 07:33:30 4910912]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2011-10-13 08:27:14 17351304]

"Akamai NetSession Interface"="C:\Documents and Settings\Shrooms\Local Settings\Application Data\Akamai\netsession_win.exe" [2011-11-08 04:10:12 3295320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50:42 155648]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 20:57:00 30208]

"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 09:09:00 49152]

"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 13:52:08 54576]

"razer"="C:\Program Files\Razer\Copperhead\razerhid.exe" [2005-10-08 14:27:48 155648]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-13 19:24:54 98304]

"SweetIM"="C:\Program Files\SweetIM\Messenger\SweetIM.exe" [2010-08-30 09:44:20 111928]

"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 13:38:02 16384512]

"Standby"="C:\Program Files\Common Files\Corel\Standby\Standby.exe" [2010-01-07 12:09:38 105632]

"TkBellExe"="C:\program files\real\realplayer\update\realsched.exe" [2011-06-02 20:32:19 273544]

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 10:55:28 937920]

"DeathAdder"="C:\Program Files\Razer\DeathAdder\razerhid.exe" [2011-03-21 09:06:08 248320]

"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2011-07-05 16:36:48 421888]

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 11:06:06 254696]

"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 15:00:48 449608]

"AVG_TRAY"="C:\Program Files\AVG\AVG2012\avgtray.exe" [2011-10-24 19:29:16 2415456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 03:42:18 15360]

C:\Documents and Settings\Shrooms\Start Menu\Programs\Startup\

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

hott notes 4.lnk - C:\Program Files\hott notes 4\hottnotes.exe [2007-5-16 1249280]

Registration Prince of Persia T2T (2).LNK - D:\pop3\POP\Support\Register\RegistrationReminder.exe [N/A]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

LOLRecorder.lnk - C:\Program Files\LOLReplay\LOLRecorder.exe [2011-10-7 406016]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Shrooms^Start Menu^Programs^Startup^Registration .LNK]

backup=C:\WINDOWS\pss\Registration .LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Shrooms^Start Menu^Programs^Startup^Registration RAYMAN]

backup=C:\WINDOWS\pss\Registration RAYMANStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-03 16:43:28 69632 ----a-r- C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2007-08-20 13:38:02 16384512 ----a-r- C:\WINDOWS\RTHDCPL.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"D:\\Igrice\\Little Fighter 4 Turbo\\LF4t.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"D:\\WOW\\Launcher.exe"=

"D:\\WOW\\BackgroundDownloader.exe"=

"D:\\pes11\\Pro Evolution Soccer 2011\\pes2011.exe"=

"C:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"C:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Program Files\\LOLReplay\\LOLReplay.exe"=

"C:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"D:\\pes11\\Pro Evolution Soccer 2011\\Pro Evolution Soccer 2011\\JSL-2011.exe"=

"C:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

"C:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"C:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"C:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

"C:\\Documents and Settings\\Shrooms\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8380:TCP"= 8380:TCP:League of Legends Launcher

"8380:UDP"= 8380:UDP:League of Legends Launcher

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"8394:TCP"= 8394:TCP:League of Legends Launcher

"8394:UDP"= 8394:UDP:League of Legends Launcher

"6931:TCP"= 6931:TCP:League of Legends Launcher

"6931:UDP"= 6931:UDP:League of Legends Launcher

"8395:TCP"= 8395:TCP:League of Legends Launcher

"8395:UDP"= 8395:UDP:League of Legends Launcher

"8396:TCP"= 8396:TCP:League of Legends Launcher

"8396:UDP"= 8396:UDP:League of Legends Launcher

"6889:TCP"= 6889:TCP:League of Legends Launcher

"6889:UDP"= 6889:UDP:League of Legends Launcher

"6894:TCP"= 6894:TCP:League of Legends Launcher

"6894:UDP"= 6894:UDP:League of Legends Launcher

"6914:TCP"= 6914:TCP:League of Legends Launcher

"6914:UDP"= 6914:UDP:League of Legends Launcher

"6913:TCP"= 6913:TCP:League of Legends Launcher

"6913:UDP"= 6913:UDP:League of Legends Launcher

"6933:TCP"= 6933:TCP:League of Legends Launcher

"6933:UDP"= 6933:UDP:League of Legends Launcher

"6984:TCP"= 6984:TCP:League of Legends Launcher

"6984:UDP"= 6984:UDP:League of Legends Launcher

"6912:TCP"= 6912:TCP:League of Legends Launcher

"6912:UDP"= 6912:UDP:League of Legends Launcher

"6896:TCP"= 6896:TCP:League of Legends Launcher

"6896:UDP"= 6896:UDP:League of Legends Launcher

"6892:TCP"= 6892:TCP:League of Legends Launcher

"6892:UDP"= 6892:UDP:League of Legends Launcher

"6988:TCP"= 6988:TCP:League of Legends Launcher

"6988:UDP"= 6988:UDP:League of Legends Launcher

"6881:TCP"= 6881:TCP:League of Legends Launcher

"6881:UDP"= 6881:UDP:League of Legends Launcher

"8397:TCP"= 8397:TCP:League of Legends Launcher

"8397:UDP"= 8397:UDP:League of Legends Launcher

"6958:TCP"= 6958:TCP:League of Legends Launcher

"6958:UDP"= 6958:UDP:League of Legends Launcher

"6920:TCP"= 6920:TCP:League of Legends Launcher

"6920:UDP"= 6920:UDP:League of Legends Launcher

"6941:TCP"= 6941:TCP:League of Legends Launcher

"6941:UDP"= 6941:UDP:League of Legends Launcher

"6968:TCP"= 6968:TCP:League of Legends Launcher

"6968:UDP"= 6968:UDP:League of Legends Launcher

"8398:TCP"= 8398:TCP:League of Legends Launcher

"8398:UDP"= 8398:UDP:League of Legends Launcher

"8393:TCP"= 8393:TCP:League of Legends Lobby

"8393:UDP"= 8393:UDP:League of Legends Lobby

"8390:TCP"= 8390:TCP:League of Legends Game Client

"8390:UDP"= 8390:UDP:League of Legends Game Client

"56296:TCP"= 56296:TCP:Pando Media Booster

"56296:UDP"= 56296:UDP:Pando Media Booster

R0 AVGIDSEH;AVGIDSEH;C:\WINDOWS\system32\drivers\AVGIDSEH.sys [11.7.2011 0:14:28 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;C:\WINDOWS\system32\drivers\avgrkx86.sys [13.9.2011 5:30:10 32592]

R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]

R0 vax347b;vax347b;C:\WINDOWS\system32\drivers\vax347b.sys [1.7.2008 13:27:59 159616]

R0 vax347s;vax347s;C:\WINDOWS\system32\drivers\vax347s.sys [1.7.2008 13:27:59 5248]

R1 Avgldx86;AVG AVI Loader Driver;C:\WINDOWS\system32\drivers\avgldx86.sys [11.7.2011 0:13:46 230608]

R1 Avgtdix;AVG TDI Driver;C:\WINDOWS\system32\drivers\avgtdix.sys [11.7.2011 0:14:38 295248]

R2 Akamai;Akamai NetSession Interface;C:\WINDOWS\System32\svchost.exe -k Akamai [4.8.2004 1:56:58 14336]

R2 avgwd;AVG WatchDog;C:\Program Files\AVG\AVG2012\avgwdsvc.exe [2.8.2011 5:09:08 192776]

R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [13.5.2011 13:32:40 366152]

R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\drivers\avgfwdx.sys [23.5.2011 0:03:20 30944]

R3 AVGIDSDriver;AVGIDSDriver;C:\WINDOWS\system32\drivers\AVGIDSDriver.sys [11.7.2011 0:14:26 134608]

R3 AVGIDSFilter;AVGIDSFilter;C:\WINDOWS\system32\drivers\AVGIDSFilter.sys [11.7.2011 0:14:28 24272]

R3 AVGIDSShim;AVGIDSShim;C:\WINDOWS\system32\drivers\AVGIDSShim.sys [11.7.2011 0:14:30 16720]

R3 danewFltr;NewDeathAdder Mouse;C:\WINDOWS\system32\drivers\danew.sys [29.6.2011 20:17:52 11136]

R3 hidkmdf;Filter Driver Service for HID-KMDF Interface layer;C:\WINDOWS\system32\drivers\hidkmdf.sys [29.6.2011 20:17:43 6656]

R3 MBAMProtector;MBAMProtector;C:\WINDOWS\system32\drivers\mbam.sys [13.5.2011 13:32:36 22216]

R3 VKbms;Virtual HID Minidriver;C:\WINDOWS\system32\drivers\VKbms.sys [29.6.2011 20:17:43 10240]

S0 ps6ah4nb;DiRT Synchronization Driver (ps6ah4nb);C:\WINDOWS\system32\drivers\ps6ah4nb.sys --> C:\WINDOWS\system32\drivers\ps6ah4nb.sys [?]

S0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\WINDOWS\system32\drivers\ps6ah4nc.sys --> C:\WINDOWS\system32\drivers\ps6ah4nc.sys [?]

S2 avgfws;AVG zaštitni zid;C:\Program Files\AVG\AVG2012\avgfws.exe [24.10.2011 20:29:34 2398512]

S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [12.10.2011 6:25:22 4433248]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16:28 130384]

S2 pr2ah4nb;DiRT Drivers Auto Removal (pr2ah4nb);C:\WINDOWS\system32\pr2ah4nb.exe svc --> C:\WINDOWS\system32\pr2ah4nb.exe svc [?]

S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\WINDOWS\system32\pr2ah4nc.exe svc --> C:\WINDOWS\system32\pr2ah4nc.exe svc [?]

S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\drivers\avgfwdx.sys [23.5.2011 0:03:20 30944]

S3 hid7906;hid7906;C:\WINDOWS\system32\drivers\hid7906.sys [4.1.2008 17:39:40 53793]

S3 Razerlow;Razer Copperhead Driver;C:\WINDOWS\system32\drivers\Razerlow.sys [26.6.2009 17:18:28 19020]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16:28 753504]

S3 XDva370;XDva370;\??\C:\WINDOWS\system32\XDva370.sys --> C:\WINDOWS\system32\XDva370.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

Contents of the 'Scheduled Tasks' folder

2011-11-03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57:16 . 2011-06-01 15:57:16]

2011-11-01 C:\WINDOWS\Tasks\At1.job

- C:\WINDOWS\system32\gpuppdate.exe [2002-11-22 16:19:04 . 2002-11-22 16:19:04]

2011-11-09 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-04 20:51:51 . 2010-06-04 20:51:50]

2011-11-09 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-04 20:51:51 . 2010-06-04 20:51:50]

2011-11-08 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1390067357-839522115-1003Core.job

- C:\Documents and Settings\Shrooms\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-20 13:35:56 . 2010-06-04 20:51:50]

2011-11-09 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1390067357-839522115-1003UA.job

- C:\Documents and Settings\Shrooms\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-20 13:35:56 . 2010-06-04 20:51:50]

2011-11-09 C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-854245398-1390067357-839522115-1003.job

- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47:46 . 2011-03-29 08:47:46]

2011-11-09 C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-854245398-1390067357-839522115-1003.job

- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47:46 . 2011-03-29 08:47:46]

------- Supplementary Scan -------

uStart Page = hxxp://www.bigseekpro.com/mediaget/{5FF7ECB8-6D08-4C83-996A-01C297A8E99E}

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

mStart Page = hxxp://www.bigseekpro.com/mediaget/{5FF7ECB8-6D08-4C83-996A-01C297A8E99E}

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = http=127.0.0.1:25507;

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - C:\Documents and Settings\Shrooms\Application Data\Mozilla\Firefox\Profiles\mwkxrc77.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT315908&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZRfox000&ptb=jFSzIIdODiWFC3uHHD9mXQ&ind=2010072314&ptnrS=ZRfox000&si=&n=77cf44fa&psa=&st=kwd&searchfor=

- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-NSS - C:\Program Files\Norton Security Scan\Engine\3.1.1.6\InstWrap.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-09 17:21:17

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_a74ca62.dll"

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-854245398-1390067357-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"??"=hex:ee,db,4a,c8,cb,b9,10,b6,55,ca,85,e0,92,54,73,c4,70,5e,3c,bd,d9,f2,b8,

d9,0f,9c,1c,74,44,79,e4,4e,b6,bc,c1,a2,ef,9c,e7,b5,a7,f4,5d,e8,cb,8c,71,6b,\

"??"=hex:3e,b6,f3,f9,a1,ac,f4,92,43,c4,f6,ee,4c,91,13,4e

[HKEY_USERS\S-1-5-21-854245398-1390067357-839522115-1003\Software\SecuROM\License information*]

"datasecu"=hex:ab,f8,ed,3c,5f,bd,2d,8b,c4,d9,7d,9d,49,38,1a,42,04,b4,79,e0,99,

b2,00,03,a8,75,4a,cd,43,17,dd,b0,64,26,8a,08,75,aa,54,8d,e8,dc,c8,6f,a5,12,\

"rkeysecu"=hex:64,b3,78,c0,11,d6,cf,ba,66,4d,42,15,76,f1,19,89

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1072)

C:\WINDOWS\system32\Ati2evxx.dll

C:\WINDOWS\system32\atiadlxx.dll

Completion time: 2011-11-09 17:23:58

ComboFix-quarantined-files.txt 2011-11-09 16:23:12

Pre-Run: 5.996.097.536 bytes free

Post-Run: 5.989.167.104 bytes free

- - End Of File - - 02128C58A875BBF536B5DD8F9C1D9C48

Heres the scaners log :

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=d886e142bad6744b87ce5477ec95e927

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-11-09 07:26:53

# local_time=2011-11-09 08:26:53 (+0100, Central Europe Standard Time)

# country="Serbia and Montenegro"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1024 16777175 100 0 1229402 1229402 0 0

# compatibility_mode=8192 67108863 100 0 4078 4078 0 0

# scanned=163285

# found=12

# cleaned=12

# scan_time=6771

C:\Program Files\MP3 Player Utilities 1.40\DelDrv.exe Win32/KillFiles.NEM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{7684B190-BCA8-4BF4-BB3F-F552D1CEC818}\RP222\A0060189.exe Win32/KillFiles.NEM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\My Documents\Downloads\cnet_fpc-2_4_4_i386-win32_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\My Documents\Downloads\installer_free_pascal.exe Win32/Toggle application (deleted - quarantined) 00000000000000000000000000000000 C

D:\My Documents\Downloads\installer_reginout_2_0_0_1000_English.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

D:\My Documents\Downloads\SoftonicDownloader_for_daemon-tools.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\My Documents\Downloads\SoftonicDownloader_for_microsoft-office-word-viewer.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\My Documents\Downloads\SoftonicDownloader_for_pes-2012(1).exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\My Documents\Downloads\SoftonicDownloader_for_pes-2012.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\My Documents\Downloads\speedupmypc(2).exe Win32/SpeedUpMyPC application (deleted - quarantined) 00000000000000000000000000000000 C

D:\My Documents\Downloads\speedupmypc(3).exe Win32/SpeedUpMyPC application (deleted - quarantined) 00000000000000000000000000000000 C

D:\My Documents\Downloads\speedupmypc.exe Win32/SpeedUpMyPC application (deleted - quarantined) 00000000000000000000000000000000 C

Heres Security Check u asked for :

Results of screen317's Security Check version 0.99.25

Windows XP Service Pack 3 x86

Internet Explorer 6 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

AVG 2012

ESET Online Scanner v3

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 29

Adobe Flash Player ( 10.3.183.10) Flash Player Out of Date!

Adobe Reader X (10.1.1)

Mozilla Firefox (Player..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

``````````End of Log````````````

I dont know if i did something wrong but this combofix log is shorter than the last ones i thing maybe AVG interfeered...and yea these blokings from mbam keep up comeing, but from this scan i didnt seen any of them ill post if i get some again

Just to say the pop-ups are still coming up but there is fewer...

[amann95]

Just to say the pop-ups are still coming up but there is fewer...

1 more thing every time i start the computer firewall is turned off, i turn it back on but the next time i start it up its off....

[screen317]

Hi,

My apologies for the delay.

Please see:

HijackThis Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

It's likely why your issue began in the first place.

[amann95]

Hi,

My apologies for the delay.

Please see:

HijackThis Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

It's likely why your issue began in the first place.

1st of all the link u gave me is dead.2nd u say these logs(that contain Keygens, cracks, warez and similar), im quoting u "will given the option to remove the P2P items" so how do i know witch are these items i can think of a few keygens and cracks but im guessing its not that simple. Anyhow if u think we cant make it right to your policy tnx...u kinda helped me and these ip warnings are not so often now...so tnx

[screen317]

Here is our updated policy:

Please see:

HijackThis Forum Policy

We will not assist users that are obviously using illegal software.

If any such evidence is found you will be given the benefit of the doubt and the opportunity to completely uninstall and delete any such data from your system.

During the scanning process if any further evidence shows up your topic will be closed and no further assistance will be provided.

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!