Lazyjim77
2011-12-04, 20:17
Visiting the World of Guns .ru site on friday (Do NOT go there I highly suspect it is now infecting visitors.) I was met with a pop-up claiming to be from Windows saying I needed to update system settings or some such. Taking this for the scam it almost certainly was I tried to kill firefox as quickly as possible.
This is a shame because previously the site in question was a highly informative resource on firearms.
However it seems those efforts were in vain and some kind of infection managed to get through. Despite haveing a 7mb broadband connection, web dependant applications such as IRC, youtube videos and online games are now constantly timing out due to insuffient bandwidth.
The weird part? Neither AVG or Spybot have found anything particularly malicous. Just a few tracking cookies.
So on a scary thought, I think my computer has been infected by something new that is now operating it as a bot and transmitting large amounts of data over my internet connection.
Please help me find out what is going on.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_27
Run by James at 17:57:17 on 2011-12-04
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4095.1136 [GMT 0:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\OSCAR Editor\OscarEditor.exe
C:\Users\James\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\Program Files (x86)\AVG\AVG2012\avgscana.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Nettalk6\Nettalk.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [WindowsLivePhone] "C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun
uRun: [DrvMon.exe] C:\Windows\system32\DrvMon.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [OscarEditor] "C:\Program Files (x86)\OSCAR Editor\OscarEditor.exe" Minimum
mRun: [WindowsLivePhone] C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe /AutoRun
mRun: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [UVS11 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11 SE DVD\uvPL.exe
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic="&"inst=NzYtNTM5MzE0NTQ3LUZQOTIrNi1CQVI5RysxLVRCOSsyLUZMKzktUUlYMSs0LVgyMDEwKzItU1VEKzEtUzFJKzEtU1UzKzEtVFVHKzMtRERUKzM1NjkxLUREMTArMS1TVDEwQVBQKzEtUDEwTTEyQysxLVUxMCsxLVRCKzE"&"prod=0"&"ver=10.0.1411
StartupFolder: C:\Users\James\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\James\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERS~1.LNK - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C44F76A4-32FD-447D-A9CD-FE86974DBAAA} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C44F76A4-32FD-447D-A9CD-FE86974DBAAA}\2456C6B696E6E233632414 : DhcpNameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun-x64: [WindowsLivePhone] C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe /AutoRun
mRun-x64: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [UVS11 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11 SE DVD\uvPL.exe
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic="&"inst=NzYtNTM5MzE0NTQ3LUZQOTIrNi1CQVI5RysxLVRCOSsyLUZMKzktUUlYMSs0LVgyMDEwKzItU1VEKzEtUzFJKzEtU1UzKzEtVFVHKzMtRERUKzM1NjkxLUREMTArMS1TVDEwQVBQKzEtUDEwTTEyQysxLVUxMCsxLVRCKzE"&"prod=0"&"ver=10.0.1411
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\10q9k66n.default\
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll
FF - plugin: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\James\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\10q9k66n.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2011-10-24 2398512]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-13 133104]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-13 133104]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-12-04 17:43:33 -------- d-----w- C:\Users\James\AppData\Roaming\Nettalk
2011-12-04 17:43:08 -------- d-----w- C:\Program Files (x86)\Nettalk6
2011-12-02 20:31:56 -------- d-----w- C:\Users\James\ThinSection Pictures
2011-12-01 18:23:26 -------- d--h--w- C:\$AVG
2011-12-01 16:46:29 -------- d-----w- C:\Users\James\AppData\Roaming\AVG2012
2011-12-01 16:45:33 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2011-12-01 16:44:02 -------- d-----w- C:\ProgramData\AVG2012
2011-12-01 16:25:36 -------- d-----w- C:\Users\James\AppData\Local\ydcvxovm
2011-11-29 11:48:39 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CEC41C23-8596-469B-AF5E-C3FC92A6886B}\mpengine.dll
2011-11-25 17:26:53 -------- d-----w- C:\Users\James\AppData\Local\SWTOR
2011-11-16 12:17:42 -------- d-----w- C:\Users\James\AppData\Local\Criterion Games
2011-11-11 17:36:46 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-11 17:36:46 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-11 17:36:45 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-11 17:36:43 3141120 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2011-11-22 18:23:50 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-11-22 18:23:50 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-11-22 18:17:46 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-11-22 08:56:14 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-11-12 09:44:59 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-12 20:56:18 10207232 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-10-12 20:20:20 24629760 ----a-w- C:\Windows\System32\atio6axx.dll
2011-10-12 20:14:36 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-10-12 20:14:26 736768 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-10-12 20:13:00 867328 ----a-w- C:\Windows\System32\aticfx64.dll
2011-10-12 20:10:28 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-10-12 20:10:18 487936 ----a-w- C:\Windows\System32\atieclxx.exe
2011-10-12 20:09:44 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-10-12 20:08:34 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-10-12 20:08:16 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-10-12 20:08:10 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-10-12 20:07:58 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-10-12 20:07:54 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-10-12 20:07:48 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-10-12 20:07:44 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-10-12 20:04:42 4231680 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-10-12 20:04:14 18630656 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-10-12 19:54:44 4960768 ----a-w- C:\Windows\System32\atidxx64.dll
2011-10-12 19:46:20 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-10-12 19:46:18 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-10-12 19:46:10 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-10-12 19:46:08 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-10-12 19:45:58 9877504 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-10-12 19:44:44 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-10-12 19:44:28 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-10-12 19:44:20 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-10-12 19:44:10 4023296 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-10-12 19:42:56 8391680 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-10-12 19:39:38 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-10-12 19:38:20 5431808 ----a-w- C:\Windows\System32\atiumd64.dll
2011-10-12 19:33:10 4174848 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-10-12 19:31:34 479744 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-10-12 19:31:22 335872 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-10-12 19:31:06 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-10-12 19:31:02 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-10-12 19:31:02 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-10-12 19:30:58 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-10-12 19:30:50 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-10-12 19:30:42 317952 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-10-12 19:29:50 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-10-12 19:29:42 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-10-12 19:29:34 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-10-12 19:29:26 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-10-12 19:28:30 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-10-12 19:16:52 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-10-12 19:16:52 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-10-12 19:16:42 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-10-12 19:16:42 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-10-07 06:23:46 283728 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-23 21:15:12 66048 ----a-w- C:\Windows\System32\OpenVideo64.dll
2011-09-23 21:15:08 56832 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2011-09-23 21:14:58 16787456 ----a-w- C:\Windows\System32\amdocl64.dll
2011-09-23 21:14:18 13753856 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-09-23 21:13:30 51200 ----a-w- C:\Windows\System32\OpenCL.dll
2011-09-23 21:13:24 43520 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2011-09-13 06:30:08 37456 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
.
============= FINISH: 18:01:57.24 ===============
This is a shame because previously the site in question was a highly informative resource on firearms.
However it seems those efforts were in vain and some kind of infection managed to get through. Despite haveing a 7mb broadband connection, web dependant applications such as IRC, youtube videos and online games are now constantly timing out due to insuffient bandwidth.
The weird part? Neither AVG or Spybot have found anything particularly malicous. Just a few tracking cookies.
So on a scary thought, I think my computer has been infected by something new that is now operating it as a bot and transmitting large amounts of data over my internet connection.
Please help me find out what is going on.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_27
Run by James at 17:57:17 on 2011-12-04
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4095.1136 [GMT 0:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\OSCAR Editor\OscarEditor.exe
C:\Users\James\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\Program Files (x86)\AVG\AVG2012\avgscana.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Nettalk6\Nettalk.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [WindowsLivePhone] "C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun
uRun: [DrvMon.exe] C:\Windows\system32\DrvMon.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [OscarEditor] "C:\Program Files (x86)\OSCAR Editor\OscarEditor.exe" Minimum
mRun: [WindowsLivePhone] C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe /AutoRun
mRun: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [UVS11 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11 SE DVD\uvPL.exe
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic="&"inst=NzYtNTM5MzE0NTQ3LUZQOTIrNi1CQVI5RysxLVRCOSsyLUZMKzktUUlYMSs0LVgyMDEwKzItU1VEKzEtUzFJKzEtU1UzKzEtVFVHKzMtRERUKzM1NjkxLUREMTArMS1TVDEwQVBQKzEtUDEwTTEyQysxLVUxMCsxLVRCKzE"&"prod=0"&"ver=10.0.1411
StartupFolder: C:\Users\James\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\James\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERS~1.LNK - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C44F76A4-32FD-447D-A9CD-FE86974DBAAA} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C44F76A4-32FD-447D-A9CD-FE86974DBAAA}\2456C6B696E6E233632414 : DhcpNameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun-x64: [WindowsLivePhone] C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe /AutoRun
mRun-x64: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [UVS11 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11 SE DVD\uvPL.exe
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic="&"inst=NzYtNTM5MzE0NTQ3LUZQOTIrNi1CQVI5RysxLVRCOSsyLUZMKzktUUlYMSs0LVgyMDEwKzItU1VEKzEtUzFJKzEtU1UzKzEtVFVHKzMtRERUKzM1NjkxLUREMTArMS1TVDEwQVBQKzEtUDEwTTEyQysxLVUxMCsxLVRCKzE"&"prod=0"&"ver=10.0.1411
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\10q9k66n.default\
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll
FF - plugin: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\James\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\10q9k66n.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2011-10-24 2398512]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-13 133104]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-13 133104]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-12-04 17:43:33 -------- d-----w- C:\Users\James\AppData\Roaming\Nettalk
2011-12-04 17:43:08 -------- d-----w- C:\Program Files (x86)\Nettalk6
2011-12-02 20:31:56 -------- d-----w- C:\Users\James\ThinSection Pictures
2011-12-01 18:23:26 -------- d--h--w- C:\$AVG
2011-12-01 16:46:29 -------- d-----w- C:\Users\James\AppData\Roaming\AVG2012
2011-12-01 16:45:33 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2011-12-01 16:44:02 -------- d-----w- C:\ProgramData\AVG2012
2011-12-01 16:25:36 -------- d-----w- C:\Users\James\AppData\Local\ydcvxovm
2011-11-29 11:48:39 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CEC41C23-8596-469B-AF5E-C3FC92A6886B}\mpengine.dll
2011-11-25 17:26:53 -------- d-----w- C:\Users\James\AppData\Local\SWTOR
2011-11-16 12:17:42 -------- d-----w- C:\Users\James\AppData\Local\Criterion Games
2011-11-11 17:36:46 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-11 17:36:46 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-11 17:36:45 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-11 17:36:43 3141120 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2011-11-22 18:23:50 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-11-22 18:23:50 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-11-22 18:17:46 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-11-22 08:56:14 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-11-12 09:44:59 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-12 20:56:18 10207232 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-10-12 20:20:20 24629760 ----a-w- C:\Windows\System32\atio6axx.dll
2011-10-12 20:14:36 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-10-12 20:14:26 736768 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-10-12 20:13:00 867328 ----a-w- C:\Windows\System32\aticfx64.dll
2011-10-12 20:10:28 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-10-12 20:10:18 487936 ----a-w- C:\Windows\System32\atieclxx.exe
2011-10-12 20:09:44 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-10-12 20:08:34 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-10-12 20:08:16 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-10-12 20:08:10 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-10-12 20:07:58 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-10-12 20:07:54 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-10-12 20:07:48 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-10-12 20:07:44 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-10-12 20:04:42 4231680 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-10-12 20:04:14 18630656 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-10-12 19:54:44 4960768 ----a-w- C:\Windows\System32\atidxx64.dll
2011-10-12 19:46:20 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-10-12 19:46:18 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-10-12 19:46:10 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-10-12 19:46:08 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-10-12 19:45:58 9877504 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-10-12 19:44:44 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-10-12 19:44:28 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-10-12 19:44:20 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-10-12 19:44:10 4023296 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-10-12 19:42:56 8391680 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-10-12 19:39:38 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-10-12 19:38:20 5431808 ----a-w- C:\Windows\System32\atiumd64.dll
2011-10-12 19:33:10 4174848 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-10-12 19:31:34 479744 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-10-12 19:31:22 335872 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-10-12 19:31:06 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-10-12 19:31:02 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-10-12 19:31:02 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-10-12 19:30:58 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-10-12 19:30:50 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-10-12 19:30:42 317952 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-10-12 19:29:50 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-10-12 19:29:42 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-10-12 19:29:34 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-10-12 19:29:26 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-10-12 19:28:30 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-10-12 19:16:52 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-10-12 19:16:52 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-10-12 19:16:42 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-10-12 19:16:42 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-10-07 06:23:46 283728 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-23 21:15:12 66048 ----a-w- C:\Windows\System32\OpenVideo64.dll
2011-09-23 21:15:08 56832 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2011-09-23 21:14:58 16787456 ----a-w- C:\Windows\System32\amdocl64.dll
2011-09-23 21:14:18 13753856 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-09-23 21:13:30 51200 ----a-w- C:\Windows\System32\OpenCL.dll
2011-09-23 21:13:24 43520 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2011-09-13 06:30:08 37456 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
.
============= FINISH: 18:01:57.24 ===============