Results 1 to 2 of 2

Thread: Help! Almost certain I've been infected.

  1. 2011-12-04, 19:17 #1
    Lazyjim77
    Lazyjim77 is offline
    Junior Member
    Join Date
    Jan 2008
    Posts
    23

    Default Help! Almost certain I've been infected.

    Visiting the World of Guns .ru site on friday (Do NOT go there I highly suspect it is now infecting visitors.) I was met with a pop-up claiming to be from Windows saying I needed to update system settings or some such. Taking this for the scam it almost certainly was I tried to kill firefox as quickly as possible.

    This is a shame because previously the site in question was a highly informative resource on firearms.

    However it seems those efforts were in vain and some kind of infection managed to get through. Despite haveing a 7mb broadband connection, web dependant applications such as IRC, youtube videos and online games are now constantly timing out due to insuffient bandwidth.

    The weird part? Neither AVG or Spybot have found anything particularly malicous. Just a few tracking cookies.
    So on a scary thought, I think my computer has been infected by something new that is now operating it as a bot and transmitting large amounts of data over my internet connection.

    Please help me find out what is going on.

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_27
    Run by James at 17:57:17 on 2011-12-04
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4095.1136 [GMT 0:00]
    .
    AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Steam\steam.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\OSCAR Editor\OscarEditor.exe
    C:\Users\James\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\iTunes\iTunes.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files (x86)\AVG\AVG2012\avgui.exe
    C:\Program Files (x86)\AVG\AVG2012\avgscana.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Nettalk6\Nettalk.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    mURLSearchHooks: H - No File
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [WindowsLivePhone] "C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun
    uRun: [DrvMon.exe] C:\Windows\system32\DrvMon.exe
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    uRun: [OscarEditor] "C:\Program Files (x86)\OSCAR Editor\OscarEditor.exe" Minimum
    mRun: [WindowsLivePhone] C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe /AutoRun
    mRun: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
    mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    mRun: [UVS11 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11 SE DVD\uvPL.exe
    mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic="&"inst=NzYtNTM5MzE0NTQ3LUZQOTIrNi1CQVI5RysxLVRCOSsyLUZMKzktUUlYMSs0LVgyMDEwKzItU1VEKzEtUzFJKzEtU1UzKzEtVFVHKzMtRERUKzM1NjkxLUREMTArMS1TVDEwQVBQKzEtUDEwTTEyQysxLVUxMCsxLVRCKzE"&"prod=0"&"ver=10.0.1411
    StartupFolder: C:\Users\James\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\James\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERS~1.LNK - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
    uPolicies-explorer: NoViewOnDrive = 0 (0x0)
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{C44F76A4-32FD-447D-A9CD-FE86974DBAAA} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{C44F76A4-32FD-447D-A9CD-FE86974DBAAA}\2456C6B696E6E233632414 : DhcpNameServer = 192.168.2.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    mRun-x64: [WindowsLivePhone] C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe /AutoRun
    mRun-x64: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
    mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    mRun-x64: [UVS11 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11 SE DVD\uvPL.exe
    mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic="&"inst=NzYtNTM5MzE0NTQ3LUZQOTIrNi1CQVI5RysxLVRCOSsyLUZMKzktUUlYMSs0LVgyMDEwKzItU1VEKzEtUzFJKzEtU1UzKzEtVFVHKzMtRERUKzM1NjkxLUREMTArMS1TVDEwQVBQKzEtUDEwTTEyQysxLVUxMCsxLVRCKzE"&"prod=0"&"ver=10.0.1411
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\10q9k66n.default\
    FF - prefs.js: network.proxy.type - 0
    FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll
    FF - plugin: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Users\James\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\10q9k66n.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2011-10-24 2398512]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
    R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-13 133104]
    S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-13 133104]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2011-12-04 17:43:33 -------- d-----w- C:\Users\James\AppData\Roaming\Nettalk
    2011-12-04 17:43:08 -------- d-----w- C:\Program Files (x86)\Nettalk6
    2011-12-02 20:31:56 -------- d-----w- C:\Users\James\ThinSection Pictures
    2011-12-01 18:23:26 -------- d--h--w- C:\$AVG
    2011-12-01 16:46:29 -------- d-----w- C:\Users\James\AppData\Roaming\AVG2012
    2011-12-01 16:45:33 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
    2011-12-01 16:44:02 -------- d-----w- C:\ProgramData\AVG2012
    2011-12-01 16:25:36 -------- d-----w- C:\Users\James\AppData\Local\ydcvxovm
    2011-11-29 11:48:39 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CEC41C23-8596-469B-AF5E-C3FC92A6886B}\mpengine.dll
    2011-11-25 17:26:53 -------- d-----w- C:\Users\James\AppData\Local\SWTOR
    2011-11-16 12:17:42 -------- d-----w- C:\Users\James\AppData\Local\Criterion Games
    2011-11-11 17:36:46 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
    2011-11-11 17:36:46 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
    2011-11-11 17:36:45 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-11-11 17:36:43 3141120 ----a-w- C:\Windows\System32\win32k.sys
    .
    ==================== Find3M ====================
    .
    2011-11-22 18:23:50 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2011-11-22 18:23:50 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2011-11-22 18:17:46 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2011-11-22 08:56:14 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2011-11-12 09:44:59 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-12 20:56:18 10207232 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2011-10-12 20:20:20 24629760 ----a-w- C:\Windows\System32\atio6axx.dll
    2011-10-12 20:14:36 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
    2011-10-12 20:14:26 736768 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2011-10-12 20:13:00 867328 ----a-w- C:\Windows\System32\aticfx64.dll
    2011-10-12 20:10:28 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
    2011-10-12 20:10:18 487936 ----a-w- C:\Windows\System32\atieclxx.exe
    2011-10-12 20:09:44 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
    2011-10-12 20:08:34 120320 ----a-w- C:\Windows\System32\atitmm64.dll
    2011-10-12 20:08:16 423424 ----a-w- C:\Windows\System32\atipdl64.dll
    2011-10-12 20:08:10 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
    2011-10-12 20:07:58 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
    2011-10-12 20:07:54 21504 ----a-w- C:\Windows\System32\atimuixx.dll
    2011-10-12 20:07:48 59392 ----a-w- C:\Windows\System32\atiedu64.dll
    2011-10-12 20:07:44 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2011-10-12 20:04:42 4231680 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2011-10-12 20:04:14 18630656 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2011-10-12 19:54:44 4960768 ----a-w- C:\Windows\System32\atidxx64.dll
    2011-10-12 19:46:20 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
    2011-10-12 19:46:18 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2011-10-12 19:46:10 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
    2011-10-12 19:46:08 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2011-10-12 19:45:58 9877504 ----a-w- C:\Windows\System32\aticaldd64.dll
    2011-10-12 19:44:44 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
    2011-10-12 19:44:28 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2011-10-12 19:44:20 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
    2011-10-12 19:44:10 4023296 ----a-w- C:\Windows\System32\atiumd6a.dll
    2011-10-12 19:42:56 8391680 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2011-10-12 19:39:38 58880 ----a-w- C:\Windows\System32\coinst.dll
    2011-10-12 19:38:20 5431808 ----a-w- C:\Windows\System32\atiumd64.dll
    2011-10-12 19:33:10 4174848 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2011-10-12 19:31:34 479744 ----a-w- C:\Windows\System32\atiadlxx.dll
    2011-10-12 19:31:22 335872 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2011-10-12 19:31:06 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
    2011-10-12 19:31:02 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2011-10-12 19:31:02 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
    2011-10-12 19:30:58 39936 ----a-w- C:\Windows\System32\atig6txx.dll
    2011-10-12 19:30:50 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2011-10-12 19:30:42 317952 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2011-10-12 19:29:50 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
    2011-10-12 19:29:42 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2011-10-12 19:29:34 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
    2011-10-12 19:29:26 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2011-10-12 19:28:30 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2011-10-12 19:16:52 54784 ----a-w- C:\Windows\System32\atimpc64.dll
    2011-10-12 19:16:52 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
    2011-10-12 19:16:42 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2011-10-12 19:16:42 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2011-10-07 06:23:46 283728 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
    2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-09-23 21:15:12 66048 ----a-w- C:\Windows\System32\OpenVideo64.dll
    2011-09-23 21:15:08 56832 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
    2011-09-23 21:14:58 16787456 ----a-w- C:\Windows\System32\amdocl64.dll
    2011-09-23 21:14:18 13753856 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2011-09-23 21:13:30 51200 ----a-w- C:\Windows\System32\OpenCL.dll
    2011-09-23 21:13:24 43520 ----a-w- C:\Windows\SysWow64\OpenCL.dll
    2011-09-13 06:30:08 37456 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
    .
    ============= FINISH: 18:01:57.24 ===============
    Last edited by tashi; 2011-12-12 at 00:51. Reason: Date of archive
  2. 2011-12-08, 02:16 #2
    Dakeyras
    Dakeyras is offline
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,173

    Default

    Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

    If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.
    Hi and welcome back to Safer Networking.

    I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:
    • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for this issue on this machine!
    • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
    • If you don't know, stop and ask! Don't keep going on.
    • Please reply to this thread. Do not start a new topic.
    • Refrain from running self fixes as this will hinder the malware removal process.
    • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
    • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    Windows 7 Advice:

    All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

    The Operating System in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

    Before we start:

    Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

    Because of this, I advise you to backup any personal files and folders before you start.

    Scan with aswMBR:

    Please download aswMBR.exe to your desktop.

    • Right-click on aswMBR.exe and select Run as Administrator to run it.
    • When prompted with The application can use the Avast! Free Antivirus for scanning >> select No
    • Now click on the Scan button to start scan
    • On completion of the scan click Save Log, save it to your desktop and post the contents in your next reply

    Note: There will also be a file on your desktop named MBR.dat(or similir) do not delete this for now it is a actual backup of the MBR(master boot record).

    Scan with OTL:

    Please download OTL and save it to your Desktop.

    Alternate downloads are here and here.
    • Right-click on OTL.exe and select Run as Administrator to start OTL.
    • Ensure Include 64bit Scans is selected.
    • Under Output, ensure that Minimal Output is selected.
    • Under Extra Registry section, select Use SafeList.
    • Click the Scan All Users checkbox.
    • Click on Run Scan at the top left hand corner.
    • When done, two Notepad files will open.
      • OTL.txt <-- Will be opened
      • Extra.txt <-- Will be minimized
    • Please post the contents of these 2 Notepad files in your next reply.
    When completed the above, please post back the following in the order asked for:
    • How is your computer performing now, any further symptoms and or problems encountered?
    • aswMBR Log.
    • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules