Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspected keylogger. Bank information stolen.


  • This topic is locked This topic is locked
6 replies to this topic

#1 drgentile777

drgentile777

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 02 March 2011 - 03:08 PM

Last week I was contacted from my bank and told of some suspicious activity that I definitely didn't authorize. This activity came from an area I've never been to so my only thought is a virus on my computer. I have AVG installed and have gotten nothing from it regarding a threat. Because I'm given no sign of a threat I'm not even sure one exists but I better check so it doesn't happen again.


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Animus at 14:45:09.56 on Wed 03/02/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.858 [GMT -5:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG10\avgchsva.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Users\Animus\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - C:\Windows\SysWOW64\dvmurl.dll
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
uRun: [Google Update] "C:\Users\Animus\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
StartupFolder: C:\Users\Animus\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
mRun-x64: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
mRun-x64: [Chew7Hale] "C:\Windows\System32\hale.exe" /nolog
mRun-x64: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
mRun-x64: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
mRun-x64: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
mRun-x64: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Animus\AppData\Roaming\Mozilla\Firefox\Profiles\efbv5i76.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Animus\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Tiny Menu: {d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904} - %profile%\extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 GEST Service;GEST Service for program management.;C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2011-2-23 68136]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-9 248936]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-3 157264]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-3 35920]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 pnetmdm;PdaNet Modem;C:\Windows\System32\drivers\pnetmdm64.sys [2011-2-25 17920]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-2-23 412264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-26 1255736]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-11-11 306416]

=============== Created Last 30 ================

2011-03-02 19:38:33 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2011-03-02 19:37:49 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-03-02 19:21:21 -------- d-sh--w- C:\$RECYCLE.BIN
2011-03-02 19:15:37 98816 ----a-w- C:\Windows\sed.exe
2011-03-02 19:15:37 89088 ----a-w- C:\Windows\MBR.exe
2011-03-02 19:15:37 256512 ----a-w- C:\Windows\PEV.exe
2011-03-02 19:15:37 161792 ----a-w- C:\Windows\SWREG.exe
2011-03-02 01:50:55 -------- d-----r- C:\Users\Animus\Podcasts
2011-03-02 01:50:28 -------- d-----w- C:\Windows\System32\drivers\UMDF\pt-BR
2011-03-02 01:50:27 -------- d-----w- C:\Windows\System32\drivers\UMDF\pt-PT
2011-03-02 01:50:24 -------- d-----w- C:\Windows\System32\drivers\UMDF\nl-NL
2011-03-02 01:50:22 -------- d-----w- C:\Windows\System32\drivers\UMDF\it-IT
2011-03-02 01:50:20 -------- d-----w- C:\Windows\System32\drivers\UMDF\de-DE
2011-03-02 01:50:18 -------- d-----w- C:\Windows\System32\drivers\UMDF\fr-FR
2011-03-02 01:50:18 -------- d-----w- C:\Windows\System32\drivers\UMDF\es-ES
2011-03-02 01:48:42 758272 ----a-w- C:\Windows\System32\PortableDeviceApi.dll
2011-03-02 01:48:42 547840 ----a-w- C:\Windows\SysWow64\PortableDeviceApi.dll
2011-03-02 01:48:35 -------- d-----w- C:\Windows\PCHEALTH
2011-03-01 22:29:34 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2011-03-01 22:29:29 -------- d-----w- C:\Program Files (x86)\Steam
2011-03-01 19:43:50 -------- d-----w- C:\Users\Animus\AppData\Local\Google
2011-03-01 19:30:02 -------- d-----w- C:\Program Files (x86)\Conduit
2011-03-01 19:30:00 -------- d-----w- C:\Program Files (x86)\ConduitEngine
2011-03-01 19:29:57 -------- d-----w- C:\Program Files (x86)\uTorrentBar
2011-03-01 19:29:41 -------- d-----w- C:\Program Files (x86)\uTorrent
2011-03-01 19:29:19 -------- d-----w- C:\Users\Animus\AppData\Roaming\uTorrent
2011-03-01 19:21:35 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2011-03-01 19:20:53 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-03-01 19:20:53 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-01 19:18:51 -------- d-----w- C:\Program Files (x86)\redist
2011-03-01 19:18:51 -------- d-----w- C:\Program Files (x86)\readmes
2011-03-01 19:18:51 -------- d-----w- C:\Program Files (x86)\licenses
2011-02-28 01:03:26 -------- d-----w- C:\Users\Animus\AppData\Local\ElevatedDiagnostics
2011-02-27 22:28:55 -------- d-----w- C:\Users\Animus\AppData\Local\Mozilla
2011-02-26 22:23:24 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-02-26 22:23:24 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-02-26 22:17:40 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2011-02-26 22:17:40 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2011-02-26 22:13:13 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-02-26 22:13:13 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-02-26 22:13:13 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-02-26 22:13:13 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-02-26 22:13:13 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-02-26 22:13:13 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-02-26 22:13:13 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-02-26 22:13:13 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-02-26 22:13:13 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-02-26 22:13:13 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-02-26 22:08:54 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2011-02-26 17:15:17 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2011-02-26 17:15:17 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
2011-02-26 17:15:17 2085376 ----a-w- C:\Windows\System32\ole32.dll
2011-02-26 17:15:17 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll
2011-02-26 17:06:31 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
2011-02-26 17:06:31 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe
2011-02-26 17:06:31 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll
2011-02-26 16:55:55 1975296 ----a-w- C:\Windows\System32\CertEnroll.dll
2011-02-26 16:55:55 1320960 ----a-w- C:\Windows\SysWow64\CertEnroll.dll
2011-02-26 16:49:25 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-02-26 16:49:25 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-02-26 16:49:25 125952 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-02-26 16:39:55 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2011-02-26 16:39:55 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2011-02-26 16:39:54 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2011-02-26 16:39:53 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2011-02-26 16:38:16 714752 ----a-w- C:\Windows\System32\kerberos.dll
2011-02-26 16:38:16 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2011-02-26 16:37:52 84992 ----a-w- C:\Windows\System32\asycfilt.dll
2011-02-26 16:37:52 67584 ----a-w- C:\Windows\SysWow64\asycfilt.dll
2011-02-26 16:37:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-02-26 16:37:49 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-02-26 16:37:22 148992 ----a-w- C:\Windows\System32\t2embed.dll
2011-02-26 16:37:22 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2011-02-26 16:37:15 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2011-02-26 16:37:15 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2011-02-26 16:31:49 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-02-26 16:31:49 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2011-02-26 16:31:49 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2011-02-26 16:31:49 464384 ----a-w- C:\Windows\System32\taskeng.exe
2011-02-26 16:31:49 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2011-02-26 16:31:49 285696 ----a-w- C:\Windows\System32\schtasks.exe
2011-02-26 16:31:49 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2011-02-26 16:31:49 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2011-02-26 16:31:49 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2011-02-26 16:31:49 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2011-02-26 16:30:41 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll
2011-02-26 16:30:41 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll
2011-02-26 16:24:56 3127808 ----a-w- C:\Windows\System32\win32k.sys
2011-02-26 16:16:48 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-02-26 16:16:03 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-02-26 16:16:03 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-02-26 16:14:06 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-02-26 16:14:06 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-02-26 16:13:59 389632 ----a-w- C:\Windows\System32\winlogon.exe
2011-02-26 16:13:59 2870272 ----a-w- C:\Windows\explorer.exe
2011-02-26 16:13:59 2614272 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-02-26 16:13:31 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-02-26 16:13:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-02-26 16:13:30 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-02-26 16:13:30 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-02-26 16:13:30 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-02-26 16:13:30 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-02-26 16:13:26 52224 ----a-w- C:\Windows\System32\rtutils.dll
2011-02-26 16:13:26 37376 ----a-w- C:\Windows\SysWow64\rtutils.dll
2011-02-26 16:07:54 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-02-26 16:07:54 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-26 16:07:54 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-02-26 16:07:54 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-26 16:04:10 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2011-02-26 16:04:10 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-02-26 16:04:10 153160 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-02-26 16:04:10 1446912 ----a-w- C:\Windows\System32\lsasrv.dll
2011-02-26 16:01:15 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2011-02-26 16:01:15 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2011-02-26 15:29:18 395776 ----a-w- C:\Windows\System32\webio.dll
2011-02-26 15:29:18 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2011-02-26 15:29:05 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2011-02-26 15:28:56 223448 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2011-02-26 15:28:44 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-02-26 15:28:44 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-02-26 15:27:01 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2011-02-26 15:27:01 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2011-02-26 15:23:06 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-26 15:23:06 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-26 15:23:06 100864 ----a-w- C:\Windows\System32\fontsub.dll
2011-02-26 15:23:05 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2011-02-26 15:23:05 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-26 15:23:05 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-26 15:22:31 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-02-26 15:13:59 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-26 15:13:59 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-26 15:13:59 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2011-02-26 15:13:59 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-26 15:13:58 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2011-02-26 05:05:02 -------- d-----w- C:\Windows\SysWow64\Wat
2011-02-26 05:05:01 -------- d-----w- C:\Windows\System32\Wat
2011-02-26 04:54:26 220672 ----a-w- C:\Windows\System32\wintrust.dll
2011-02-26 04:54:26 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2011-02-26 04:54:25 139264 ----a-w- C:\Windows\System32\cabview.dll
2011-02-26 04:54:25 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2011-02-26 04:45:31 44544 ----a-w- C:\Windows\System32\themeservice.dll.backup
2011-02-26 04:45:31 2851328 ----a-w- C:\Windows\System32\themeui.dll.backup
2011-02-26 04:45:30 332288 ----a-w- C:\Windows\System32\uxtheme.dll.backup
2011-02-26 04:43:34 2755072 ----a-w- C:\Windows\SysWow64\themeui.dll.backup
2011-02-26 04:43:34 245760 ----a-w- C:\Windows\SysWow64\uxtheme.dll.backup
2011-02-26 03:18:52 -------- d-----w- C:\Users\Animus\AppData\Roaming\AVG10
2011-02-26 01:29:37 -------- d--h--w- C:\PROGRA~3\Common Files
2011-02-26 01:28:14 -------- d-----w- C:\PROGRA~3\AVG10
2011-02-26 01:27:44 -------- d-----w- C:\Program Files (x86)\AVG
2011-02-25 21:21:14 -------- d-----w- C:\Users\Animus\AppData\Local\Korbin_Bickel
2011-02-25 20:46:01 -------- d-----w- C:\PROGRA~3\MFAData
2011-02-25 20:39:51 -------- d-----w- C:\Program Files (x86)\Theme Manager
2011-02-25 20:35:35 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{48104174-1E59-4C70-9566-F878C4AAD5CB}\mpengine.dll
2011-02-25 19:39:48 -------- d-----w- C:\Users\Animus\AppData\Local\Diagnostics
2011-02-25 19:21:56 708168 ----a-w- C:\Windows\System32\WinUSBCoInstaller.dll
2011-02-25 19:21:56 17920 ----a-w- C:\Windows\System32\drivers\pnetmdm64.sys
2011-02-25 19:21:56 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
2011-02-25 19:21:56 -------- d-----w- C:\Program Files (x86)\PdaNet for Android
2011-02-23 22:33:57 -------- d-----w- C:\Windows\Panther
2011-02-23 22:14:51 -------- d-----w- C:\Users\Animus\AppData\Local\Microsoft Games
2011-02-23 20:38:03 -------- d-----w- C:\Users\Animus\AppData\Local\Logitech
2011-02-23 20:31:19 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2011-02-23 20:31:19 412264 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2011-02-23 20:31:19 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2011-02-23 20:20:52 -------- d-sh--w- C:\Windows\Installer
2011-02-23 19:54:45 -------- d-----w- C:\Program Files (x86)\FitDay
2011-02-23 19:53:27 -------- d-----w- C:\Windows Setup
2011-02-23 19:52:21 25640 ----a-w- C:\Windows\gdrv.sys
2011-02-23 19:46:35 53248 ----a-r- C:\Windows\SysWow64\CSVer.dll
2011-02-23 19:46:31 -------- d-----w- C:\Intel
2011-02-23 19:46:17 146528 ----a-w- C:\Windows\SysWow64\dvmurl.dll
2011-02-23 19:46:17 -------- d-----w- C:\Program Files (x86)\Browser Configuration Utility
2011-02-23 19:45:53 -------- d-----w- C:\Program Files (x86)\GIGABYTE
2011-02-23 19:45:42 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-02-23 19:45:42 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-02-23 19:45:42 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2011-02-23 19:45:42 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-02-23 19:45:42 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-02-23 19:45:42 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-02-23 19:45:42 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-02-23 19:45:42 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-02-23 19:45:42 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-02-23 19:43:06 -------- d-----w- C:\Users\Animus\AppData\Local\VirtualStore

==================== Find3M ====================

2011-02-26 22:32:58 65536 ----a-w- C:\Windows\System32\sppuinotify.dll
2011-02-26 22:32:57 381952 ----a-w- C:\Windows\System32\sppcommdlg.dll
2011-02-26 22:32:55 15360 ----a-w- C:\Windows\System32\slwga.dll
2011-02-26 22:32:13 349696 ----a-w- C:\Windows\System32\slui.exe
2011-02-26 04:45:31 44544 ----a-w- C:\Windows\System32\themeservice.dll
2011-02-26 04:45:31 2851328 ----a-w- C:\Windows\System32\themeui.dll
2011-02-26 04:45:30 332288 ----a-w- C:\Windows\System32\uxtheme.dll
2011-02-26 04:43:34 2755072 ----a-w- C:\Windows\SysWow64\themeui.dll
2011-02-26 04:43:34 245760 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2011-02-23 20:32:21 419840 ----a-w- C:\Windows\System32\systemcpl.dll
2011-02-23 20:32:21 1008640 ----a-w- C:\Windows\System32\user32.dll
2011-02-23 20:32:20 142336 ----a-w- C:\Windows\System32\sppwmi.dll
2011-02-23 20:32:17 2048 ----a-w- C:\Windows\System32\winver.exe
2011-02-23 20:32:17 107946 ----a-w- C:\Windows\System32\slmgr.vbs
2011-02-23 20:32:16 2169856 --sha-w- C:\Windows\System32\hale.exe
2011-02-23 19:48:39 525792 ----a-w- C:\Windows\DIFxAPI.dll
2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-01-18 08:53:32 2994688 ----a-w- C:\Program Files (x86)\openofficeorg33.msi
2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll
2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll
2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll
2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll
2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll
2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll
2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll
2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll
2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll
2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll
2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec
2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-12-08 09:12:36 308304 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

============= FINISH: 14:45:37.17 ===============

gmer didn't come up with anything so the log was blank.

Attached Files



BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:05:26 AM

Posted 10 March 2011 - 05:00 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic and do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log



Thanks and again sorry for the delay.

Best Regards,
oneof4.


#3 drgentile777

drgentile777
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 11 March 2011 - 11:30 AM

My problems have not been resolved.
I don't have the original Windows CD. I am running Windows 7 Ultimate x64.
I forgot to add one thing to my description: Every time I start my computer up I notice that the cpu usage is constantly running at 100%. The process taking all of the resource is cmd.exe. This happens every time I start up, and stops when I end the cmd.exe process.

New logs:


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Animus at 11:28:49.38 on Fri 03/11/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.941 [GMT -5:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

============== Running Processes ===============

C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\FitDay\FitDay.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Animus\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - C:\Windows\SysWOW64\dvmurl.dll
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
uRun: [Google Update] "C:\Users\Animus\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Animus\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
mRun-x64: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
mRun-x64: [Chew7Hale] "C:\Windows\System32\hale.exe" /nolog
mRun-x64: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
mRun-x64: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
mRun-x64: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
mRun-x64: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Animus\AppData\Roaming\Mozilla\Firefox\Profiles\efbv5i76.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://n4g.com/
FF - prefs.js: keyword.URL - hxxp://www.gisly.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=fEFv3j7F&q=
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Animus\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Tiny Menu: {d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904} - %profile%\extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG10\Firefox

---- FIREFOX POLICIES ----

FF - user.js: browser.search.selectedEngine - Search
FF - user.js: keyword.URL - hxxp://www.gisly.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=fEFv3j7F&q=

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2011-3-5 69376]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 GEST Service;GEST Service for program management.;C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2011-2-23 68136]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-3-4 1405384]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-9 248936]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-3 157264]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-3 35920]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-3-4 17152]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 pnetmdm;PdaNet Modem;C:\Windows\System32\drivers\pnetmdm64.sys [2011-2-25 17920]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-2-23 412264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-26 1255736]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-11-11 306416]

=============== Created Last 30 ================

2011-03-11 04:56:04 -------- d---a-w- C:\.Trash-1000
2011-03-06 21:26:47 -------- d-----w- C:\PROGRA~3\Electronic Arts
2011-03-06 21:26:47 -------- d-----w- C:\PROGRA~3\EA Core
2011-03-06 03:36:47 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-03-06 03:36:46 75064 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-03-06 03:36:46 2434856 ----a-w- C:\Windows\SysWow64\pbsvc_bc2.exe
2011-03-05 19:34:41 -------- d-----w- C:\Users\Animus\AppData\Local\Activision
2011-03-05 16:42:45 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2011-03-05 16:42:42 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-03-05 16:42:04 -------- d-----w- C:\Users\Animus\AppData\Local\Sunbelt Software
2011-03-05 16:41:37 -------- dc-h--w- C:\PROGRA~3\{A5847AFF-A1FE-4929-A3C0-16C23AB1D29D}
2011-03-05 16:41:26 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-03-03 19:07:24 -------- d-----w- C:\Users\Animus\AppData\Roaming\OpenOffice.org
2011-03-03 01:03:56 -------- d-----w- C:\Users\Animus\AppData\Local\Adobe
2011-03-02 19:38:33 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2011-03-02 19:37:49 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-03-02 19:21:21 -------- d-sh--w- C:\$RECYCLE.BIN
2011-03-02 19:15:37 98816 ----a-w- C:\Windows\sed.exe
2011-03-02 19:15:37 89088 ----a-w- C:\Windows\MBR.exe
2011-03-02 19:15:37 256512 ----a-w- C:\Windows\PEV.exe
2011-03-02 19:15:37 161792 ----a-w- C:\Windows\SWREG.exe
2011-03-02 01:50:55 -------- d-----r- C:\Users\Animus\Podcasts
2011-03-02 01:50:28 -------- d-----w- C:\Windows\System32\drivers\UMDF\pt-BR
2011-03-02 01:50:27 -------- d-----w- C:\Windows\System32\drivers\UMDF\pt-PT
2011-03-02 01:50:24 -------- d-----w- C:\Windows\System32\drivers\UMDF\nl-NL
2011-03-02 01:50:22 -------- d-----w- C:\Windows\System32\drivers\UMDF\it-IT
2011-03-02 01:50:20 -------- d-----w- C:\Windows\System32\drivers\UMDF\de-DE
2011-03-02 01:50:18 -------- d-----w- C:\Windows\System32\drivers\UMDF\fr-FR
2011-03-02 01:50:18 -------- d-----w- C:\Windows\System32\drivers\UMDF\es-ES
2011-03-02 01:48:42 758272 ----a-w- C:\Windows\System32\PortableDeviceApi.dll
2011-03-02 01:48:42 547840 ----a-w- C:\Windows\SysWow64\PortableDeviceApi.dll
2011-03-02 01:48:35 -------- d-----w- C:\Windows\PCHEALTH
2011-03-01 22:29:34 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2011-03-01 22:29:29 -------- d-----w- C:\Program Files (x86)\Steam
2011-03-01 19:43:50 -------- d-----w- C:\Users\Animus\AppData\Local\Google
2011-03-01 19:30:02 -------- d-----w- C:\Program Files (x86)\Conduit
2011-03-01 19:30:00 -------- d-----w- C:\Program Files (x86)\ConduitEngine
2011-03-01 19:29:57 -------- d-----w- C:\Program Files (x86)\uTorrentBar
2011-03-01 19:29:41 -------- d-----w- C:\Program Files (x86)\uTorrent
2011-03-01 19:29:19 -------- d-----w- C:\Users\Animus\AppData\Roaming\uTorrent
2011-03-01 19:21:35 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2011-03-01 19:20:53 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-03-01 19:20:53 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-01 19:18:51 -------- d-----w- C:\Program Files (x86)\redist
2011-03-01 19:18:51 -------- d-----w- C:\Program Files (x86)\readmes
2011-03-01 19:18:51 -------- d-----w- C:\Program Files (x86)\licenses
2011-02-28 01:03:26 -------- d-----w- C:\Users\Animus\AppData\Local\ElevatedDiagnostics
2011-02-27 22:28:55 -------- d-----w- C:\Users\Animus\AppData\Local\Mozilla
2011-02-26 22:23:24 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-02-26 22:23:24 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-02-26 22:17:40 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2011-02-26 22:17:40 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2011-02-26 22:13:13 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-02-26 22:13:13 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-02-26 22:13:13 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-02-26 22:13:13 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-02-26 22:13:13 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-02-26 22:13:13 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-02-26 22:13:13 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-02-26 22:13:13 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-02-26 22:13:13 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-02-26 22:13:13 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-02-26 22:08:54 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2011-02-26 17:15:17 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2011-02-26 17:15:17 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
2011-02-26 17:15:17 2085376 ----a-w- C:\Windows\System32\ole32.dll
2011-02-26 17:15:17 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll
2011-02-26 17:06:31 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
2011-02-26 17:06:31 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe
2011-02-26 17:06:31 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll
2011-02-26 16:55:55 1975296 ----a-w- C:\Windows\System32\CertEnroll.dll
2011-02-26 16:55:55 1320960 ----a-w- C:\Windows\SysWow64\CertEnroll.dll
2011-02-26 16:49:25 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-02-26 16:49:25 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-02-26 16:49:25 125952 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-02-26 16:39:55 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2011-02-26 16:39:55 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2011-02-26 16:39:54 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2011-02-26 16:39:53 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2011-02-26 16:38:16 714752 ----a-w- C:\Windows\System32\kerberos.dll
2011-02-26 16:38:16 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2011-02-26 16:37:52 84992 ----a-w- C:\Windows\System32\asycfilt.dll
2011-02-26 16:37:52 67584 ----a-w- C:\Windows\SysWow64\asycfilt.dll
2011-02-26 16:37:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-02-26 16:37:49 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-02-26 16:37:22 148992 ----a-w- C:\Windows\System32\t2embed.dll
2011-02-26 16:37:22 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2011-02-26 16:37:15 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2011-02-26 16:37:15 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2011-02-26 16:31:49 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-02-26 16:31:49 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2011-02-26 16:31:49 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2011-02-26 16:31:49 464384 ----a-w- C:\Windows\System32\taskeng.exe
2011-02-26 16:31:49 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2011-02-26 16:31:49 285696 ----a-w- C:\Windows\System32\schtasks.exe
2011-02-26 16:31:49 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2011-02-26 16:31:49 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2011-02-26 16:31:49 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2011-02-26 16:31:49 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2011-02-26 16:30:41 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll
2011-02-26 16:30:41 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll
2011-02-26 16:24:56 3127808 ----a-w- C:\Windows\System32\win32k.sys
2011-02-26 16:20:43 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-02-26 16:20:43 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-02-26 16:20:43 2080256 ----a-w- C:\Program Files\Windows Mail\msoe.dll
2011-02-26 16:20:43 1619968 ----a-w- C:\Program Files (x86)\Windows Mail\msoe.dll
2011-02-26 16:20:32 552960 ----a-w- C:\Windows\System32\msdri.dll
2011-02-26 16:20:32 288256 ----a-w- C:\Windows\System32\MSNP.ax
2011-02-26 16:20:31 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-02-26 16:20:31 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-02-26 16:20:31 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2011-02-26 16:16:48 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-02-26 16:16:03 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-02-26 16:16:03 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-02-26 16:14:06 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-02-26 16:14:06 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-02-26 16:13:59 389632 ----a-w- C:\Windows\System32\winlogon.exe
2011-02-26 16:13:59 2870272 ----a-w- C:\Windows\explorer.exe
2011-02-26 16:13:59 2614272 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-02-26 16:13:31 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-02-26 16:13:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-02-26 16:13:30 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-02-26 16:13:30 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-02-26 16:13:30 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-02-26 16:13:30 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-02-26 16:13:26 52224 ----a-w- C:\Windows\System32\rtutils.dll
2011-02-26 16:13:26 37376 ----a-w- C:\Windows\SysWow64\rtutils.dll
2011-02-26 16:07:54 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-02-26 16:07:54 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-26 16:07:54 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-02-26 16:07:54 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-26 16:04:10 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2011-02-26 16:04:10 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-02-26 16:04:10 153160 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-02-26 16:04:10 1446912 ----a-w- C:\Windows\System32\lsasrv.dll
2011-02-26 16:01:15 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2011-02-26 16:01:15 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2011-02-26 15:29:18 395776 ----a-w- C:\Windows\System32\webio.dll
2011-02-26 15:29:18 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2011-02-26 15:29:05 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2011-02-26 15:28:56 223448 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2011-02-26 15:28:44 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-02-26 15:28:44 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-02-26 15:27:01 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2011-02-26 15:27:01 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2011-02-26 15:23:06 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-26 15:23:06 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-26 15:23:06 100864 ----a-w- C:\Windows\System32\fontsub.dll
2011-02-26 15:23:05 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2011-02-26 15:23:05 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-26 15:23:05 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-26 15:22:31 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-02-26 15:13:59 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-26 15:13:59 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-26 15:13:59 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2011-02-26 15:13:59 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-26 15:13:58 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2011-02-26 05:05:02 -------- d-----w- C:\Windows\SysWow64\Wat
2011-02-26 05:05:01 -------- d-----w- C:\Windows\System32\Wat
2011-02-26 04:54:26 220672 ----a-w- C:\Windows\System32\wintrust.dll
2011-02-26 04:54:26 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2011-02-26 04:54:25 139264 ----a-w- C:\Windows\System32\cabview.dll
2011-02-26 04:54:25 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2011-02-26 04:45:31 44544 ----a-w- C:\Windows\System32\themeservice.dll.backup
2011-02-26 04:45:31 2851328 ----a-w- C:\Windows\System32\themeui.dll.backup
2011-02-26 04:45:30 332288 ----a-w- C:\Windows\System32\uxtheme.dll.backup
2011-02-26 04:43:34 2755072 ----a-w- C:\Windows\SysWow64\themeui.dll.backup
2011-02-26 04:43:34 245760 ----a-w- C:\Windows\SysWow64\uxtheme.dll.backup
2011-02-26 03:18:52 -------- d-----w- C:\Users\Animus\AppData\Roaming\AVG10
2011-02-26 01:29:37 -------- d--h--w- C:\PROGRA~3\Common Files
2011-02-26 01:28:14 -------- d-----w- C:\PROGRA~3\AVG10
2011-02-26 01:27:44 -------- d-----w- C:\Program Files (x86)\AVG
2011-02-25 21:21:14 -------- d-----w- C:\Users\Animus\AppData\Local\Korbin_Bickel
2011-02-25 20:46:01 -------- d-----w- C:\PROGRA~3\MFAData
2011-02-25 20:39:51 -------- d-----w- C:\Program Files (x86)\Theme Manager
2011-02-25 20:35:35 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{48104174-1E59-4C70-9566-F878C4AAD5CB}\mpengine.dll
2011-02-25 19:39:48 -------- d-----w- C:\Users\Animus\AppData\Local\Diagnostics
2011-02-25 19:21:56 708168 ----a-w- C:\Windows\System32\WinUSBCoInstaller.dll
2011-02-25 19:21:56 17920 ----a-w- C:\Windows\System32\drivers\pnetmdm64.sys
2011-02-25 19:21:56 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
2011-02-25 19:21:56 -------- d-----w- C:\Program Files (x86)\PdaNet for Android
2011-02-23 22:33:57 -------- d-----w- C:\Windows\Panther
2011-02-23 22:14:51 -------- d-----w- C:\Users\Animus\AppData\Local\Microsoft Games
2011-02-23 20:38:03 -------- d-----w- C:\Users\Animus\AppData\Local\Logitech
2011-02-23 20:31:19 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2011-02-23 20:31:19 412264 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2011-02-23 20:31:19 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2011-02-23 20:20:52 -------- d-sh--w- C:\Windows\Installer
2011-02-23 19:54:45 -------- d-----w- C:\Program Files (x86)\FitDay
2011-02-23 19:53:27 -------- d-----w- C:\Windows Setup
2011-02-23 19:52:21 25640 ----a-w- C:\Windows\gdrv.sys
2011-02-23 19:46:35 53248 ----a-r- C:\Windows\SysWow64\CSVer.dll
2011-02-23 19:46:31 -------- d-----w- C:\Intel
2011-02-23 19:46:17 146528 ----a-w- C:\Windows\SysWow64\dvmurl.dll
2011-02-23 19:46:17 -------- d-----w- C:\Program Files (x86)\Browser Configuration Utility
2011-02-23 19:45:53 -------- d-----w- C:\Program Files (x86)\GIGABYTE
2011-02-23 19:45:42 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-02-23 19:45:42 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-02-23 19:45:42 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2011-02-23 19:45:42 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-02-23 19:45:42 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-02-23 19:45:42 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-02-23 19:45:42 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-02-23 19:45:42 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-02-23 19:45:42 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-02-23 19:43:06 -------- d-----w- C:\Users\Animus\AppData\Local\VirtualStore

==================== Find3M ====================

2011-02-26 22:32:58 65536 ----a-w- C:\Windows\System32\sppuinotify.dll
2011-02-26 22:32:57 381952 ----a-w- C:\Windows\System32\sppcommdlg.dll
2011-02-26 22:32:55 15360 ----a-w- C:\Windows\System32\slwga.dll
2011-02-26 22:32:13 349696 ----a-w- C:\Windows\System32\slui.exe
2011-02-26 04:45:31 44544 ----a-w- C:\Windows\System32\themeservice.dll
2011-02-26 04:45:31 2851328 ----a-w- C:\Windows\System32\themeui.dll
2011-02-26 04:45:30 332288 ----a-w- C:\Windows\System32\uxtheme.dll
2011-02-26 04:43:34 2755072 ----a-w- C:\Windows\SysWow64\themeui.dll
2011-02-26 04:43:34 245760 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2011-02-23 20:32:21 419840 ----a-w- C:\Windows\System32\systemcpl.dll
2011-02-23 20:32:21 1008640 ----a-w- C:\Windows\System32\user32.dll
2011-02-23 20:32:20 142336 ----a-w- C:\Windows\System32\sppwmi.dll
2011-02-23 20:32:17 2048 ----a-w- C:\Windows\System32\winver.exe
2011-02-23 20:32:17 107946 ----a-w- C:\Windows\System32\slmgr.vbs
2011-02-23 20:32:16 2169856 --sha-w- C:\Windows\System32\hale.exe
2011-02-23 19:48:39 525792 ----a-w- C:\Windows\DIFxAPI.dll
2011-02-19 06:37:44 1135104 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 06:37:10 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 06:36:49 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 05:32:48 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 05:32:35 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-01-18 08:53:32 2994688 ----a-w- C:\Program Files (x86)\openofficeorg33.msi
2010-12-23 06:07:50 1118720 ----a-w- C:\Windows\System32\sbe.dll
2010-12-23 06:07:49 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-12-23 06:07:49 723968 ----a-w- C:\Windows\System32\EncDec.dll
2010-12-23 06:02:33 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-12-23 05:28:29 850432 ----a-w- C:\Windows\SysWow64\sbe.dll
2010-12-23 05:28:28 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-12-23 05:28:28 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2010-12-23 05:24:02 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll
2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll
2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll
2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll
2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll
2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll
2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll
2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll
2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll
2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll
2010-12-18 06:12:28 3138048 ----a-w- C:\Windows\System32\mstscax.dll
2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-12-18 06:08:15 1097216 ----a-w- C:\Windows\System32\mstsc.exe
2010-12-18 05:30:20 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll
2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-12-18 05:26:55 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe
2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec
2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

============= FINISH: 11:29:21.65 ===============

Attached Files



#4 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:11:26 AM

Posted 11 March 2011 - 03:02 PM

Hi drgentile777, and welcome to Bleeping Computer.

You system has been recently installed... Anyway, please tell me if it's original Windows system or pirated...
It's because this executable runs on Startup:

mRun-x64: [Chew7Hale] "C:\Windows\System32\hale.exe" /nolog (it causes the high CPU usage, by the way...)

As far as I know, it's used to activate the Windows system (or rather bypass an activation) - and this program is certainly not a legitimate Microsoft product...

I'm not sure how we can help you, since even if we remove that executable and check for any malware present, I won't be able to guarantee your Windows is clean, as if it's pirated, it cannot be really trusted... If your Windows is not original, I highly recommend you either buy a legitimate copy or install a free OS - for example Linux...
Let me know if your system is original (or not) and what you choose...

Please perform this scan as well:
  • Please download WVCheck by Artellos from one of the mirrors below;

    Artellos.com (exe)
    Artellos.com (zip)

  • After the download, run WVCheck.exe
  • As indicated by the prompt, This program can take a while depending on your hard drive space.
  • Once the program is done, copy the contents of the notepad file as a reply.

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#5 drgentile777

drgentile777
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 13 March 2011 - 08:34 AM

This copy of windows is indeed pirated and I also have ubuntu installed but I can never figure out how to run everything I need to on it. :P I thought the source of my problem might have been coming from the fact that my version of windows just can't be trusted. I will be purchasing my own copy of windows so this thread can be deleted. Thanks for the help.

#6 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:11:26 AM

Posted 13 March 2011 - 09:39 AM

Hi again drgentile777!!.. :)

Thanks for the update!!..

I will be purchasing my own copy of windows so this thread can be deleted.

That's a very good choice!.. :thumbup2:

You can check my site: A few steps to make your web browsing safer...
Also, I do recommend you change all of your current passwords (from your Ubuntu installation) - to be on a safe side - make sure you create strong passwords and use a different password for every site (you can keep them in KeePass).
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#7 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:11:26 AM

Posted 13 March 2011 - 09:40 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users