bobbygeorge
Posts: 23 +0
Help needed to determine if my machine is infected...(kind of urgent,playing up alot)
I am using vista, 64 bit.
I believe my machine was deliberately infected with malware, but unsure how bad it is. I will include some logs below:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5448
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999
03/01/2011 18:32:31
mbam-log-2011-01-03 (18-32-31).txt
Scan type: Quick scan
Objects scanned: 157630
Time elapsed: 3 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Shaun\downloads\setupcasino_10fec3.exe (PUP.Casino) -> Quarantined and deleted successfully.
-----------------------------------------------------------------------------------------------------
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-03 19:28:51
Windows 6.0.6002 Service Pack 2
Running: bym2ebeo.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBA 0xB5 0x60 0x8C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBA 0xB5 0x60 0x8C ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4BF5041B-071B-2CB2-14D0-D9F88302CA33}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4BF5041B-071B-2CB2-14D0-D9F88302CA33}@jamgffmgahcacledlfic 0x6F 0x61 0x6D 0x67 ...
---- EOF - GMER 1.0.15 ----
--------------------------------------------------------------------------------------------------------
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 01/10/2009 02:24:41
System Uptime: 03/01/2011 18:33:55 (1 hours ago)
Motherboard: PEGATRON CORPORATION | | NARRA5
Processor: AMD Phenom(tm) 9650 Quad-Core Processor | Socket AM2 | 1200/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 451 GiB total, 79.303 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 2.133 GiB free.
E: is CDROM ()
J: is Removable
K: is Removable
L: is Removable
N: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
==== Installed Programs ======================
AAA Logo 2008 2.10
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Any Video Converter 3.0.5
ArcSoft VideoImpression 2
µTorrent
AVG 9.0
AVS Audio Converter version 6.2
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
Belkin Wireless USB Adapter Setup
Bing Bar
Bing Bar Platform
Blaze Media Pro
Casino.com
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Compatibility Pack for the 2007 Office system
Conduit Engine
Convert WAV To MP3 1.0
CyberLink DVD Suite Deluxe
D3DX10
DirectX for Managed Code Update (Summer 2004)
DVDVideoSoftTB Toolbar
Free Video to MP3 Converter version 4.2.12
Free WMA to MP3 Converter 1.16
FreeRIP v3.42
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP Odometer
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Support Information
HP Total Care Setup
HP Update
HPAsset component for HP Active Support Library
Huawei modem
Java(TM) 6 Update 16
Junk Mail filter update
K-Lite Codec Pack 5.1.0 (Full)
LabelPrint
LG PC Suite II
LG USB Modem driver
LightScribe System Software
Live 7.0.14
Magic Desktop
Magic DVD Copier Version 5.0.0
Malwarebytes' Anti-Malware
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.8)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Ultra Edition
neroxml
PC VGA Camer@ Plus
PokerStars
Power Structure
Power2Go
PowerDirector
PowerISO
Pro Evolution Soccer 2009
Python 2.6 pywin32-212
Python 2.6.1
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
Reason 4.0.1
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Segoe UI
Skins
Skype™ Beta 4.2
Spybot - Search & Destroy
SpyShelter Premium 4.55
Steinberg Cubase 5
Steinberg Drum Loop Expansion 01
Steinberg Groove Agent ONE Content
Steinberg HALionOne
Steinberg HALionOne Additional Content Set 01
Steinberg HALionOne Expression Set
Steinberg HALionOne GM Drum Set
Steinberg HALionOne GM Set
Steinberg HALionOne Pro Set
Steinberg HALionOne Studio Drum Set
Steinberg HALionOne Studio Set
Steinberg LoopMash Content
Steinberg REVerence Content 01
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
uTorrentBar Toolbar
Visual C++ 8.0 Runtime Setup Package (x64)
Wav2MP3 Wizard v3.2 (Build 354)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Word to PDF Converter
==== End Of File ===========================
--------------------------------------------------------------------------------------------------------
DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Shaun at 19:33:21.31 on 03/01/2011
Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.353.1033.18.4094.2142 [GMT 0:00]
AV: AVG Internet Security 3-pack *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 3-pack *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\a-squared Free\a2service.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\AVG\AVG9\avgam.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Shaun\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shaun\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shaun\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Shaun\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = Preserve
mStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Google Update] "C:\Users\Shaun\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpyShelter] C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File
mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
AppInit_DLLs-X64: avgrssta.dll
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Shaun\AppData\Roaming\Mozilla\Firefox\Profiles\omm3n6o8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=
FF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\Users\Shaun\AppData\Roaming\Mozilla\Firefox\Profiles\omm3n6o8.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: C:\Users\Shaun\AppData\Roaming\Mozilla\Firefox\Profiles\omm3n6o8.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Shaun\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG9\Firefox
FF - Ext: AVG Security Toolbar em:version=6.010.006.004 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
============= SERVICES / DRIVERS ===============
R0 AVGIDSErHrvta;AVG9IDSErHr;C:\Windows\System32\drivers\AVGIDSva.sys [2010-6-14 27216]
R0 AvgRkx64;avgrkx64.sys;C:\Windows\System32\drivers\avgrkx64.sys [2010-6-14 56008]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2010-6-14 29976]
R1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2010-6-14 269904]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2010-6-14 35536]
R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2010-6-14 317520]
R1 SpyShelter;SpyShelter;C:\Program Files (x86)\SpyShelter Premium\SpyShelter.sys [2010-10-6 178624]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/06/17 03:51:03];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-6-17 146928]
R2 a2free;a-squared Free Service;C:\Program Files (x86)\a-squared Free\a2service.exe [2010-6-14 1872320]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-3-10 202752]
R2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-6-23 308136]
R2 avgfws9;AVG Firewall;C:\Program Files (x86)\AVG\AVG9\avgfws9.exe [2010-6-23 2331544]
R2 AVGIDSAgent;AVG9IDSAgent;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-6-23 5897808]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [2008-1-21 27648]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-1-26 1153368]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2010-3-10 6403072]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-3-10 188928]
R3 AVGIDSDrivervta;AVG9IDSDriver;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista64\AVGIDSDriver.sys [2010-6-14 132688]
R3 AVGIDSFiltervta;AVG9IDSFilter;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista64\AVGIDSFilter.sys [2010-6-14 35920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RelevantKnowledge;RelevantKnowledge;C:\Program Files (x86)\RelevantKnowledge\rlservice.exe /service --> C:\Program Files (x86)\RelevantKnowledge\rlservice.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-10-26 517448]
S3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 27648]
S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2010-11-10 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr28ux.sys [2011-1-2 804864]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 SWNC8U90;Sierra Wireless MUX NDIS Driver (UMTS90);C:\Windows\System32\drivers\swnc8u90.sys [2008-12-2 206848]
S3 SWUMX90;Sierra Wireless USB MUX Driver (UMTS90);C:\Windows\System32\drivers\swumx90.sys [2008-11-17 194944]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-4-1 89920]
=============== File Associations ===============
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
=============== Created Last 30 ================
2011-01-02 21:48:53 804864 ----a-w- C:\Windows\System32\drivers\netr28ux.sys
2011-01-02 21:48:53 305664 ----a-w- C:\Windows\System32\RaCoInstx.dll
2011-01-02 21:48:53 -------- d-----w- C:\Program Files (x86)\Belkin
2010-12-15 13:34:44 -------- d-----w- C:\fb09c73799e3104f11c2afcb
2010-12-15 13:19:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-12-15 13:19:53 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-12-15 13:19:37 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-12-15 13:19:37 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-12-15 13:19:36 87552 ----a-w- C:\Windows\System32\consent.exe
2010-12-15 13:19:35 68096 ----a-w- C:\Program Files\Windows Mail\wabmig.exe
2010-12-15 13:19:35 66048 ----a-w- C:\Program Files (x86)\Windows Mail\wabmig.exe
2010-12-15 13:19:35 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
2010-12-15 13:19:35 515584 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe
2010-12-15 13:19:35 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll
2010-12-15 13:19:35 33280 ----a-w- C:\Program Files (x86)\Windows Mail\wabfind.dll
2010-12-09 19:00:11 34304 ----a-w- C:\Windows\System32\drivers\swmsflt.sys
2010-12-09 19:00:07 -------- d-----w- C:\Users\Shaun\AppData\Roaming\Sierra Wireless
2010-12-09 19:00:07 -------- d-----w- C:\Program Files (x86)\Sierra Wireless Inc
2010-12-05 17:27:16 -------- d-----w- C:\Program Files (x86)\ConduitEngine
2010-12-05 17:27:10 -------- d-----w- C:\Program Files (x86)\uTorrentBar
2010-12-05 17:26:36 -------- d-----w- C:\Program Files (x86)\uTorrent
2010-12-05 17:25:46 -------- d-----w- C:\Users\Shaun\AppData\Roaming\uTorrent
2010-12-05 17:24:38 -------- d-----w- C:\Users\Shaun\AppData\Roaming\GetRightToGo
2010-12-04 20:35:56 -------- d-----w- C:\Casino
==================== Find3M ====================
2010-12-20 18:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-06 13:44:16 71279 ----a-w- C:\Windows\Huawei ModemsUninstall.exe
2010-11-22 14:33:08 99384 ----a-w- C:\Users\Shaun\AppData\Roaming\inst.exe
2010-11-22 14:33:08 82816 ----a-w- C:\Windows\System32\drivers\pcouffin.sys
2010-11-22 14:33:08 82816 ----a-w- C:\Users\Shaun\AppData\Roaming\pcouffin.sys
2010-11-10 00:46:45 269904 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2010-11-06 11:18:48 500224 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-06 11:18:27 655872 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-06 11:18:27 410112 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-06 11:18:13 855040 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-04 23:58:17 267776 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-04 18:55:38 352768 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-04 18:55:38 270336 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-04 16:34:06 171520 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 06:27:41 1147904 ----a-w- C:\Windows\System32\wininet.dll
2010-11-02 06:24:01 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-02 06:23:47 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2010-11-02 06:23:35 77312 ----a-w- C:\Windows\System32\iesetup.dll
2010-11-02 06:23:35 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2010-11-02 06:01:54 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-02 05:57:41 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-02 05:57:27 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-11-02 05:57:11 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2010-11-02 05:57:11 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2010-11-02 05:25:33 479232 ----a-w- C:\Windows\System32\html.iec
2010-11-02 05:01:31 385024 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-02 04:45:37 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2010-11-02 04:44:24 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-02 04:26:10 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2010-11-02 04:24:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-10-28 16:29:18 48128 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-28 15:44:56 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-28 14:05:21 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-28 13:27:47 292352 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-18 15:25:36 2753536 ----a-w- C:\Windows\System32\win32k.sys
============= FINISH: 19:34:06.36 ===============
Hope these logs are sufficient to help determine any infections.
Thanks,
BobbyGeorge
I am using vista, 64 bit.
I believe my machine was deliberately infected with malware, but unsure how bad it is. I will include some logs below:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5448
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999
03/01/2011 18:32:31
mbam-log-2011-01-03 (18-32-31).txt
Scan type: Quick scan
Objects scanned: 157630
Time elapsed: 3 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Shaun\downloads\setupcasino_10fec3.exe (PUP.Casino) -> Quarantined and deleted successfully.
-----------------------------------------------------------------------------------------------------
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-03 19:28:51
Windows 6.0.6002 Service Pack 2
Running: bym2ebeo.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBA 0xB5 0x60 0x8C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBA 0xB5 0x60 0x8C ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4BF5041B-071B-2CB2-14D0-D9F88302CA33}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4BF5041B-071B-2CB2-14D0-D9F88302CA33}@jamgffmgahcacledlfic 0x6F 0x61 0x6D 0x67 ...
---- EOF - GMER 1.0.15 ----
--------------------------------------------------------------------------------------------------------
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 01/10/2009 02:24:41
System Uptime: 03/01/2011 18:33:55 (1 hours ago)
Motherboard: PEGATRON CORPORATION | | NARRA5
Processor: AMD Phenom(tm) 9650 Quad-Core Processor | Socket AM2 | 1200/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 451 GiB total, 79.303 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 2.133 GiB free.
E: is CDROM ()
J: is Removable
K: is Removable
L: is Removable
N: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
==== Installed Programs ======================
AAA Logo 2008 2.10
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Any Video Converter 3.0.5
ArcSoft VideoImpression 2
µTorrent
AVG 9.0
AVS Audio Converter version 6.2
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
Belkin Wireless USB Adapter Setup
Bing Bar
Bing Bar Platform
Blaze Media Pro
Casino.com
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Compatibility Pack for the 2007 Office system
Conduit Engine
Convert WAV To MP3 1.0
CyberLink DVD Suite Deluxe
D3DX10
DirectX for Managed Code Update (Summer 2004)
DVDVideoSoftTB Toolbar
Free Video to MP3 Converter version 4.2.12
Free WMA to MP3 Converter 1.16
FreeRIP v3.42
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP Odometer
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Support Information
HP Total Care Setup
HP Update
HPAsset component for HP Active Support Library
Huawei modem
Java(TM) 6 Update 16
Junk Mail filter update
K-Lite Codec Pack 5.1.0 (Full)
LabelPrint
LG PC Suite II
LG USB Modem driver
LightScribe System Software
Live 7.0.14
Magic Desktop
Magic DVD Copier Version 5.0.0
Malwarebytes' Anti-Malware
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.8)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Ultra Edition
neroxml
PC VGA Camer@ Plus
PokerStars
Power Structure
Power2Go
PowerDirector
PowerISO
Pro Evolution Soccer 2009
Python 2.6 pywin32-212
Python 2.6.1
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
Reason 4.0.1
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Segoe UI
Skins
Skype™ Beta 4.2
Spybot - Search & Destroy
SpyShelter Premium 4.55
Steinberg Cubase 5
Steinberg Drum Loop Expansion 01
Steinberg Groove Agent ONE Content
Steinberg HALionOne
Steinberg HALionOne Additional Content Set 01
Steinberg HALionOne Expression Set
Steinberg HALionOne GM Drum Set
Steinberg HALionOne GM Set
Steinberg HALionOne Pro Set
Steinberg HALionOne Studio Drum Set
Steinberg HALionOne Studio Set
Steinberg LoopMash Content
Steinberg REVerence Content 01
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
uTorrentBar Toolbar
Visual C++ 8.0 Runtime Setup Package (x64)
Wav2MP3 Wizard v3.2 (Build 354)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Word to PDF Converter
==== End Of File ===========================
--------------------------------------------------------------------------------------------------------
DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Shaun at 19:33:21.31 on 03/01/2011
Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.353.1033.18.4094.2142 [GMT 0:00]
AV: AVG Internet Security 3-pack *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 3-pack *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\a-squared Free\a2service.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\AVG\AVG9\avgam.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Shaun\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shaun\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shaun\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Shaun\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = Preserve
mStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Google Update] "C:\Users\Shaun\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpyShelter] C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File
mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
AppInit_DLLs-X64: avgrssta.dll
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Shaun\AppData\Roaming\Mozilla\Firefox\Profiles\omm3n6o8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=
FF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\Users\Shaun\AppData\Roaming\Mozilla\Firefox\Profiles\omm3n6o8.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: C:\Users\Shaun\AppData\Roaming\Mozilla\Firefox\Profiles\omm3n6o8.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Shaun\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG9\Firefox
FF - Ext: AVG Security Toolbar em:version=6.010.006.004 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
============= SERVICES / DRIVERS ===============
R0 AVGIDSErHrvta;AVG9IDSErHr;C:\Windows\System32\drivers\AVGIDSva.sys [2010-6-14 27216]
R0 AvgRkx64;avgrkx64.sys;C:\Windows\System32\drivers\avgrkx64.sys [2010-6-14 56008]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2010-6-14 29976]
R1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2010-6-14 269904]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2010-6-14 35536]
R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2010-6-14 317520]
R1 SpyShelter;SpyShelter;C:\Program Files (x86)\SpyShelter Premium\SpyShelter.sys [2010-10-6 178624]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/06/17 03:51:03];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-6-17 146928]
R2 a2free;a-squared Free Service;C:\Program Files (x86)\a-squared Free\a2service.exe [2010-6-14 1872320]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-3-10 202752]
R2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-6-23 308136]
R2 avgfws9;AVG Firewall;C:\Program Files (x86)\AVG\AVG9\avgfws9.exe [2010-6-23 2331544]
R2 AVGIDSAgent;AVG9IDSAgent;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-6-23 5897808]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [2008-1-21 27648]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-1-26 1153368]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2010-3-10 6403072]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-3-10 188928]
R3 AVGIDSDrivervta;AVG9IDSDriver;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista64\AVGIDSDriver.sys [2010-6-14 132688]
R3 AVGIDSFiltervta;AVG9IDSFilter;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista64\AVGIDSFilter.sys [2010-6-14 35920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RelevantKnowledge;RelevantKnowledge;C:\Program Files (x86)\RelevantKnowledge\rlservice.exe /service --> C:\Program Files (x86)\RelevantKnowledge\rlservice.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-10-26 517448]
S3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 27648]
S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2010-11-10 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr28ux.sys [2011-1-2 804864]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 SWNC8U90;Sierra Wireless MUX NDIS Driver (UMTS90);C:\Windows\System32\drivers\swnc8u90.sys [2008-12-2 206848]
S3 SWUMX90;Sierra Wireless USB MUX Driver (UMTS90);C:\Windows\System32\drivers\swumx90.sys [2008-11-17 194944]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-4-1 89920]
=============== File Associations ===============
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
=============== Created Last 30 ================
2011-01-02 21:48:53 804864 ----a-w- C:\Windows\System32\drivers\netr28ux.sys
2011-01-02 21:48:53 305664 ----a-w- C:\Windows\System32\RaCoInstx.dll
2011-01-02 21:48:53 -------- d-----w- C:\Program Files (x86)\Belkin
2010-12-15 13:34:44 -------- d-----w- C:\fb09c73799e3104f11c2afcb
2010-12-15 13:19:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-12-15 13:19:53 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-12-15 13:19:37 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-12-15 13:19:37 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-12-15 13:19:36 87552 ----a-w- C:\Windows\System32\consent.exe
2010-12-15 13:19:35 68096 ----a-w- C:\Program Files\Windows Mail\wabmig.exe
2010-12-15 13:19:35 66048 ----a-w- C:\Program Files (x86)\Windows Mail\wabmig.exe
2010-12-15 13:19:35 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
2010-12-15 13:19:35 515584 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe
2010-12-15 13:19:35 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll
2010-12-15 13:19:35 33280 ----a-w- C:\Program Files (x86)\Windows Mail\wabfind.dll
2010-12-09 19:00:11 34304 ----a-w- C:\Windows\System32\drivers\swmsflt.sys
2010-12-09 19:00:07 -------- d-----w- C:\Users\Shaun\AppData\Roaming\Sierra Wireless
2010-12-09 19:00:07 -------- d-----w- C:\Program Files (x86)\Sierra Wireless Inc
2010-12-05 17:27:16 -------- d-----w- C:\Program Files (x86)\ConduitEngine
2010-12-05 17:27:10 -------- d-----w- C:\Program Files (x86)\uTorrentBar
2010-12-05 17:26:36 -------- d-----w- C:\Program Files (x86)\uTorrent
2010-12-05 17:25:46 -------- d-----w- C:\Users\Shaun\AppData\Roaming\uTorrent
2010-12-05 17:24:38 -------- d-----w- C:\Users\Shaun\AppData\Roaming\GetRightToGo
2010-12-04 20:35:56 -------- d-----w- C:\Casino
==================== Find3M ====================
2010-12-20 18:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-06 13:44:16 71279 ----a-w- C:\Windows\Huawei ModemsUninstall.exe
2010-11-22 14:33:08 99384 ----a-w- C:\Users\Shaun\AppData\Roaming\inst.exe
2010-11-22 14:33:08 82816 ----a-w- C:\Windows\System32\drivers\pcouffin.sys
2010-11-22 14:33:08 82816 ----a-w- C:\Users\Shaun\AppData\Roaming\pcouffin.sys
2010-11-10 00:46:45 269904 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2010-11-06 11:18:48 500224 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-06 11:18:27 655872 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-06 11:18:27 410112 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-06 11:18:13 855040 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-04 23:58:17 267776 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-04 18:55:38 352768 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-04 18:55:38 270336 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-04 16:34:06 171520 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 06:27:41 1147904 ----a-w- C:\Windows\System32\wininet.dll
2010-11-02 06:24:01 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-02 06:23:47 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2010-11-02 06:23:35 77312 ----a-w- C:\Windows\System32\iesetup.dll
2010-11-02 06:23:35 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2010-11-02 06:01:54 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-02 05:57:41 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-02 05:57:27 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-11-02 05:57:11 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2010-11-02 05:57:11 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2010-11-02 05:25:33 479232 ----a-w- C:\Windows\System32\html.iec
2010-11-02 05:01:31 385024 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-02 04:45:37 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2010-11-02 04:44:24 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-02 04:26:10 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2010-11-02 04:24:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-10-28 16:29:18 48128 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-28 15:44:56 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-28 14:05:21 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-28 13:27:47 292352 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-18 15:25:36 2753536 ----a-w- C:\Windows\System32\win32k.sys
============= FINISH: 19:34:06.36 ===============
Hope these logs are sufficient to help determine any infections.
Thanks,
BobbyGeorge