Inactive Possible Internet Hijacking

[kristjin]

Hello and thank you so much in advance for your help. You guys and gals with the know how to identify and fix problems like this are a huge gift to the rest of us.

Beginning last month, we noticed our internet connection was suffering from low speeds at times when we should be having no problems. Our internet usage meter on comcast's website shows that our account consumed a whopping 337 GB of data in the month of March. This is over twice our average of 150 GB a month for gaming, music purchases, and almost constantly streaming video from Netflix. Comcast resets usage counts on the 1st of the month, and I checked our usage yesterday - 48 GB. Today we are at 65 GB. Almost 20 GB of usage that no one in the house can account for. My only guess would be a virus or something like that, and since this PC has been used by several guests in the past six months, I'm starting here.

I've completed the initial steps and will post all the logs beginning now. Thanks again.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6278

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

4/5/2011 7:44:57 AM
mbam-log-2011-04-05 (07-44-57).txt

Scan type: Quick scan
Objects scanned: 172317
Time elapsed: 1 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-----------------------------------------------

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-05 07:58:58
Windows 6.1.7601 Service Pack 1
Running: xdx0m4e0.exe


---- Files - GMER 1.0.15 ----

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00CA3.log 1048576 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00CA4.log 1048576 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00CA5.log 1048576 bytes

---- EOF - GMER 1.0.15 ----

--------------------------------------------------------------

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by kristjin at 8:04:42.18 on Tue 04/05/2011
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2711 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe
C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\kristjin\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2645238
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Steam] "C:\Games\Steam\Steam.exe" -silent
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
StartupFolder: C:\Users\kristjin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\Users\kristjin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\XPADDE~1.LNK - C:\Users\kristjin\Documents\xpadder\Xpadder.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BITMET~1.LNK - C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
mRun-x64: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
mRun-x64: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe /tray
STS-X64: FencesShlExt Class: {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\kristjin\AppData\Roaming\Mozilla\Firefox\Profiles\fwdffeh6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Security Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2645238&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=2&q=
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Users\kristjin\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\kristjin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\kristjin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-3-21 254528]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-26 203776]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-1-14 341296]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-1-26 9085952]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-1-26 299520]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-3 157264]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-3 35920]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2010-5-7 30304]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-5-20 393728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2010-11-10 341856]
S3 LVUVC64;Logitech Webcam 300(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2010-11-10 4162784]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-3-21 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-21 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-21 1255736]
.
=============== Created Last 30 ================
.
2011-04-05 14:24:06 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-04-05 14:05:13 -------- d-----w- C:\Users\kristjin\AppData\Roaming\CheckPoint
2011-04-05 14:03:14 -------- d-----w- C:\Windows\Internet Logs
2011-04-05 14:03:14 -------- d-----w- C:\PROGRA~3\CheckPoint
2011-04-05 13:59:12 -------- d-----w- C:\Users\kristjin\AppData\Roaming\Wireshark
2011-04-05 13:48:04 -------- d-----w- C:\Program Files (x86)\WinPcap
2011-04-05 13:47:27 -------- d-----w- C:\Program Files\Wireshark
2011-04-04 23:05:22 -------- d-----w- C:\Users\kristjin\AppData\Roaming\Bitmeter2
2011-04-04 23:05:22 -------- d-----w- C:\Program Files (x86)\Codebox
2011-04-04 23:05:22 -------- d-----w- C:\PROGRA~3\Bitmeter2
2011-04-01 20:06:02 -------- d-----w- C:\Users\kristjin\AppData\Local\Electronic Arts
2011-03-29 16:18:24 -------- d-----w- C:\Users\kristjin\AppData\Local\DDMSettings
2011-03-29 16:16:53 -------- d-----w- C:\Program Files\DivX
2011-03-29 16:16:44 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2011-03-29 16:15:24 -------- d-----w- C:\Program Files (x86)\DivX
2011-03-29 16:13:26 -------- d-----w- C:\PROGRA~3\DivX
2011-03-28 14:53:04 -------- d-----w- C:\Users\kristjin\AppData\Roaming\OpenOffice.org
2011-03-28 04:20:29 -------- d-----w- C:\Program Files (x86)\RocketDock
2011-03-27 23:24:38 -------- d-----w- C:\Users\kristjin\AppData\Local\Stardock_Corporation
2011-03-27 21:53:41 -------- d-----w- C:\Users\kristjin\AppData\Local\ODUI
2011-03-27 21:53:31 -------- d-----w- C:\Users\kristjin\AppData\Local\Stardock
2011-03-24 13:19:26 781272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-03-24 13:19:26 728024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2011-03-24 13:19:26 1975768 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-03-24 13:19:26 1893336 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-03-24 13:19:26 1874904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-03-24 13:19:26 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2011-03-24 13:19:26 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2011-03-24 13:19:26 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-03-23 19:01:35 -------- d--h--w- C:\$AVG
2011-03-23 13:49:29 14744 ----a-w- C:\Users\kristjin\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
2011-03-22 23:36:16 -------- d-----w- C:\Users\kristjin\AppData\Local\Google
2011-03-22 14:46:02 -------- d-----w- C:\Users\kristjin\AppData\Roaming\Bioshock2
2011-03-22 14:29:40 -------- d-sh--w- C:\PROGRA~3\SecuROM
2011-03-22 14:29:00 -------- d-----w- C:\Windows\SysWow64\xlive
2011-03-22 14:29:00 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2011-03-22 04:46:13 -------- d-----w- C:\Windows\SysWow64\AGEIA
2011-03-22 04:46:05 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-03-22 04:38:33 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare
2011-03-22 04:12:36 -------- d-----w- C:\Users\kristjin\AppData\Local\EA Games
2011-03-22 03:37:35 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2011-03-22 03:36:14 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-03-22 03:36:14 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-22 03:18:38 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll
2011-03-22 03:18:38 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll
2011-03-22 03:18:38 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll
2011-03-22 03:18:38 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2011-03-22 03:18:38 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll
2011-03-22 03:18:38 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll
2011-03-22 02:33:44 -------- d-----w- C:\Users\kristjin\AppData\Local\Apple Computer
2011-03-22 02:33:40 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-03-22 02:33:40 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2011-03-22 02:33:40 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2011-03-22 02:33:34 -------- d-----w- C:\Program Files\iPod
2011-03-22 02:33:33 -------- d-----w- C:\Program Files\iTunes
2011-03-22 02:33:33 -------- d-----w- C:\Program Files (x86)\iTunes
2011-03-22 02:33:33 -------- d-----w- C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-03-22 02:02:09 -------- d-----w- C:\Users\kristjin\AppData\Local\FalloutNV
2011-03-22 01:38:58 -------- d-----w- C:\Program Files (x86)\GameSpy Arcade
2011-03-22 01:38:47 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-03-21 19:50:09 -------- d-----w- C:\Users\kristjin\AppData\Local\SKIDROW
2011-03-21 19:32:03 -------- d-----w- C:\Users\kristjin\AppData\Local\My Games
2011-03-21 19:24:12 -------- d-----w- C:\Program Files (x86)\uTorrent
2011-03-21 19:23:08 -------- d-----w- C:\Users\kristjin\AppData\Roaming\uTorrent
2011-03-21 19:15:17 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2011-03-21 19:11:09 -------- d-----w- C:\Windows\SysWow64\directx
2011-03-21 19:05:43 -------- d-----w- C:\Games
2011-03-21 19:05:17 -------- d-----w- C:\Program Files (x86)\Sid Meier's Civilization V
2011-03-21 19:03:05 254528 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2011-03-21 19:03:00 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2011-03-21 19:02:36 -------- d-----w- C:\Users\kristjin\AppData\Roaming\DAEMON Tools Lite
2011-03-21 19:02:36 -------- d-----w- C:\PROGRA~3\DAEMON Tools Lite
2011-03-21 18:39:04 -------- d-----w- C:\Users\kristjin\AppData\Roaming\Stardock
2011-03-21 18:38:59 -------- dc-h--w- C:\PROGRA~3\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}
2011-03-21 18:38:55 -------- d-----w- C:\Program Files (x86)\Stardock
2011-03-21 18:38:37 -------- d-----w- C:\Users\kristjin\AppData\Local\PackageAware
2011-03-21 17:53:54 -------- d-----w- C:\Users\kristjin\AppData\Local\Radium Technologies
2011-03-21 17:53:38 -------- dc-h--w- C:\PROGRA~3\{EFBAD1D6-DB32-4E45-ACA1-FB05458C6D20}
2011-03-21 17:53:35 -------- d-----w- C:\Program Files (x86)\Radium Technologies
2011-03-21 17:53:35 -------- d-----w- C:\PROGRA~3\Radium Technologies
2011-03-21 17:41:02 -------- d-----w- C:\Users\kristjin\AppData\Roaming\Malwarebytes
2011-03-21 17:40:59 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-21 17:40:59 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-03-21 17:40:56 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-03-21 17:40:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-03-21 17:40:01 28976 ----a-w- C:\Windows\System32\nitrolocalmon.dll
2011-03-21 17:40:01 17200 ----a-w- C:\Windows\System32\nitrolocalui.dll
2011-03-21 17:39:58 -------- d-----w- C:\Program Files\Common Files\Nitro PDF
2011-03-21 17:39:58 -------- d-----w- C:\Program Files (x86)\Common Files\Nitro PDF
2011-03-21 17:39:20 -------- d-----w- C:\Users\kristjin\AppData\Local\OpenCandy
2011-03-21 17:39:19 95008 ----a-w- C:\Windows\System32\Primomonnt.dll
2011-03-21 17:39:19 -------- d-----w- C:\Users\kristjin\AppData\Roaming\OpenCandy
2011-03-21 17:39:18 -------- d-----w- C:\Program Files (x86)\Nitro PDF
2011-03-21 17:23:45 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-03-21 17:09:03 -------- d-----w- C:\Intel
2011-03-21 17:07:38 -------- d-----w- C:\Program Files (x86)\Marvell
2011-03-21 17:03:54 -------- d-----w- C:\Users\kristjin\AppData\Local\ATI
2011-03-21 17:03:48 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2011-03-21 17:03:48 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2011-03-21 17:03:46 -------- d-----w- C:\Program Files (x86)\ATI Stream
2011-03-21 17:03:10 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2011-03-21 17:03:05 -------- d-----w- C:\Program Files\ATI
2011-03-21 17:02:30 -------- d-----w- C:\Program Files\ATI Technologies
2011-03-21 17:02:04 -------- d-----w- C:\ATI
2011-03-21 16:59:11 419840 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-03-21 16:59:11 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-03-21 16:59:11 1503232 ------w- C:\Windows\SysWow64\adi_oal.dll
2011-03-21 16:59:11 133632 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-03-21 16:59:11 110592 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-03-21 16:59:11 -------- d-----w- C:\Program Files (x86)\Creative
2011-03-21 16:59:10 1828352 ------w- C:\Windows\System32\adi_oal.dll
2011-03-21 16:56:17 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
2011-03-21 16:56:13 -------- d-----w- C:\Windows\PCHEALTH
2011-03-21 16:51:50 -------- d-----w- C:\Users\kristjin\AppData\Roaming\AVG10
2011-03-21 16:51:24 -------- d--h--w- C:\PROGRA~3\Common Files
2011-03-21 16:51:13 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2011-03-21 16:50:48 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-03-21 16:50:48 -------- d-----w- C:\PROGRA~3\AVG10
2011-03-21 16:49:58 -------- d-----w- C:\Program Files (x86)\AVG
2011-03-21 16:38:33 -------- d-----w- C:\Windows\Panther
2011-03-21 16:36:44 -------- d-----w- C:\Windows\System32\SPReview
2011-03-21 16:36:27 -------- d-----w- C:\Windows\System32\EventProviders
2011-03-21 16:34:59 878592 ----a-w- C:\Windows\SysWow64\Bubbles.scr
2011-03-21 16:33:49 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-03-21 16:33:49 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-03-21 16:33:49 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-03-21 16:33:47 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-03-21 16:33:47 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-03-21 16:33:44 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-03-21 16:33:44 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-03-21 16:26:43 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-03-21 16:26:43 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-03-21 16:26:43 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-03-21 16:26:43 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-03-21 16:26:43 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-03-21 16:20:16 -------- d-----w- C:\Windows\SysWow64\Wat
2011-03-21 16:20:16 -------- d-----w- C:\Windows\System32\Wat
2011-03-21 16:01:53 53248 ----a-r- C:\Users\kristjin\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-03-21 16:01:45 -------- d-----w- C:\Windows\SysWow64\logishrd
2011-03-21 16:01:45 -------- d-----w- C:\Windows\System32\logishrd
2011-03-21 16:01:38 -------- d-----w- C:\Program Files (x86)\Common Files\LWS
2011-03-21 15:57:39 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{AC180898-3087-4CA9-87C9-1A82A244C38D}\mpengine.dll
2011-03-21 15:57:39 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-03-21 15:56:09 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2011-03-21 15:56:09 850944 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-03-21 15:56:09 723968 ----a-w- C:\Windows\System32\EncDec.dll
2011-03-21 15:56:09 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2011-03-21 15:56:09 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-03-21 15:56:09 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-03-21 15:56:09 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-03-21 15:56:09 1118720 ----a-w- C:\Windows\System32\sbe.dll
2011-03-21 15:56:01 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-03-21 15:56:01 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-03-21 15:54:04 -------- d-sh--w- C:\Windows\Installer
2011-03-21 15:53:54 -------- d-----w- C:\PROGRA~3\MFAData
2011-03-21 15:50:43 -------- d-----w- C:\PROGRA~3\EPSON
2011-03-21 15:45:00 -------- d-----w- C:\Users\kristjin\AppData\Local\VirtualStore
2011-03-21 15:41:12 0 ----a-w- C:\Windows\ativpsrm.bin
.
==================== Find3M ====================
.
2011-03-21 17:04:41 15416 ----a-w- C:\Windows\System32\drivers\ASACPI.sys
2011-03-21 16:38:38 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-03-21 16:38:38 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-03-18 08:24:38 1238528 ----a-w- C:\Windows\SysWow64\zpeng25.dll
2011-02-18 23:36:58 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2011-02-18 23:36:58 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
2011-01-26 23:37:20 9085952 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-01-26 23:22:18 22295040 ----a-w- C:\Windows\System32\atio6axx.dll
2011-01-26 23:00:44 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-01-26 23:00:30 596480 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-01-26 22:59:46 17204736 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-01-26 22:59:10 708608 ----a-w- C:\Windows\System32\aticfx64.dll
2011-01-26 22:56:30 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-01-26 22:56:14 479232 ----a-w- C:\Windows\System32\atieclxx.exe
2011-01-26 22:55:36 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-01-26 22:54:20 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-01-26 22:54:00 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-01-26 22:53:54 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-01-26 22:53:42 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-01-26 22:53:36 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2011-01-26 22:53:32 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-01-26 22:53:26 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-01-26 22:49:44 4105728 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-01-26 22:40:02 4847616 ----a-w- C:\Windows\System32\atidxx64.dll
2011-01-26 22:32:46 1208320 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-01-26 22:32:12 1912832 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-01-26 22:32:00 3222016 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-01-26 22:28:52 4170752 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-01-26 22:27:52 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-01-26 22:27:50 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-01-26 22:27:42 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-01-26 22:27:40 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-01-26 22:27:30 6982144 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-01-26 22:25:50 5580800 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-01-26 22:24:18 3463680 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-01-26 22:21:58 5316096 ----a-w- C:\Windows\System32\atiumd64.dll
2011-01-26 22:20:46 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-01-26 22:14:14 354304 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-01-26 22:14:08 249856 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-01-26 22:13:56 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-01-26 22:13:52 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-01-26 22:13:52 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-01-26 22:13:50 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-01-26 22:13:42 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-01-26 22:13:32 299520 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-01-26 22:12:46 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-01-26 22:12:40 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-01-26 22:12:32 38400 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-01-26 22:12:24 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-01-26 22:11:46 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-01-26 22:08:46 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2011-01-26 22:08:46 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-01-26 22:08:40 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-01-26 22:08:40 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-01-07 23:03:08 591200 ----a-w- C:\Windows\System32\ipcoin801.dll
2011-01-07 23:03:08 51584 ----a-w- C:\Windows\System32\drivers\dc3d.sys
2011-01-07 23:03:08 45408 ----a-w- C:\Windows\System32\drivers\point64.sys
2011-01-07 23:03:08 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2011-01-07 12:17:52 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-01-07 12:17:52 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-01-07 12:14:11 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 09:20:44 366592 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 07:46:34 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-01-07 07:46:34 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-01-07 07:45:57 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:43:36 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
.
============= FINISH: 8:05:13.38 ===============

-----------------------------------------------------------------

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 3/21/2011 8:44:47 AM
System Uptime: 4/5/2011 8:02:45 AM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Rampage Formula
Processor: Intel(R) Core(TM)2 Duo CPU E8600 @ 3.33GHz | LGA775 | 3330/435mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 649.602 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is FIXED (FAT32) - 931 GiB total, 181.604 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP29: 3/27/2011 4:24:48 PM - Tweak7 initial run
RP30: 4/4/2011 9:12:53 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 10 Plugin
Apple Application Support
Apple Software Update
Battlefield: Bad Company™ 2
BioShock 2
BitMeter
Call of Duty: Black Ops
CameraHelperMsi
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-core-static
CCC Help English
DAEMON Tools Lite
Dead Space™
Dead Space™ 2
DivX Setup
erLT
Fallout New Vegas
Fences
GameSpy Arcade
Google Talk Plugin
HijackThis 2.0.2
Host OpenAL (ADI)
Java Auto Updater
Java(TM) 6 Update 24
Living Cookbook 2008
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Mass Effect 2
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Halo
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 4.0 (x86 en-US)
MSXML 4.0 SP2 Parser and SDK
NVIDIA PhysX
OpenOffice.org 3.3
PrimoPDF -- brought to you by Nitro PDF Software
QuickTime
RocketDock 1.3.5
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
SoundMAX
Steam
Supreme Commander 2
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
VC80CRTRedist - 8.0.50727.4053
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.7
WinPcap 4.1.2
Wireshark 1.4.4
ZoneAlarm
.
==== Event Viewer Messages From Past Week ========
.
4/5/2011 7:05:09 AM, Error: Service Control Manager [7030] - The ZoneAlarm Toolbar IswSvc service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
4/5/2011 7:04:42 AM, Error: Service Control Manager [7030] - The TrueVector Internet Monitor service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================

 

[kristjin]

...

Not trying to pester or anything, but I see there's been views but no replies... if I am doing something wrong, please let me know! If I just need to wait, I will commence waiting.

 

[Broni]

Welcome aboard

You have to be patient.
We're all volunteers here and we don't provide 911 services, since we work, we sleep, we eat and we go for date once in a while

First of all, call Comcast.
They're obligated to provide you with all info regarding your bandwidth usage.
They'll tell you what and when was downloaded.

I'm asking you to do the above first, because, so far, I don't see anything malicious in your logs.