Hi again everyone, I was here not two weeks ago having a crisis with the AVGheur scare that their update seemed to do to alot of people. Well unfortunately it looks like this time I have managed to get a trojan somehow, I am alittle freaked but I did the step by step again and here are the results. I really am sorry to be a pain. I try to keep my PC clean as a whistle and for 2 years now it has been sigh. Anyway I would greatly appreciate some assistance as I dont know what to do.
I am not having any system slow down, hijacking of the browser or abnormal cpu usage or any other symptoms by the way.
It detected the above in my steam\vaurek\bloody good time\bin\unitlib.dll
I assume this got in sunday night and when i came along monday morning I ran a scan as always with AVG updated and it popped up. So I sent it to quarantine then sent it for analysis to AVG who confirmed it was a legitimate threat. I assumed it was another false but well.. its not. I deleted the file not long ago with AVG, ran multiple scans since with that and Malwarebytes all come up clean so far.
I'm rambling sorry,
Malwarebytes log
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6199
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
29/03/2011 16:42:58
mbam-log-2011-03-29 (16-42-58).txt
Scan type: Quick scan
Objects scanned: 169800
Time elapsed: 2 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
DDS attach log
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 28/03/2009 12:39:21
System Uptime: 29/03/2011 16:35:15 (1 hours ago)
.
Motherboard: Packard Bell | | FMCP7AM
Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz | CPU 1 | 2336/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 582 GiB total, 95.463 GiB free.
D: is CDROM (UDF)
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP661: 25/03/2011 16:19:28 - Installed DirectX
.
==== Installed Programs ======================
.
Adobe Reader 9.4.3
Alien Swarm
Amazon Kindle For PC
Apple Application Support
Crysis 2
Crysis(R)
Dead Rising 2
Dream Experimental v0.5
Elite Force RPG-X v2.0
Email Scrabble .Net
Far Cry Demo
Google Chrome
Hitman: Blood Money
Ivellon 1.5 English
Java Auto Updater
Java(TM) 6 Update 24
Just Cause 2
Lara Croft and the Guardian of Light
Magicka - Demo
Malwarebytes' Anti-Malware
Mass Effect 2
Medieval II: Total War
Medieval II: Total War Kingdoms
Metro 2033
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Office Home and Student 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft XNA Framework Redistributable 3.1
Need for Speed(TM) Hot Pursuit
NVIDIA PhysX
Oblivion mod manager 1.1.12
OpenAL
Pando Media Booster
QuickTime
RIFT
Safari
Skype™ 5.1
Star Trek Voyager Elite Force
Titan Quest
Titan Quest: Immortal Throne
Tom Clancy's Splinter Cell Conviction
Ubisoft Game Launcher
Unity Web Player
Warhammer 40,000: Dawn of War Gold Edition
Warhammer 40,000: Dawn of War – Dark Crusade
Warhammer 40,000: Dawn of War – Winter Assault
Warhammer® 40,000®: Dawn of War® II – Retribution™
Warhammer® 40,000™: Dawn of War® II
Warhammer® 40,000™: Dawn of War® II – Chaos Rising™
.
==== Event Viewer Messages From Past Week ========
.
25/03/2011 16:20:04, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 82.37.235.68 for the Network Card with network address 0022683BDD18 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
25/03/2011 16:20:01, Error: volsnap [20] - The shadow copies of volume C: were aborted because of a failed free space computation.
25/03/2011 15:07:28, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
25/03/2011 15:07:28, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
25/03/2011 15:07:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
22/03/2011 18:41:49, Error: EventLog [6008] - The previous system shutdown at 18:40:12 on 22/03/2011 was unexpected.
22/03/2011 17:26:47, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
.
==== End Of File ===========================
Other DDS log
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Christopher at 17:23:14.07 on 29/03/2011
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.4094.2352 [GMT 1:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgfws.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe
C:\Windows\system32\HidService.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Packard Bell\SrvCDEject.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\System32\nvraidservice.exe
C:\Windows\RAVCpl64.exe
C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\ABoard.exe
C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\AOSD.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\mobsync.exe
C:\Windows\splwow64.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgchsva.exe
C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG10\avgam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Christopher\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://bridgecommander.filefront.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Google Update] "C:\Users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\Christopher\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - C:\Users\Christopher\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [NVRaidService] C:\Windows\system32\nvraidservice.exe
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [Skytel] Skytel.exe
mRun-x64: [FijiKeyboard] c:\Acer\Preload\Autorun\DRV\FIJI Keyboard\ABoard.exe
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
R0 nvamacpi;Nvidia Away Mode System;C:\Windows\System32\drivers\nvamacpi.sys [2009-1-11 28192]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2010-7-12 57696]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG10\avgfws.exe [2010-11-22 3226632]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 ETService;Empowering Technology Service;C:\Program Files\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe [2009-3-28 24576]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-4-6 1153368]
R2 SrvCDEject;SrvCDEject;C:\Program Files (x86)\Packard Bell\SrvCDEject.exe [2009-3-28 600576]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-9 248936]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-3 133712]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-3 35920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c9d4b82f48e567;Google Update Service (gupdate1c9d4b82f48e567);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-5-14 133104]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-8-18 1038088]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-3-12 36720]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-3-28 93184]
.
=============== Created Last 30 ================
.
2073-04-13 17:17:26 203576 ------w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2011-03-18 20:36:00 -------- d-----w- C:\Program Files\iPod
2011-03-18 20:35:58 -------- d-----w- C:\Program Files\iTunes
2011-03-18 20:35:58 -------- d-----w- C:\Program Files (x86)\iTunes
2011-03-14 18:13:56 -------- d-----w- C:\Users\CHRIST~1\AppData\Roaming\.minecraft
2011-03-14 18:06:32 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-03-13 16:22:55 -------- d-----w- C:\Users\CHRIST~1\AppData\Roaming\Rift
2011-03-12 21:21:32 -------- d-----w- C:\Users\CHRIST~1\AppData\Roaming\AVG10
2011-03-12 21:20:30 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2011-03-12 21:18:25 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-03-12 21:18:25 -------- d-----w- C:\PROGRA~3\AVG10
2011-03-12 21:15:27 -------- d-----w- C:\Program Files (x86)\AVG
2011-03-12 21:09:09 -------- d-sh--w- C:\$RECYCLE.BIN
2011-03-12 18:40:26 -------- d-----w- C:\Users\CHRIST~1\AppData\Local\temp
2011-03-12 18:28:54 98816 ----a-w- C:\Windows\sed.exe
2011-03-12 18:28:54 89088 ----a-w- C:\Windows\MBR.exe
2011-03-12 18:28:54 256512 ----a-w- C:\Windows\PEV.exe
2011-03-12 18:28:54 161792 ----a-w- C:\Windows\SWREG.exe
2011-03-12 12:28:40 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-03-09 17:21:11 2424320 ----a-w- C:\Windows\System32\mstscax.dll
2011-03-09 17:21:10 730624 ----a-w- C:\Windows\System32\mstsc.exe
2011-03-09 17:21:10 677888 ----a-w- C:\Windows\SysWow64\mstsc.exe
2011-03-09 17:21:10 2067456 ----a-w- C:\Windows\SysWow64\mstscax.dll
2011-03-09 17:21:09 560128 ----a-w- C:\Windows\System32\EncDec.dll
2011-03-09 17:21:09 429056 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-03-09 17:21:09 416768 ----a-w- C:\Windows\System32\sbe.dll
2011-03-09 17:21:09 323072 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-03-09 17:21:09 226816 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-03-09 17:21:09 210944 ----a-w- C:\Windows\System32\sbeio.dll
2011-03-09 17:21:09 177664 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-03-09 17:21:09 153088 ----a-w- C:\Windows\SysWow64\sbeio.dll
2011-03-08 21:06:28 -------- d-----w- C:\Users\CHRIST~1\AppData\Roaming\Malwarebytes
2011-03-08 21:06:20 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-08 21:06:19 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-03-08 21:06:16 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2011-03-08 21:06:15 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-03-08 21:06:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-03-04 20:39:50 -------- d-----w- C:\Program Files\Bonjour
2011-03-04 20:39:50 -------- d-----w- C:\Program Files (x86)\Bonjour
.
==================== Find3M ====================
.
2011-02-26 01:19:32 41872 ----a-w- C:\Windows\SysWow64\xfcodec.dll
2011-02-26 01:19:32 27536 ----a-w- C:\Windows\System32\xfcodec64.dll
2011-02-18 16:36:58 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2011-02-18 16:36:58 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
2011-02-16 19:07:10 270904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-02-16 19:07:10 270904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-02-16 19:05:54 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-01-08 09:31:03 48128 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-08 07:50:00 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-08 06:17:24 367104 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-08 05:57:10 292352 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-12-31 13:46:25 2755584 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 17:23:49.28 ===============
I ran GMER too and that log didn't have anything in it at all. Sorry to be a bother everyone.
I am not having any system slow down, hijacking of the browser or abnormal cpu usage or any other symptoms by the way.
It detected the above in my steam\vaurek\bloody good time\bin\unitlib.dll
I assume this got in sunday night and when i came along monday morning I ran a scan as always with AVG updated and it popped up. So I sent it to quarantine then sent it for analysis to AVG who confirmed it was a legitimate threat. I assumed it was another false but well.. its not. I deleted the file not long ago with AVG, ran multiple scans since with that and Malwarebytes all come up clean so far.
I'm rambling sorry,
Malwarebytes log
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6199
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
29/03/2011 16:42:58
mbam-log-2011-03-29 (16-42-58).txt
Scan type: Quick scan
Objects scanned: 169800
Time elapsed: 2 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
DDS attach log
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 28/03/2009 12:39:21
System Uptime: 29/03/2011 16:35:15 (1 hours ago)
.
Motherboard: Packard Bell | | FMCP7AM
Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz | CPU 1 | 2336/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 582 GiB total, 95.463 GiB free.
D: is CDROM (UDF)
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP661: 25/03/2011 16:19:28 - Installed DirectX
.
==== Installed Programs ======================
.
Adobe Reader 9.4.3
Alien Swarm
Amazon Kindle For PC
Apple Application Support
Crysis 2
Crysis(R)
Dead Rising 2
Dream Experimental v0.5
Elite Force RPG-X v2.0
Email Scrabble .Net
Far Cry Demo
Google Chrome
Hitman: Blood Money
Ivellon 1.5 English
Java Auto Updater
Java(TM) 6 Update 24
Just Cause 2
Lara Croft and the Guardian of Light
Magicka - Demo
Malwarebytes' Anti-Malware
Mass Effect 2
Medieval II: Total War
Medieval II: Total War Kingdoms
Metro 2033
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Office Home and Student 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft XNA Framework Redistributable 3.1
Need for Speed(TM) Hot Pursuit
NVIDIA PhysX
Oblivion mod manager 1.1.12
OpenAL
Pando Media Booster
QuickTime
RIFT
Safari
Skype™ 5.1
Star Trek Voyager Elite Force
Titan Quest
Titan Quest: Immortal Throne
Tom Clancy's Splinter Cell Conviction
Ubisoft Game Launcher
Unity Web Player
Warhammer 40,000: Dawn of War Gold Edition
Warhammer 40,000: Dawn of War – Dark Crusade
Warhammer 40,000: Dawn of War – Winter Assault
Warhammer® 40,000®: Dawn of War® II – Retribution™
Warhammer® 40,000™: Dawn of War® II
Warhammer® 40,000™: Dawn of War® II – Chaos Rising™
.
==== Event Viewer Messages From Past Week ========
.
25/03/2011 16:20:04, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 82.37.235.68 for the Network Card with network address 0022683BDD18 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
25/03/2011 16:20:01, Error: volsnap [20] - The shadow copies of volume C: were aborted because of a failed free space computation.
25/03/2011 15:07:28, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
25/03/2011 15:07:28, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
25/03/2011 15:07:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
22/03/2011 18:41:49, Error: EventLog [6008] - The previous system shutdown at 18:40:12 on 22/03/2011 was unexpected.
22/03/2011 17:26:47, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
.
==== End Of File ===========================
Other DDS log
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Christopher at 17:23:14.07 on 29/03/2011
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.4094.2352 [GMT 1:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgfws.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe
C:\Windows\system32\HidService.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Packard Bell\SrvCDEject.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\System32\nvraidservice.exe
C:\Windows\RAVCpl64.exe
C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\ABoard.exe
C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\AOSD.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\mobsync.exe
C:\Windows\splwow64.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgchsva.exe
C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG10\avgam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Christopher\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://bridgecommander.filefront.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Google Update] "C:\Users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\Christopher\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - C:\Users\Christopher\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [NVRaidService] C:\Windows\system32\nvraidservice.exe
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [Skytel] Skytel.exe
mRun-x64: [FijiKeyboard] c:\Acer\Preload\Autorun\DRV\FIJI Keyboard\ABoard.exe
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
R0 nvamacpi;Nvidia Away Mode System;C:\Windows\System32\drivers\nvamacpi.sys [2009-1-11 28192]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2010-7-12 57696]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG10\avgfws.exe [2010-11-22 3226632]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 ETService;Empowering Technology Service;C:\Program Files\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe [2009-3-28 24576]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-4-6 1153368]
R2 SrvCDEject;SrvCDEject;C:\Program Files (x86)\Packard Bell\SrvCDEject.exe [2009-3-28 600576]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-9 248936]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-3 133712]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-3 35920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c9d4b82f48e567;Google Update Service (gupdate1c9d4b82f48e567);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-5-14 133104]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-8-18 1038088]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-3-12 36720]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-3-28 93184]
.
=============== Created Last 30 ================
.
2073-04-13 17:17:26 203576 ------w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2011-03-18 20:36:00 -------- d-----w- C:\Program Files\iPod
2011-03-18 20:35:58 -------- d-----w- C:\Program Files\iTunes
2011-03-18 20:35:58 -------- d-----w- C:\Program Files (x86)\iTunes
2011-03-14 18:13:56 -------- d-----w- C:\Users\CHRIST~1\AppData\Roaming\.minecraft
2011-03-14 18:06:32 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-03-13 16:22:55 -------- d-----w- C:\Users\CHRIST~1\AppData\Roaming\Rift
2011-03-12 21:21:32 -------- d-----w- C:\Users\CHRIST~1\AppData\Roaming\AVG10
2011-03-12 21:20:30 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2011-03-12 21:18:25 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-03-12 21:18:25 -------- d-----w- C:\PROGRA~3\AVG10
2011-03-12 21:15:27 -------- d-----w- C:\Program Files (x86)\AVG
2011-03-12 21:09:09 -------- d-sh--w- C:\$RECYCLE.BIN
2011-03-12 18:40:26 -------- d-----w- C:\Users\CHRIST~1\AppData\Local\temp
2011-03-12 18:28:54 98816 ----a-w- C:\Windows\sed.exe
2011-03-12 18:28:54 89088 ----a-w- C:\Windows\MBR.exe
2011-03-12 18:28:54 256512 ----a-w- C:\Windows\PEV.exe
2011-03-12 18:28:54 161792 ----a-w- C:\Windows\SWREG.exe
2011-03-12 12:28:40 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-03-09 17:21:11 2424320 ----a-w- C:\Windows\System32\mstscax.dll
2011-03-09 17:21:10 730624 ----a-w- C:\Windows\System32\mstsc.exe
2011-03-09 17:21:10 677888 ----a-w- C:\Windows\SysWow64\mstsc.exe
2011-03-09 17:21:10 2067456 ----a-w- C:\Windows\SysWow64\mstscax.dll
2011-03-09 17:21:09 560128 ----a-w- C:\Windows\System32\EncDec.dll
2011-03-09 17:21:09 429056 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-03-09 17:21:09 416768 ----a-w- C:\Windows\System32\sbe.dll
2011-03-09 17:21:09 323072 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-03-09 17:21:09 226816 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-03-09 17:21:09 210944 ----a-w- C:\Windows\System32\sbeio.dll
2011-03-09 17:21:09 177664 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-03-09 17:21:09 153088 ----a-w- C:\Windows\SysWow64\sbeio.dll
2011-03-08 21:06:28 -------- d-----w- C:\Users\CHRIST~1\AppData\Roaming\Malwarebytes
2011-03-08 21:06:20 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-08 21:06:19 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-03-08 21:06:16 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2011-03-08 21:06:15 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-03-08 21:06:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-03-04 20:39:50 -------- d-----w- C:\Program Files\Bonjour
2011-03-04 20:39:50 -------- d-----w- C:\Program Files (x86)\Bonjour
.
==================== Find3M ====================
.
2011-02-26 01:19:32 41872 ----a-w- C:\Windows\SysWow64\xfcodec.dll
2011-02-26 01:19:32 27536 ----a-w- C:\Windows\System32\xfcodec64.dll
2011-02-18 16:36:58 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2011-02-18 16:36:58 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
2011-02-16 19:07:10 270904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-02-16 19:07:10 270904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-02-16 19:05:54 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-01-08 09:31:03 48128 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-08 07:50:00 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-08 06:17:24 367104 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-08 05:57:10 292352 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-12-31 13:46:25 2755584 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 17:23:49.28 ===============
I ran GMER too and that log didn't have anything in it at all. Sorry to be a bother everyone.