Recently my email and website passwords have been changing all of the sudden, not by me ofcourse. Just yesterday, I was watching a youtube video and my mouse started moving around in circles and it WAS NOT ME.
I am 100% certain that I have a RAT or something that gives control of my computer. I did as instructed, here are the logs.
DDS (Ver_2012-10-14.05) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by James at 16:46:06 on 2012-10-16
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3063.180 [GMT -4:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgfws.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\AVG\AVG10\avgam.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files\Alienware\Command Center\ThermalController.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\James\AppData\Local\Akamai\netsession_win.exe
C:\Users\James\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Alienware\Command Center\RemotingServiceController.exe
C:\Program Files\Alienware\Command Center\DoorController.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
C:\Windows\system32\conhost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2AdvTool.exe
C:\Program Files (x86)\Logitech\LWS\LU\LULnchr.exe
C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Java\jre7\bin\javaw.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
uURLSearchHooks: FCToolbarURLSearchHook Class: {8b85c843-7f6f-32b4-e50d-ac334058fe0c} - C:\Program Files (x86)\SocialRibbons\Helper.dll
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
uURLSearchHooks: {a8864317-e18b-4292-99d9-e6e65ab905d3} - <orphaned>
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: SocialRibbons: {4BE60886-F6AA-4714-8109-EA6D8247DD57} - C:\Program Files (x86)\SocialRibbons\Toolbar.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: uTorrentControl2 Toolbar: {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mRun: [IAStorIcon] "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] "C:\Windows\UpdReg.EXE"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
StartupFolder: C:\Users\James\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\James\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\James\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Windows\System: UseOEMBackground = dword:1
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{1ADB8665-88BC-4DE8-9D66-D606609FCE9E} : DHCPNameServer = 10.177.0.34 10.184.83.140
TCP: Interfaces\{22EB4794-63A2-442D-A5C0-460E702475A3} : DHCPNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{23B97642-4E69-4F6F-A603-B28CD945A28F} : DHCPNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{9ACB6085-2D90-414C-B208-25C6E4626944} : DHCPNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{CDB58336-2D6D-4E6D-B30B-C26490FDDB02} : DHCPNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{CDB58336-2D6D-4E6D-B30B-C26490FDDB02}\2484E413933303 : DHCPNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{CDB58336-2D6D-4E6D-B30B-C26490FDDB02}\C696E6B6379737 : DHCPNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{DE81A4CB-E56B-4387-9642-0EC6B0562539} : DHCPNameServer = 65.32.5.111 65.32.5.112
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>
x64-Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe"
x64-Run: [Thermal Controller] "C:\Program Files\Alienware\Command Center\ThermalController.exe" /auto
x64-Run: [RunDLLEntry_THXCfg] "C:\Windows\System32\RunDLL32.exe" C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [RunDLLEntry_EptMon] "C:\Windows\System32\RunDLL32.exe" C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 74.208.10.249 gs.apple.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\sqarf29a.default\
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\npjpi170_05.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\James\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\James\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - Ext: QuickStores-Toolbar: quickstores@quickstores.de - C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Window Shopper - Powered by Superfish: superfish@superfish.com - C:\ProgramDataMozilla\Extensions\superfish@superfish.com
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - C:\Program Files (x86)\AVG\AVG10\Firefox4
FF - Ext: AVG Security Toolbar em:version=7.005.030.004 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared
.
---- FIREFOX POLICIES ----
FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - user.js: keyword.enabled - 1
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2011-2-22 26704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2011-3-16 37456]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2010-7-12 57696]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2011-1-7 304720]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-3-1 41552]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2011-4-5 377936]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2008-10-1 26624]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2010-12-8 27136]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-12-8 7451648]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-12-8 268288]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-10-17 93712]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2011-5-27 118864]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2011-2-10 29264]
R3 AWOPFilterDriver;AWOPFilterDriver;C:\Windows\System32\drivers\AWOPFilterDriver.sys [2010-12-8 19464]
R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCASp50a64.sys [2011-12-22 41280]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-12-8 239616]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;C:\Windows\System32\drivers\WN111v2w7x.sys [2010-4-27 783360]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-4-1 341856]
S3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\LVUVC64.sys [2009-10-7 4184672]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]
S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCAMp50a64.sys [2011-12-22 43328]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2010-12-8 43008]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2010-12-8 24064]
S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2011-8-19 30720]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2010-12-8 43008]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
.
=============== Created Last 30 ================
.
2012-10-13 21:59:50 -------- d-----w- C:\Users\James\.zionscape
2012-10-13 21:58:39 -------- d-----w- C:\Users\James\.eximinus
2012-10-10 23:13:34 -------- d-----w- C:\Users\James\AppData\Local\{56770F6E-4851-45C6-AC93-AACCCB38D0EE}
2012-10-09 22:16:14 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-09 22:16:14 1462784 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-09 22:16:14 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-09 22:16:14 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-09 22:16:14 1157632 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-09 22:16:13 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-09 22:16:05 1656688 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-10-09 17:38:07 10220472 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-10-05 23:37:49 -------- d-----w- C:\Users\James\AppData\Local\{A560EBB4-4A97-4DDE-AD49-A86B19E65AB6}
2012-09-30 01:32:39 -------- d-----w- C:\Users\James\AppData\Local\Desura
2012-09-30 01:31:32 -------- d-----w- C:\Program Files (x86)\Common Files\Desura
2012-09-30 01:29:40 -------- d-----w- C:\ProgramData\Desura
2012-09-30 01:29:25 -------- d-----w- C:\Program Files (x86)\Desura
2012-09-30 01:11:37 -------- d-----w- C:\Users\James\AppData\Local\{7DE99D96-926E-471D-9128-AF9A3566153E}
2012-09-29 17:09:05 -------- d-----w- C:\Users\James\AppData\Local\{9E63DB7B-C5CD-4394-9A06-ABE443EDBED2}
2012-09-21 01:18:59 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-21 01:18:59 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-21 01:08:51 -------- d-----w- C:\Users\James\AppData\Local\{34511F64-FAD0-4FAC-94E3-F0BFAC06714F}
.
==================== Find3M ====================
.
2012-10-09 17:38:11 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 17:38:11 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-14 19:23:40 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:30:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-30 18:11:29 5505904 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:18:33 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:18:33 3902832 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:28 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 17:10:47 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-18 15:43:05 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-18 15:43:05 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-18 15:43:05 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-18 15:42:31 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-18 15:40:26 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-18 15:37:49 425984 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-18 15:34:13 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-18 11:22:55 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-18 11:19:45 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-18 11:19:22 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-18 11:17:56 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-18 11:17:56 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-18 09:12:09 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-18 09:12:09 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-18 09:07:02 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-18 09:07:02 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-18 09:07:02 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-18 09:07:02 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-11 00:53:01 714752 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-10 23:54:04 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
.
============= FINISH: 16:47:19.57 ===============
I am 100% certain that I have a RAT or something that gives control of my computer. I did as instructed, here are the logs.
DDS (Ver_2012-10-14.05) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by James at 16:46:06 on 2012-10-16
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3063.180 [GMT -4:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgfws.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\AVG\AVG10\avgam.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files\Alienware\Command Center\ThermalController.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\James\AppData\Local\Akamai\netsession_win.exe
C:\Users\James\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Alienware\Command Center\RemotingServiceController.exe
C:\Program Files\Alienware\Command Center\DoorController.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
C:\Windows\system32\conhost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2AdvTool.exe
C:\Program Files (x86)\Logitech\LWS\LU\LULnchr.exe
C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Java\jre7\bin\javaw.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
uURLSearchHooks: FCToolbarURLSearchHook Class: {8b85c843-7f6f-32b4-e50d-ac334058fe0c} - C:\Program Files (x86)\SocialRibbons\Helper.dll
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
uURLSearchHooks: {a8864317-e18b-4292-99d9-e6e65ab905d3} - <orphaned>
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: SocialRibbons: {4BE60886-F6AA-4714-8109-EA6D8247DD57} - C:\Program Files (x86)\SocialRibbons\Toolbar.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: uTorrentControl2 Toolbar: {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mRun: [IAStorIcon] "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] "C:\Windows\UpdReg.EXE"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
StartupFolder: C:\Users\James\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\James\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\James\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Windows\System: UseOEMBackground = dword:1
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{1ADB8665-88BC-4DE8-9D66-D606609FCE9E} : DHCPNameServer = 10.177.0.34 10.184.83.140
TCP: Interfaces\{22EB4794-63A2-442D-A5C0-460E702475A3} : DHCPNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{23B97642-4E69-4F6F-A603-B28CD945A28F} : DHCPNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{9ACB6085-2D90-414C-B208-25C6E4626944} : DHCPNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{CDB58336-2D6D-4E6D-B30B-C26490FDDB02} : DHCPNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{CDB58336-2D6D-4E6D-B30B-C26490FDDB02}\2484E413933303 : DHCPNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{CDB58336-2D6D-4E6D-B30B-C26490FDDB02}\C696E6B6379737 : DHCPNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{DE81A4CB-E56B-4387-9642-0EC6B0562539} : DHCPNameServer = 65.32.5.111 65.32.5.112
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>
x64-Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe"
x64-Run: [Thermal Controller] "C:\Program Files\Alienware\Command Center\ThermalController.exe" /auto
x64-Run: [RunDLLEntry_THXCfg] "C:\Windows\System32\RunDLL32.exe" C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [RunDLLEntry_EptMon] "C:\Windows\System32\RunDLL32.exe" C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 74.208.10.249 gs.apple.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\sqarf29a.default\
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\npjpi170_05.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\James\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\James\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - Ext: QuickStores-Toolbar: quickstores@quickstores.de - C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Window Shopper - Powered by Superfish: superfish@superfish.com - C:\ProgramDataMozilla\Extensions\superfish@superfish.com
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - C:\Program Files (x86)\AVG\AVG10\Firefox4
FF - Ext: AVG Security Toolbar em:version=7.005.030.004 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared
.
---- FIREFOX POLICIES ----
FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - user.js: keyword.enabled - 1
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2011-2-22 26704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2011-3-16 37456]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2010-7-12 57696]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2011-1-7 304720]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-3-1 41552]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2011-4-5 377936]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2008-10-1 26624]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2010-12-8 27136]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-12-8 7451648]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-12-8 268288]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-10-17 93712]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2011-5-27 118864]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2011-2-10 29264]
R3 AWOPFilterDriver;AWOPFilterDriver;C:\Windows\System32\drivers\AWOPFilterDriver.sys [2010-12-8 19464]
R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCASp50a64.sys [2011-12-22 41280]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-12-8 239616]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;C:\Windows\System32\drivers\WN111v2w7x.sys [2010-4-27 783360]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-4-1 341856]
S3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\LVUVC64.sys [2009-10-7 4184672]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]
S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCAMp50a64.sys [2011-12-22 43328]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2010-12-8 43008]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2010-12-8 24064]
S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2011-8-19 30720]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2010-12-8 43008]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
.
=============== Created Last 30 ================
.
2012-10-13 21:59:50 -------- d-----w- C:\Users\James\.zionscape
2012-10-13 21:58:39 -------- d-----w- C:\Users\James\.eximinus
2012-10-10 23:13:34 -------- d-----w- C:\Users\James\AppData\Local\{56770F6E-4851-45C6-AC93-AACCCB38D0EE}
2012-10-09 22:16:14 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-09 22:16:14 1462784 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-09 22:16:14 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-09 22:16:14 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-09 22:16:14 1157632 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-09 22:16:13 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-09 22:16:05 1656688 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-10-09 17:38:07 10220472 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-10-05 23:37:49 -------- d-----w- C:\Users\James\AppData\Local\{A560EBB4-4A97-4DDE-AD49-A86B19E65AB6}
2012-09-30 01:32:39 -------- d-----w- C:\Users\James\AppData\Local\Desura
2012-09-30 01:31:32 -------- d-----w- C:\Program Files (x86)\Common Files\Desura
2012-09-30 01:29:40 -------- d-----w- C:\ProgramData\Desura
2012-09-30 01:29:25 -------- d-----w- C:\Program Files (x86)\Desura
2012-09-30 01:11:37 -------- d-----w- C:\Users\James\AppData\Local\{7DE99D96-926E-471D-9128-AF9A3566153E}
2012-09-29 17:09:05 -------- d-----w- C:\Users\James\AppData\Local\{9E63DB7B-C5CD-4394-9A06-ABE443EDBED2}
2012-09-21 01:18:59 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-21 01:18:59 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-21 01:08:51 -------- d-----w- C:\Users\James\AppData\Local\{34511F64-FAD0-4FAC-94E3-F0BFAC06714F}
.
==================== Find3M ====================
.
2012-10-09 17:38:11 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 17:38:11 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-14 19:23:40 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:30:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-30 18:11:29 5505904 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:18:33 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:18:33 3902832 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:28 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 17:10:47 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-18 15:43:05 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-18 15:43:05 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-18 15:43:05 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-18 15:42:31 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-18 15:40:26 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-18 15:37:49 425984 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-18 15:34:13 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-18 11:22:55 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-18 11:19:45 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-18 11:19:22 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-18 11:17:56 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-18 11:17:56 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-18 09:12:09 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-18 09:12:09 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-18 09:07:02 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-18 09:07:02 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-18 09:07:02 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-18 09:07:02 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-11 00:53:01 714752 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-10 23:54:04 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
.
============= FINISH: 16:47:19.57 ===============