1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

MSN and Warcraft hacked

Discussion in 'Virus & Other Malware Removal' started by lirael, Jan 2, 2011.

Thread Status:
Not open for further replies.
  1. lirael

    lirael Thread Starter

    Joined:
    Jan 2, 2011
    Messages:
    2
    I have had my hotmail and World of Warcraft accounts hacked and I'm pretty sure it was a keylogger or some other form of virus/malware, but my virus scanners (avira free and also used spybot S&D) did not show anything untoward. I was wondering if you could see anything/help me find out what it was and remove it. Also any other recomendations on tidying up things on my pc would be appreciated.

    Thanks Here are the logs/files you ask for:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 13:25:49, on 02/01/2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16700)
    Boot mode: Normal

    Running processes:
    C:\Program Files\ASUS\Six Engine\SixEngine.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files\ASUS\TurboV\TurboV.exe
    C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
    C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
    C:\Users\Matt\Games\World of Warcraft\WoW.exe
    C:\program files (x86)\avira\antivir desktop\avcenter.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
    C:\Program Files (x86)\Java\jre6\bin\java.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: txthlpBHO Class - {060235DC-6D84-47BD-95D7-A4EF5099A59D} - C:\PROGRA~2\TEXTHE~1\READAN~1\TE4470~1.DLL
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: LinkAirBrowserHelper HistoryTriggerBHO - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ba3HelperObj Class - {A17B153F-2267-4161-A165-73DCD6C31BEF} - C:\PROGRA~2\TEXTHE~1\READAN~1\ba3bho.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    O4 - HKLM\..\Run: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe" -b
    O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
    O4 - HKLM\..\Run: [QFan Help] "C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe"
    O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Program Files (x86)\NOS\bin\getPlusUninst_Adobe.exe" /Get1noarp
    O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: CurseClientStartup.ccip
    O4 - Global Startup: SetPointII.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: LG Air Sync (R-Click) - Save as Mobile Image - res://C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/206
    O8 - Extra context menu item: LG Air Sync (R-Click) - Save as Mobile Memo - res://C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/208
    O8 - Extra context menu item: LG Air Sync (R-Click) - Save as Mobile Text file - res://C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/210
    O8 - Extra context menu item: LG Air Sync (R-Click) - Set as Mobile Wallpaper - res://C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/205
    O8 - Extra context menu item: LG Air Sync Option - res://C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/209
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe
    O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - iolo technologies, LLC - C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
    O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\PROGRA~2\COMMON~1\MICROW~1\Agent\MWASER.EXE
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: Olympus DVR Service - OLYMPUS IMAGING CORP. - C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 13409 bytes




    DDS (Ver_10-12-12.02) - NTFS_AMD64
    Run by Matt at 13:27:17.81 on 02/01/2011
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
    Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.6135.3567 [GMT 0:00]

    AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe
    C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\PROGRA~2\COMMON~1\MICROW~1\Agent\MWASER.EXE
    C:\PROGRA~2\COMMON~1\MICROW~1\Agent\MWAgent.exe
    C:\Windows\system32\svchost.exe -k regsvc
    c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\ASUS\Six Engine\SixEngine.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files\Logitech\SetPoint II\SetPointII.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Users\Matt\AppData\Local\Apps\2.0\159LPVQX.AVW\ZJWAJENH.ZMH\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe
    C:\Program Files\ASUS\TurboV\TurboV.exe
    C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
    C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Matt\Games\World of Warcraft\WoW.exe
    C:\program files (x86)\avira\antivir desktop\avcenter.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
    C:\Program Files (x86)\Java\jre6\bin\java.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\msiexec.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Matt\Downloads\dds.scr
    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
    mWinlogon: Userinit=userinit.exe
    BHO: txthlpBHO Class: {060235dc-6d84-47bd-95d7-a4ef5099a59d} - C:\PROGRA~2\TEXTHE~1\READAN~1\TE4470~1.DLL
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: HistoryTriggerBHO Class: {21a88cb9-84d2-4020-a2d1-b25a21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: ba3HelperObj Class: {a17b153f-2267-4161-a165-73dcd6c31bef} - C:\PROGRA~2\TEXTHE~1\READAN~1\ba3bho.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe" -b
    mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
    mRun: [QFan Help] "C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe"
    mRun: [Cpu Level Up help] "C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe"
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRunOnce: [Uninstall Adobe Download Manager] "C:\Program Files (x86)\NOS\bin\getPlusUninst_Adobe.exe" /Get1noarp
    StartupFolder: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SETPOI~1.LNK - C:\Program Files\Logitech\SetPoint II\SetPointII.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: LG Air Sync (R-Click) - Save as Mobile Image - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/206
    IE: LG Air Sync (R-Click) - Save as Mobile Memo - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/208
    IE: LG Air Sync (R-Click) - Save as Mobile Text file - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/210
    IE: LG Air Sync (R-Click) - Set as Mobile Wallpaper - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/205
    IE: LG Air Sync Option - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/209
    IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\ea1frj5a.default\
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
    FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\ea1frj5a.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    FF - Ext: LG Air Sync: {00ADD29A-66F4-4f22-BCC0-4C1D29DA647B} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}

    ============= SERVICES / DRIVERS ===============

    R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2009-12-25 297512]
    R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2010-12-31 23464]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-17 135336]
    R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-11-17 267944]
    R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe [2010-11-17 90112]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-11-17 83120]
    R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
    R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2010-12-31 724664]
    R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2010-12-31 724664]
    R3 LgBttPort;LGE Bluetooth TransPort;C:\Windows\System32\drivers\lgbtpt64.sys [2009-9-29 16384]
    R3 lgbusenum;LG Bluetooth Bus Enumerator;C:\Windows\System32\drivers\lgbtbs64.sys [2009-9-29 14848]
    R3 LGVMODEM;LGE Virtual Modem;C:\Windows\System32\drivers\lgvmdm64.sys [2009-9-29 17408]
    R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-1-22 77824]
    R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-1-22 180224]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-11-17 155752]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-17 136176]
    S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\System32\drivers\lgandbus64.sys [2010-11-23 19456]
    S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\System32\drivers\lganddiag64.sys [2010-8-2 27648]
    S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\System32\drivers\lgandgps64.sys [2010-8-2 27136]
    S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\System32\drivers\lgandmodem64.sys [2010-11-23 33792]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
    S3 Olympus DVR Service;Olympus DVR Service;C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [2010-1-12 176128]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]

    =============== Created Last 30 ================

    2011-01-02 13:21:40 388096 ----a-r- C:\Users\Matt\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-01-02 13:21:39 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2011-01-02 12:27:00 -------- d-----w- C:\Users\Matt\AppData\Roaming\Avira
    2010-12-31 12:51:42 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{94F2DDF5-7CB8-40F2-8B62-F2E2534B1A23}\mpengine.dll
    2010-12-31 03:33:40 23464 ----a-w- C:\Windows\System32\drivers\ElRawDsk.sys
    2010-12-31 03:33:36 97928 ----a-w- C:\Windows\System32\IncContxMenu.dll
    2010-12-31 03:33:34 45568 ----a-w- C:\Windows\System32\iolobtdfg.exe
    2010-12-31 03:33:34 14848 ----a-w- C:\Windows\System32\smrgdf.exe
    2010-12-31 03:33:32 -------- d-----w- C:\Program Files (x86)\iolo
    2010-12-31 03:32:32 74703 ----a-w- C:\Windows\SysWow64\mfc45.dll
    2010-12-31 03:31:35 -------- d-----w- C:\Users\Matt\AppData\Roaming\iolo
    2010-12-31 03:31:35 -------- d-----w- C:\PROGRA~3\iolo
    2010-12-30 03:07:03 -------- d-----w- C:\Program Files\iTunes
    2010-12-30 03:07:03 -------- d-----w- C:\Program Files\iPod
    2010-12-30 03:07:03 -------- d-----w- C:\Program Files (x86)\iTunes
    2010-12-22 18:21:41 16896 ----a-w- C:\Windows\AsTaskSched.dll
    2010-12-22 18:19:49 1247776 ----a-w- C:\Windows\RtlExUpd.dll
    2010-12-22 18:19:45 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
    2010-12-22 17:44:08 85384 ----a-w- C:\Windows\System32\drivers\ftser2k.sys
    2010-12-22 17:44:08 73352 ----a-w- C:\Windows\System32\drivers\ftdibus.sys
    2010-12-22 17:44:08 64392 ----a-w- C:\Windows\System32\ftcserco.dll
    2010-12-22 17:44:08 55176 ----a-w- C:\Windows\System32\ftserui2.dll
    2010-12-22 17:44:08 233352 ----a-w- C:\Windows\System32\ftd2xx.dll
    2010-12-22 17:44:08 214920 ----a-w- C:\Windows\System32\FTLang.dll
    2010-12-22 17:44:08 199048 ----a-w- C:\Windows\SysWow64\ftd2xx.dll
    2010-12-22 17:44:08 108936 ----a-w- C:\Windows\System32\ftbusui.dll
    2010-12-22 17:31:30 -------- d-----w- C:\Windows\pss
    2010-12-22 17:28:33 -------- d-----w- C:\WCH.CN
    2010-12-10 02:10:55 -------- d-----w- C:\SimpleSolver
    2010-12-10 02:08:03 -------- d-----w- C:\Users\Matt\AppData\Roaming\Logic Minimizer
    2010-12-10 02:06:21 -------- d-----w- C:\Windows\Downloaded Installations

    ==================== Find3M ====================

    2010-11-29 17:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2010-11-29 17:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2010-11-26 13:03:34 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2010-11-18 14:47:37 411368 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2010-11-17 17:17:25 632064 ----a-w- C:\Windows\SysWow64\msvcr80.dll
    2010-11-17 17:17:24 554240 ----a-w- C:\Windows\SysWow64\msvcp80.dll
    2010-11-17 17:14:05 140534 ----a-w- C:\Windows\winsbak2.reg
    2010-11-17 17:14:04 3956 ----a-w- C:\Windows\winsbak.reg
    2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
    2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
    2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
    2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
    2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
    2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
    2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
    2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
    2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
    2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
    2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
    2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
    2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
    2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
    2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
    2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2010-10-19 10:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2010-10-16 13:13:54 5901416 ----a-w- C:\Windows\System32\nvcpl.dll
    2010-10-16 13:13:34 989800 ----a-w- C:\Windows\System32\nvvsvc.exe
    2010-10-16 13:13:34 61032 ----a-w- C:\Windows\System32\nvshext.dll
    2010-10-16 13:13:34 2590824 ----a-w- C:\Windows\System32\nvsvc64.dll
    2010-10-16 13:13:34 116328 ----a-w- C:\Windows\System32\nvmctray.dll
    2010-10-16 05:23:13 112000 ----a-w- C:\Windows\System32\consent.exe
    2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
    2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll
    2010-10-14 01:36:52 15451288 ----a-w- C:\Windows\SysWow64\xlive.dll
    2010-10-14 01:36:50 13642904 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
    2010-10-07 12:36:16 96544 ----a-w- C:\Windows\System32\dnssd.dll
    2010-10-07 12:36:16 69408 ----a-w- C:\Windows\System32\jdns_sd.dll
    2010-10-07 12:36:16 237856 ----a-w- C:\Windows\System32\dnssdX.dll
    2010-10-07 12:36:16 119584 ----a-w- C:\Windows\System32\dns-sd.exe
    2010-10-07 12:23:02 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
    2010-10-07 12:23:02 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
    2010-10-07 12:23:02 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
    2010-10-07 12:23:02 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe

    ============= FINISH: 13:28:26.87 ===============

    GMER did not show anything when started but i decided to scan anyway:

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-02 14:05:42
    Windows 6.1.7600
    Running: 19wtvmsc.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\rdyboost\[email protected] ?Sun?, ?Jan ?02 ?11, 01:30:28 PM????????e??????????????????????

    ---- Files - GMER 1.0.15 ----

    File C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVSCAN-20110102-122715-B9041162\00000003-72DC71A4.av$ 17520191 bytes
    File C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt 264 bytes
    File C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\ea1frj5a.default\webappsstore.sqlite-journal 0 bytes

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  2. lirael

    lirael Thread Starter

    Joined:
    Jan 2, 2011
    Messages:
    2
    Sorry couldnt find a way to edit my post, Update seems after running multiple virus scans and changing my hotmail password my hotmail has been hacked again (if it counts as again?) I cant think of anything else it could be except a keylogger which my AV isnt picking up. Hope to here from you guys soon.

    Matt
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/972161

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice