Results 1 to 10 of 23

Thread: Win32/VB.QOX trojan

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member
    Join Date
    Aug 2011
    Posts
    24

    Default Win32/VB.QOX trojan

    Hi there,

    Eset Smart Security is continually finding a trojan operating in my memory, but cannot clean it.

    It is located in c:\windows\sysWOW64\svchost.exe - and is given the name: Win32/VB.QOX trojan

    At this point, my computer doesn't seem to be adversely affected, it's maybe a little sluggish compared to normal? I am more worried that my security is being compromised in some way.

    Here is the DDS log and please find 'attach.txt' attached as a zip file:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
    Run by Adam Casey at 10:37:14 on 2012-09-18
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.6143.3546 [GMT 10:00]
    .
    AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\SysWOW64\bgsvcgen.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Users\Adam Casey\AppData\Roaming\Google\Google Talk\googletalk.exe
    C:\Users\Adam Casey\AppData\Local\Akamai\netsession_win.exe
    C:\Users\Adam Casey\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    "C:\Windows\system32\svchost.exe"
    C:\Users\Adam Casey\AppData\Roaming\AnyDVD.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\iTunes\iTunes.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\sysWOW64\wbem\wmiprvse.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    C:\Windows\splwow64.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    c:\program files\windows defender\MpCmdRun.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com.au/
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    uURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [googletalk] C:\Users\Adam Casey\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
    uRun: [Google Update] "C:\Users\Adam Casey\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Akamai NetSession Interface] "C:\Users\Adam Casey\AppData\Local\Akamai\netsession_win.exe"
    uRun: [AdobeBridge]
    uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [SlySoft] C:\Users\Adam Casey\AppData\Roaming\AnyDVD.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOTUPE~1.LNK - C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 211.31.138.11 211.29.132.12
    TCP: Interfaces\{ADBC1785-9A23-4088-B258-206CAAA7ACD4} : DhcpNameServer = 198.142.0.51 61.88.88.88
    TCP: Interfaces\{C12FFEF7-FE00-4E94-A696-AE911DA716F9} : DhcpNameServer = 198.142.0.51 61.88.88.88
    TCP: Interfaces\{F907E1BF-CC5A-43D6-8FCA-32738CB2B923} : DhcpNameServer = 211.31.138.11 211.29.132.12
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
    STS: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
    SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - C:\Program Files (x86)\Qualcomm\Eudora\EuShlExt.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
    BHO-X64: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
    BHO-X64: Virtual Storage Mount Notification - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [SlySoft] C:\Users\Adam Casey\AppData\Roaming\AnyDVD.exe
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    SSODL-X64: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
    STS-X64: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
    SEH-X64: Eudora's Shell Extension: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files (x86)\Qualcomm\Eudora\EuShlExt.dll
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Adam Casey\AppData\Roaming\Mozilla\Firefox\Profiles\u88r5vt9.default\
    FF - prefs.js: browser.startup.homepage - www.google.com.au
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin8.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: C:\Program Files (x86)\QuickTime\Plugins\npqtplugin8.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Adam Casey\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Adam Casey\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\Adam Casey\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Adam Casey\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
    R1 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
    R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-28 63960]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 20992]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-3-7 913144]
    R2 LaCieDesktopManagerService;LaCieDesktopManagerService;C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe [2011-8-29 1118208]
    R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2010-3-26 5018624]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-7-21 1153368]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-8-13 3064000]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 MFWAMIDI64;MOTU Audio MIDI for 64 bit;C:\Windows\system32\drivers\MFWAMIDI64.sys --> C:\Windows\system32\drivers\MFWAMIDI64.sys [?]
    R3 MFWAWAVE64;MOTU Audio Wave for 64 bit;C:\Windows\system32\drivers\MFWAWAVE64.sys --> C:\Windows\system32\drivers\MFWAWAVE64.sys [?]
    R3 motubus;MOTU Audio MIDI Extension;C:\Windows\system32\drivers\MotuBus64.sys --> C:\Windows\system32\drivers\MotuBus64.sys [?]
    R3 MotuFWA64;MotuFWA64;C:\Windows\system32\drivers\Motufwa64.sys --> C:\Windows\system32\drivers\Motufwa64.sys [?]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-22 135664]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 250568]
    S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-5-18 245760]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-22 135664]
    S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 114144]
    S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
    S3 OXSDIDRV_x64;Oxford Semi eSATA Filter (x64);C:\Windows\system32\DRIVERS\OXSDIDRV_x64.sys --> C:\Windows\system32\DRIVERS\OXSDIDRV_x64.sys [?]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192cu.sys --> C:\Windows\system32\DRIVERS\RTL8192cu.sys [?]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 SynUSB64;SynUSB64;C:\Windows\system32\DRIVERS\SynUSB64.sys --> C:\Windows\system32\DRIVERS\SynUSB64.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-09-18 00:10:40 647168 ----a-w- C:\Windows\AutoKMS.exe
    2012-09-18 00:10:17 78848 ----a-w- C:\Windows\KMSEmulator.exe
    2012-09-18 00:09:56 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2012-09-18 00:09:18 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-09-18 00:09:18 -------- d-----w- C:\Program Files\iTunes
    2012-09-18 00:09:18 -------- d-----w- C:\Program Files\iPod
    2012-09-18 00:09:18 -------- d-----w- C:\Program Files (x86)\iTunes
    2012-09-12 11:44:06 720896 ----a-w- C:\Users\Adam Casey\AppData\Roaming\90KC17I5UF8Y1p2o3e.exe
    2012-09-12 11:28:49 104960 ----a-w- C:\Users\Adam Casey\AppData\Roaming\AnyDVD.exe
    2012-09-12 11:28:46 108451 --sh--w- C:\Users\Adam Casey\AppData\Roaming\mswinsck.ocx
    2012-09-12 11:28:33 104960 ----a-w- C:\Users\Adam Casey\AppData\Roaming\EI5H5TT5JV8A1T1r2e3v.exe
    2012-09-11 20:21:59 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
    2012-09-11 20:21:58 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
    2012-09-11 20:21:57 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
    2012-09-11 20:21:57 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    2012-09-11 20:21:55 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-09-11 20:21:55 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-09-11 20:21:55 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-09-11 10:12:29 -------- d-----w- C:\Users\Adam Casey\AppData\Roaming\MyFolder
    2012-09-10 11:01:26 -------- d-----w- C:\Cakewalk Projects
    2012-09-04 05:16:09 -------- d-----w- C:\Users\Adam Casey\AppData\Roaming\ESET
    2012-09-04 05:16:09 -------- d-----w- C:\Users\Adam Casey\AppData\Local\ESET
    2012-09-04 05:12:52 -------- d-----w- C:\Program Files\ESET
    2012-09-04 05:09:49 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-09-04 05:09:49 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-09-02 14:38:31 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-08-31 23:45:12 16 ----a-w- C:\Windows\SysWow64\msvcsv60.dll
    2012-08-31 23:41:23 -------- d-----w- C:\Program Files (x86)\IK Multimedia
    2012-08-31 05:12:50 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
    2012-08-30 06:01:01 -------- d-----w- C:\Program Files (x86)\ZAR
    2012-08-27 23:36:16 -------- d-----w- C:\Program Files\MOTU
    2012-08-27 23:36:16 -------- d-----w- C:\Program Files (x86)\MOTU
    2012-08-26 21:02:35 -------- d-----w- C:\Windows\pss
    2012-08-22 23:42:40 -------- d-----w- C:\Program Files (x86)\Winamp Detect
    2012-08-21 20:31:55 206336 ----a-w- C:\Windows\System32\unrar.dll
    2012-08-21 20:31:55 148992 ----a-w- C:\Windows\System32\lagarith.dll
    2012-08-21 20:31:52 127488 ----a-w- C:\Windows\System32\ff_vfw.dll
    2012-08-21 20:31:50 -------- d-----w- C:\Program Files\K-Lite Codec Pack x64
    2012-08-21 20:15:36 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll
    2012-08-21 20:15:36 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
    2012-08-21 20:15:36 216064 ----a-w- C:\Windows\SysWow64\lagarith.dll
    2012-08-21 20:15:32 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm
    2012-08-21 20:15:28 112640 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
    2012-08-21 05:45:21 -------- d-----w- C:\Users\Adam Casey\AppData\Roaming\4Front
    2012-08-19 10:52:23 -------- dc-h--w- C:\ProgramData\{0F90C280-4264-421D-B061-171A009C45E3}
    2012-08-19 10:51:07 -------- dc-h--w- C:\ProgramData\{FB9DCDD5-FDBE-4EED-A03A-BA8F086DC950}
    2012-08-19 10:49:45 -------- dc-h--w- C:\ProgramData\{A088C926-8EF0-4CFF-A473-EB879919E63A}
    2012-08-19 10:48:35 -------- dc-h--w- C:\ProgramData\{84BD2490-E07B-459A-85CD-649AABFCE52D}
    2012-08-19 10:47:01 -------- dc-h--w- C:\ProgramData\{E2CB91C4-F65B-43A3-AF20-333B2663A78A}
    2012-08-19 10:38:08 -------- d-----w- C:\Users\Adam Casey\TruePianos Settings
    2012-08-19 10:34:51 -------- d-----w- C:\ProgramData\Native Instruments
    2012-08-19 10:30:39 -------- dc-h--w- C:\ProgramData\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
    2012-08-19 10:30:36 -------- d-----w- C:\Program Files\Native Instruments
    2012-08-19 10:30:36 -------- d-----w- C:\Program Files\Common Files\Native Instruments
    2012-08-19 10:22:53 368640 ----a-w- C:\Windows\SysWow64\ReWire.dll
    2012-08-19 10:22:50 487424 ----a-w- C:\Windows\SysWow64\msvcp70.dll
    2012-08-19 10:22:50 344064 ----a-w- C:\Windows\SysWow64\msvcr70.dll
    2012-08-19 10:22:50 1047552 ----a-w- C:\Windows\SysWow64\mfc71u.dll
    2012-08-19 10:14:04 -------- d-----w- C:\Cakewalk Content
    2012-08-19 10:08:52 -------- d-----w- C:\ProgramData\Cakewalk
    .
    ==================== Find3M ====================
    .
    2012-09-03 08:17:43 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-03 08:17:43 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-09-02 14:38:19 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-09-02 14:38:19 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-08-21 03:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
    2012-08-21 03:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
    2012-08-18 12:53:12 14848 ----a-w- C:\Windows\System32\slwga.dll
    2012-08-18 12:53:12 13824 ----a-w- C:\Windows\SysWow64\slwga.dll
    2012-08-18 12:53:11 833024 ----a-w- C:\Windows\SysWow64\user32.dll
    2012-08-18 12:53:11 1008640 ----a-w- C:\Windows\System32\user32.dll
    2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
    2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
    2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
    2012-07-04 17:43:02 419840 ----a-w- C:\Windows\System32\systemcpl.dll
    2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-01-07 01:28:38 102400 ----a-w- C:\Program Files\RemoteVolumeControl.exe
    .
    ============= FINISH: 10:43:26.70 ===============

    Hi there,

    I ran a scan with 'aswMBR' as you suggested and the computer froze mid-scan (after it had found a couple of viruses it seems). I tried running it again after resetting and the same thing happened, so my apologies, but I can't upload a log from that scan. After I rebooted the second time the computer wanted to do a pre-boot scan of the C: and it was getting frozen at 49% every time.

    regards,

    Adam
    Last edited by tashi; 2012-09-18 at 08:11. Reason: Merged two posts :-)

  2. #2
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default



    Please download TDSSKiller.zip
    • Extract it to your desktop
    • Double click TDSSKiller.exe
    • Press Start Scan but do nothing else as we are just looking for what is there.
    • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
    • Attach the log in your next reply
      • A copy of the log will be saved automatically to the root of the drive (typically C:\)

    ----------

  3. #3
    Junior Member
    Join Date
    Aug 2011
    Posts
    24

    Default

    Please find TDSSKiller log attached in a zip file.

  4. #4
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi,

    Download Combofix from the link below, and save it to your desktop.
    Link

    **Note: It is important that it is saved directly to your desktop**
    If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


    --------------------------------------------------------------------

    IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    --------------------------------------------------------------------

    Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the C:\ComboFix.txt for further review.

    ----------

  5. #5
    Junior Member
    Join Date
    Aug 2011
    Posts
    24

    Default

    ComboFix 12-09-18.06 - Adam Casey 19/09/2012 8:18.3.2 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.6143.3667 [GMT 10:00]
    Running from: c:\users\Adam Casey\Desktop\ComboFix.exe
    AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ADS - Windows: deleted 24 bytes in 1 streams.
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Adam Casey\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6E7E49B6-1129-4B71-8B97-609B431696D1}.xps
    c:\users\Adam Casey\AppData\Roaming\90KC17I5UF8Y1p2o3e.exe
    c:\users\Adam Casey\AppData\Roaming\Anuqk
    c:\users\Adam Casey\AppData\Roaming\Anuqk\comyg.ixb
    c:\users\Adam Casey\AppData\Roaming\AnyDVD.exe
    c:\users\Adam Casey\AppData\Roaming\EI5H5TT5JV8A1T1r2e3v.exe
    c:\users\Adam Casey\AppData\Roaming\mswinsck.ocx
    c:\users\Adam Casey\AppData\Roaming\MyFolder
    c:\windows\iun6002.exe
    c:\windows\SysWow64\msvcsv60.dll
    c:\windows\XSxS
    G:\autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-18 to 2012-09-18 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-18 23:06 . 2012-09-18 23:06 78848 ----a-w- c:\windows\KMSEmulator.exe
    2012-09-18 00:10 . 2012-09-18 00:10 647168 ----a-w- c:\windows\AutoKMS.exe
    2012-09-18 00:09 . 2012-08-21 03:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-09-18 00:09 . 2012-09-18 00:09 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-09-18 00:09 . 2012-09-18 00:09 -------- d-----w- c:\program files\iTunes
    2012-09-18 00:09 . 2012-09-18 00:09 -------- d-----w- c:\program files (x86)\iTunes
    2012-09-18 00:09 . 2012-09-18 00:09 -------- d-----w- c:\program files\iPod
    2012-09-11 20:21 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-09-11 20:21 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
    2012-09-11 20:21 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
    2012-09-11 20:21 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
    2012-09-11 20:21 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-09-11 20:21 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-09-11 20:21 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-09-10 11:01 . 2012-09-10 11:01 -------- d-----w- C:\Cakewalk Projects
    2012-09-04 05:16 . 2012-09-04 05:16 -------- d-----w- c:\users\Adam Casey\AppData\Local\ESET
    2012-09-04 05:12 . 2012-09-04 05:12 -------- d-----w- c:\program files\ESET
    2012-09-04 05:09 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-09-04 05:09 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-09-02 14:39 . 2012-09-02 14:39 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-09-02 14:38 . 2012-09-02 14:38 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-08-31 23:41 . 2012-08-31 23:41 -------- d-----w- c:\program files (x86)\IK Multimedia
    2012-08-31 05:12 . 2012-08-31 05:12 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
    2012-08-30 06:01 . 2012-08-31 04:40 -------- d-----w- c:\program files (x86)\ZAR
    2012-08-27 23:36 . 2012-08-27 23:36 -------- d-----w- c:\program files\MOTU
    2012-08-27 23:36 . 2012-08-27 23:36 -------- d-----w- c:\program files (x86)\MOTU
    2012-08-25 10:43 . 2012-08-25 22:27 -------- d-----w- c:\users\Adam Casey\AppData\Roaming\dvdcss
    2012-08-22 23:42 . 2012-08-22 23:42 -------- d-----w- c:\program files (x86)\Winamp Detect
    2012-08-22 23:42 . 2012-08-23 05:45 -------- d-----w- c:\users\Adam Casey\AppData\Roaming\Winamp
    2012-08-22 23:42 . 2012-08-23 00:39 -------- d-----w- c:\program files (x86)\Winamp
    2012-08-21 20:31 . 2012-06-09 17:21 206336 ----a-w- c:\windows\system32\unrar.dll
    2012-08-21 20:31 . 2011-12-07 17:37 148992 ----a-w- c:\windows\system32\lagarith.dll
    2012-08-21 20:31 . 2012-08-17 18:00 127488 ----a-w- c:\windows\system32\ff_vfw.dll
    2012-08-21 20:31 . 2012-08-21 20:31 -------- d-----w- c:\program files\K-Lite Codec Pack x64
    2012-08-21 20:15 . 2011-12-07 17:32 216064 ----a-w- c:\windows\SysWow64\lagarith.dll
    2012-08-21 20:15 . 2011-06-24 14:44 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll
    2012-08-21 20:15 . 2011-06-24 14:28 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll
    2012-08-21 20:15 . 2011-12-21 17:14 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
    2012-08-21 20:15 . 2012-08-17 18:00 112640 ----a-w- c:\windows\SysWow64\ff_vfw.dll
    2012-08-21 05:45 . 2012-08-21 05:45 -------- d-----w- c:\users\Adam Casey\AppData\Roaming\4Front
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-11 20:24 . 2011-07-24 03:56 64462936 ----a-w- c:\windows\system32\MRT.exe
    2012-09-03 08:17 . 2012-04-02 20:12 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-09-03 08:17 . 2011-07-21 06:33 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-02 14:38 . 2012-07-29 12:45 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-09-02 14:38 . 2011-07-21 08:24 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-08-21 03:01 . 2011-07-21 06:44 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
    2012-08-21 03:01 . 2011-07-21 06:44 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
    2012-08-18 12:53 . 2011-07-22 11:00 14848 ----a-w- c:\windows\system32\slwga.dll
    2012-08-18 12:53 . 2011-07-22 11:00 13824 ----a-w- c:\windows\SysWow64\slwga.dll
    2012-08-18 12:53 . 2011-07-22 11:02 1008640 ----a-w- c:\windows\system32\user32.dll
    2012-08-18 12:53 . 2011-07-22 11:01 833024 ----a-w- c:\windows\SysWow64\user32.dll
    2012-07-30 14:27 . 2012-07-30 14:27 65536 ----a-r- c:\users\Adam Casey\AppData\Roaming\Microsoft\Installer\{CDEBE7FF-C832-4B91-9214-A4CA610D78C9}\ARPPRODUCTICON.exe
    2012-07-18 18:15 . 2012-08-15 08:11 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-09 03:42 . 2012-07-09 03:42 4547984 ----a-w- c:\windows\system32\usbaaplrc.dll
    2012-07-09 03:42 . 2012-07-09 03:42 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
    2012-07-04 22:16 . 2012-08-15 08:11 73216 ----a-w- c:\windows\system32\netapi32.dll
    2012-07-04 22:13 . 2012-08-15 08:11 59392 ----a-w- c:\windows\system32\browcli.dll
    2012-07-04 22:13 . 2012-08-15 08:11 136704 ----a-w- c:\windows\system32\browser.dll
    2012-07-04 21:14 . 2012-08-15 08:11 41984 ----a-w- c:\windows\SysWow64\browcli.dll
    2012-07-04 17:43 . 2012-07-04 17:43 419840 ----a-w- c:\windows\system32\systemcpl.dll
    2012-06-29 04:55 . 2012-08-15 12:12 17809920 ----a-w- c:\windows\system32\mshtml.dll
    2012-06-29 04:09 . 2012-08-15 12:12 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2012-06-29 03:56 . 2012-08-15 12:12 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2012-06-29 03:49 . 2012-08-15 12:12 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-06-29 03:49 . 2012-08-15 12:12 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-06-29 03:48 . 2012-08-15 12:12 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-06-29 03:47 . 2012-08-15 12:12 237056 ----a-w- c:\windows\system32\url.dll
    2012-06-29 03:45 . 2012-08-15 12:12 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-06-29 03:44 . 2012-08-15 12:12 816640 ----a-w- c:\windows\system32\jscript.dll
    2012-06-29 03:43 . 2012-08-15 12:12 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-06-29 03:42 . 2012-08-15 12:12 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-06-29 03:40 . 2012-08-15 12:12 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-06-29 03:39 . 2012-08-15 12:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-06-29 03:35 . 2012-08-15 12:12 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-06-29 00:16 . 2012-08-15 12:12 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-06-29 00:09 . 2012-08-15 12:12 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-06-29 00:08 . 2012-08-15 12:12 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-06-29 00:04 . 2012-08-15 12:12 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-06-29 00:00 . 2012-08-15 12:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-01-07 01:28 . 2012-01-07 01:28 102400 ----a-w- c:\program files\RemoteVolumeControl.exe
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2012-08-18 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Adam Casey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Adam Casey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Adam Casey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Adam Casey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "googletalk"="c:\users\Adam Casey\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    "Akamai NetSession Interface"="c:\users\Adam Casey\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
    "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-02 252848]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    MOTU Pedal Service.lnk - c:\program files (x86)\MOTU\Audio\MFWAKeys.exe [2012-6-4 1457552]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files (x86)\Qualcomm\Eudora\EuShlExt.dll" [2005-11-14 86016]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-22 135664]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-03 250568]
    R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-24 245760]
    R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-22 135664]
    R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]
    R3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\DRIVERS\ew_jucdcecm.sys [x]
    R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
    R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [x]
    R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 29720]
    R3 MFWAMIDI64;MOTU Audio MIDI for 64 bit;c:\windows\system32\drivers\MFWAMIDI64.sys [2012-06-04 32408]
    R3 MFWAWAVE64;MOTU Audio Wave for 64 bit;c:\windows\system32\drivers\MFWAWAVE64.sys [2012-06-04 82584]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 MotuFWA64;MotuFWA64;c:\windows\system32\drivers\Motufwa64.sys [2012-06-04 609944]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-31 114144]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-09 22528]
    R3 OXSDIDRV_x64;Oxford Semi eSATA Filter (x64);c:\windows\system32\DRIVERS\OXSDIDRV_x64.sys [2009-09-27 51760]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [2010-04-09 627744]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 SynUSB64;SynUSB64;c:\windows\system32\DRIVERS\SynUSB64.sys [2007-10-24 29432]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-18 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
    S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-03-13 62496]
    S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-13 209768]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-13 148528]
    S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-13 38288]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-19 203776]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144]
    S2 LaCieDesktopManagerService;LaCieDesktopManagerService;c:\program files\LaCie\Desktop Manager\lacie_dm_service.exe [2009-12-02 1118208]
    S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2010-03-25 5018624]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-19 9319936]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-19 306176]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-17 47616]
    S3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\MotuBus64.sys [2012-06-04 29848]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-27 395264]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-12-06 13:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-18 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 08:17]
    .
    2012-09-18 c:\windows\Tasks\AutoKMS.job
    - c:\windows\AutoKMS.exe [2012-09-18 00:10]
    .
    2012-09-18 c:\windows\Tasks\AutoKMSDaily.job
    - c:\windows\AutoKMS.exe [2012-09-18 00:10]
    .
    2012-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-22 11:51]
    .
    2012-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-22 11:51]
    .
    2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2815916078-2259092287-661349574-1000Core.job
    - c:\users\Adam Casey\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-19 10:53]
    .
    2012-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2815916078-2259092287-661349574-1000UA.job
    - c:\users\Adam Casey\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-19 10:53]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 97792 ----a-w- c:\users\Adam Casey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 97792 ----a-w- c:\users\Adam Casey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 97792 ----a-w- c:\users\Adam Casey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 97792 ----a-w- c:\users\Adam Casey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-09-04 4081008]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com.au/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 211.31.138.11 211.29.132.12
    FF - ProfilePath - c:\users\Adam Casey\AppData\Roaming\Mozilla\Firefox\Profiles\u88r5vt9.default\
    FF - prefs.js: browser.startup.homepage - www.google.com.au
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    ShellIconOverlayIdentifiers-{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} - c:\windows\SysWOW64\CbFsMntNtf3.dll
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    Wow6432Node-HKLM-Run-SlySoft - c:\users\Adam Casey\AppData\Roaming\AnyDVD.exe
    AddRemove-dBpoweramp FLAC Codec - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp Monkeys Audio Codec - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp Ogg Vorbis Codec - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp WavPack Codec - c:\windows\system32\SpoonUninstall.exe
    AddRemove-Drumagog 4 Platinum4.11 - c:\windows\iun6002.exe
    AddRemove-Native Instruments GuitarRig Mobile IO Driver - c:\programdata\{4F32CAF7-963B-404D-BF13-C48BA3F5F6A7}\GuitarRig Mobile IO Driver Setup.exe
    AddRemove-Native Instruments Session IO Driver - c:\programdata\{AC46DC4F-66BD-4733-A8B4-0B69418C12D0}\Session IO Driver Setup.exe
    AddRemove-XPort 360_is1 - g:\downloads\XPort 360\unins000.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\SysWOW64\bgsvcgen.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
    c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    .
    **************************************************************************
    .
    Completion time: 2012-09-19 09:20:25 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-09-18 23:20
    .
    Pre-Run: 26,211,696,640 bytes free
    Post-Run: 26,720,079,872 bytes free
    .
    - - End Of File - - B19A9A7A2AF0310B5B1C0D64D79DD71A

  6. #6
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2


    **If you are using a 64bit system please use either of the following links for your download instead:
    Link 1
    Link 2

    • Right-click and Run as Administrator SystemLook.exe to run it.
    • Copy the content within the following codebox into the main textfield:
      Code:
      :filefind
      *user32*
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt

  7. #7
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi,

    Clear Java Cache

    See this page for instructions on how to clear java's cache.

    Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
    • Under Temporary Internet Files, click the Delete Files button.
    • There are three options in the window to clear the cache - Leave ALL 3 Checked
      • Downloaded Applets
        Downloaded Applications
        Other Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Java Control Panel.

    ----------

    Please download Malwarebytes Anti-Malware to your desktop.

    • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan as shown below.


    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.



    The log can also be found here:

    Windows 2000 & Windows XP:
    C:\Documents and Settings\<USERNAME>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

    Windows Vista & Win7:
    C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
    ----------

    ESET Online Scanner

    Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
    • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
    • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    • Click Scan
    • Wait for the scan to finish
    • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
    • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
    • Close the ESET online scan, and let me know how things are now.
    ----------

  8. #8
    Junior Member
    Join Date
    Aug 2011
    Posts
    24

    Default malwarebytes log

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.09.21.09

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Adam Casey :: ADAMCASEY-PC [administrator]

    22/09/2012 10:40:26 AM
    mbam-log-2012-09-22 (10-40-26).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 222892
    Time elapsed: 4 minute(s), 49 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\KMSEmulator.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

    (end)

  9. #9
    Junior Member
    Join Date
    Aug 2011
    Posts
    24

    Default eset threats found log

    C:\Users\Adam Casey\Downloads\winzip155.exe Win32/OpenCandy application
    C:\Windows\KMSEmulator.exe a variant of Win32/HackKMS.A application

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •