Page 1 of 3 123 LastLast
Results 1 to 10 of 23

Thread: Win32/VB.QOX trojan

  1. #1
    Junior Member
    Join Date
    Aug 2011
    Posts
    24

    Default Win32/VB.QOX trojan

    Hi there,

    Eset Smart Security is continually finding a trojan operating in my memory, but cannot clean it.

    It is located in c:\windows\sysWOW64\svchost.exe - and is given the name: Win32/VB.QOX trojan

    At this point, my computer doesn't seem to be adversely affected, it's maybe a little sluggish compared to normal? I am more worried that my security is being compromised in some way.

    Here is the DDS log and please find 'attach.txt' attached as a zip file:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
    Run by Adam Casey at 10:37:14 on 2012-09-18
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.6143.3546 [GMT 10:00]
    .
    AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\SysWOW64\bgsvcgen.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Users\Adam Casey\AppData\Roaming\Google\Google Talk\googletalk.exe
    C:\Users\Adam Casey\AppData\Local\Akamai\netsession_win.exe
    C:\Users\Adam Casey\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    "C:\Windows\system32\svchost.exe"
    C:\Users\Adam Casey\AppData\Roaming\AnyDVD.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\iTunes\iTunes.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\sysWOW64\wbem\wmiprvse.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    C:\Windows\splwow64.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    c:\program files\windows defender\MpCmdRun.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com.au/
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    uURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [googletalk] C:\Users\Adam Casey\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
    uRun: [Google Update] "C:\Users\Adam Casey\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Akamai NetSession Interface] "C:\Users\Adam Casey\AppData\Local\Akamai\netsession_win.exe"
    uRun: [AdobeBridge]
    uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [SlySoft] C:\Users\Adam Casey\AppData\Roaming\AnyDVD.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOTUPE~1.LNK - C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 211.31.138.11 211.29.132.12
    TCP: Interfaces\{ADBC1785-9A23-4088-B258-206CAAA7ACD4} : DhcpNameServer = 198.142.0.51 61.88.88.88
    TCP: Interfaces\{C12FFEF7-FE00-4E94-A696-AE911DA716F9} : DhcpNameServer = 198.142.0.51 61.88.88.88
    TCP: Interfaces\{F907E1BF-CC5A-43D6-8FCA-32738CB2B923} : DhcpNameServer = 211.31.138.11 211.29.132.12
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
    STS: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
    SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - C:\Program Files (x86)\Qualcomm\Eudora\EuShlExt.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
    BHO-X64: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
    BHO-X64: Virtual Storage Mount Notification - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [SlySoft] C:\Users\Adam Casey\AppData\Roaming\AnyDVD.exe
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    SSODL-X64: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
    STS-X64: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
    SEH-X64: Eudora's Shell Extension: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files (x86)\Qualcomm\Eudora\EuShlExt.dll
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Adam Casey\AppData\Roaming\Mozilla\Firefox\Profiles\u88r5vt9.default\
    FF - prefs.js: browser.startup.homepage - www.google.com.au
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin8.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: C:\Program Files (x86)\QuickTime\Plugins\npqtplugin8.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Adam Casey\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Adam Casey\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\Adam Casey\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Adam Casey\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
    R1 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
    R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-28 63960]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 20992]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-3-7 913144]
    R2 LaCieDesktopManagerService;LaCieDesktopManagerService;C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe [2011-8-29 1118208]
    R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2010-3-26 5018624]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-7-21 1153368]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-8-13 3064000]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 MFWAMIDI64;MOTU Audio MIDI for 64 bit;C:\Windows\system32\drivers\MFWAMIDI64.sys --> C:\Windows\system32\drivers\MFWAMIDI64.sys [?]
    R3 MFWAWAVE64;MOTU Audio Wave for 64 bit;C:\Windows\system32\drivers\MFWAWAVE64.sys --> C:\Windows\system32\drivers\MFWAWAVE64.sys [?]
    R3 motubus;MOTU Audio MIDI Extension;C:\Windows\system32\drivers\MotuBus64.sys --> C:\Windows\system32\drivers\MotuBus64.sys [?]
    R3 MotuFWA64;MotuFWA64;C:\Windows\system32\drivers\Motufwa64.sys --> C:\Windows\system32\drivers\Motufwa64.sys [?]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-22 135664]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 250568]
    S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-5-18 245760]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-22 135664]
    S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 114144]
    S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
    S3 OXSDIDRV_x64;Oxford Semi eSATA Filter (x64);C:\Windows\system32\DRIVERS\OXSDIDRV_x64.sys --> C:\Windows\system32\DRIVERS\OXSDIDRV_x64.sys [?]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192cu.sys --> C:\Windows\system32\DRIVERS\RTL8192cu.sys [?]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 SynUSB64;SynUSB64;C:\Windows\system32\DRIVERS\SynUSB64.sys --> C:\Windows\system32\DRIVERS\SynUSB64.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-09-18 00:10:40 647168 ----a-w- C:\Windows\AutoKMS.exe
    2012-09-18 00:10:17 78848 ----a-w- C:\Windows\KMSEmulator.exe
    2012-09-18 00:09:56 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2012-09-18 00:09:18 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-09-18 00:09:18 -------- d-----w- C:\Program Files\iTunes
    2012-09-18 00:09:18 -------- d-----w- C:\Program Files\iPod
    2012-09-18 00:09:18 -------- d-----w- C:\Program Files (x86)\iTunes
    2012-09-12 11:44:06 720896 ----a-w- C:\Users\Adam Casey\AppData\Roaming\90KC17I5UF8Y1p2o3e.exe
    2012-09-12 11:28:49 104960 ----a-w- C:\Users\Adam Casey\AppData\Roaming\AnyDVD.exe
    2012-09-12 11:28:46 108451 --sh--w- C:\Users\Adam Casey\AppData\Roaming\mswinsck.ocx
    2012-09-12 11:28:33 104960 ----a-w- C:\Users\Adam Casey\AppData\Roaming\EI5H5TT5JV8A1T1r2e3v.exe
    2012-09-11 20:21:59 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
    2012-09-11 20:21:58 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
    2012-09-11 20:21:57 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
    2012-09-11 20:21:57 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    2012-09-11 20:21:55 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-09-11 20:21:55 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-09-11 20:21:55 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-09-11 10:12:29 -------- d-----w- C:\Users\Adam Casey\AppData\Roaming\MyFolder
    2012-09-10 11:01:26 -------- d-----w- C:\Cakewalk Projects
    2012-09-04 05:16:09 -------- d-----w- C:\Users\Adam Casey\AppData\Roaming\ESET
    2012-09-04 05:16:09 -------- d-----w- C:\Users\Adam Casey\AppData\Local\ESET
    2012-09-04 05:12:52 -------- d-----w- C:\Program Files\ESET
    2012-09-04 05:09:49 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-09-04 05:09:49 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-09-02 14:38:31 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-08-31 23:45:12 16 ----a-w- C:\Windows\SysWow64\msvcsv60.dll
    2012-08-31 23:41:23 -------- d-----w- C:\Program Files (x86)\IK Multimedia
    2012-08-31 05:12:50 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
    2012-08-30 06:01:01 -------- d-----w- C:\Program Files (x86)\ZAR
    2012-08-27 23:36:16 -------- d-----w- C:\Program Files\MOTU
    2012-08-27 23:36:16 -------- d-----w- C:\Program Files (x86)\MOTU
    2012-08-26 21:02:35 -------- d-----w- C:\Windows\pss
    2012-08-22 23:42:40 -------- d-----w- C:\Program Files (x86)\Winamp Detect
    2012-08-21 20:31:55 206336 ----a-w- C:\Windows\System32\unrar.dll
    2012-08-21 20:31:55 148992 ----a-w- C:\Windows\System32\lagarith.dll
    2012-08-21 20:31:52 127488 ----a-w- C:\Windows\System32\ff_vfw.dll
    2012-08-21 20:31:50 -------- d-----w- C:\Program Files\K-Lite Codec Pack x64
    2012-08-21 20:15:36 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll
    2012-08-21 20:15:36 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
    2012-08-21 20:15:36 216064 ----a-w- C:\Windows\SysWow64\lagarith.dll
    2012-08-21 20:15:32 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm
    2012-08-21 20:15:28 112640 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
    2012-08-21 05:45:21 -------- d-----w- C:\Users\Adam Casey\AppData\Roaming\4Front
    2012-08-19 10:52:23 -------- dc-h--w- C:\ProgramData\{0F90C280-4264-421D-B061-171A009C45E3}
    2012-08-19 10:51:07 -------- dc-h--w- C:\ProgramData\{FB9DCDD5-FDBE-4EED-A03A-BA8F086DC950}
    2012-08-19 10:49:45 -------- dc-h--w- C:\ProgramData\{A088C926-8EF0-4CFF-A473-EB879919E63A}
    2012-08-19 10:48:35 -------- dc-h--w- C:\ProgramData\{84BD2490-E07B-459A-85CD-649AABFCE52D}
    2012-08-19 10:47:01 -------- dc-h--w- C:\ProgramData\{E2CB91C4-F65B-43A3-AF20-333B2663A78A}
    2012-08-19 10:38:08 -------- d-----w- C:\Users\Adam Casey\TruePianos Settings
    2012-08-19 10:34:51 -------- d-----w- C:\ProgramData\Native Instruments
    2012-08-19 10:30:39 -------- dc-h--w- C:\ProgramData\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
    2012-08-19 10:30:36 -------- d-----w- C:\Program Files\Native Instruments
    2012-08-19 10:30:36 -------- d-----w- C:\Program Files\Common Files\Native Instruments
    2012-08-19 10:22:53 368640 ----a-w- C:\Windows\SysWow64\ReWire.dll
    2012-08-19 10:22:50 487424 ----a-w- C:\Windows\SysWow64\msvcp70.dll
    2012-08-19 10:22:50 344064 ----a-w- C:\Windows\SysWow64\msvcr70.dll
    2012-08-19 10:22:50 1047552 ----a-w- C:\Windows\SysWow64\mfc71u.dll
    2012-08-19 10:14:04 -------- d-----w- C:\Cakewalk Content
    2012-08-19 10:08:52 -------- d-----w- C:\ProgramData\Cakewalk
    .
    ==================== Find3M ====================
    .
    2012-09-03 08:17:43 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-03 08:17:43 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-09-02 14:38:19 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-09-02 14:38:19 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-08-21 03:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
    2012-08-21 03:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
    2012-08-18 12:53:12 14848 ----a-w- C:\Windows\System32\slwga.dll
    2012-08-18 12:53:12 13824 ----a-w- C:\Windows\SysWow64\slwga.dll
    2012-08-18 12:53:11 833024 ----a-w- C:\Windows\SysWow64\user32.dll
    2012-08-18 12:53:11 1008640 ----a-w- C:\Windows\System32\user32.dll
    2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
    2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
    2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
    2012-07-04 17:43:02 419840 ----a-w- C:\Windows\System32\systemcpl.dll
    2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-01-07 01:28:38 102400 ----a-w- C:\Program Files\RemoteVolumeControl.exe
    .
    ============= FINISH: 10:43:26.70 ===============

    Hi there,

    I ran a scan with 'aswMBR' as you suggested and the computer froze mid-scan (after it had found a couple of viruses it seems). I tried running it again after resetting and the same thing happened, so my apologies, but I can't upload a log from that scan. After I rebooted the second time the computer wanted to do a pre-boot scan of the C: and it was getting frozen at 49% every time.

    regards,

    Adam
    Last edited by tashi; 2012-09-18 at 08:11. Reason: Merged two posts :-)

  2. #2
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default



    Please download TDSSKiller.zip
    • Extract it to your desktop
    • Double click TDSSKiller.exe
    • Press Start Scan but do nothing else as we are just looking for what is there.
    • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
    • Attach the log in your next reply
      • A copy of the log will be saved automatically to the root of the drive (typically C:\)

    ----------

  3. #3
    Junior Member
    Join Date
    Aug 2011
    Posts
    24

    Default

    Please find TDSSKiller log attached in a zip file.

  4. #4
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi,

    Download Combofix from the link below, and save it to your desktop.
    Link

    **Note: It is important that it is saved directly to your desktop**
    If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


    --------------------------------------------------------------------

    IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    --------------------------------------------------------------------

    Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the C:\ComboFix.txt for further review.

    ----------

  5. #5
    Junior Member
    Join Date
    Aug 2011
    Posts
    24

    Default

    ComboFix 12-09-18.06 - Adam Casey 19/09/2012 8:18.3.2 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.6143.3667 [GMT 10:00]
    Running from: c:\users\Adam Casey\Desktop\ComboFix.exe
    AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ADS - Windows: deleted 24 bytes in 1 streams.
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Adam Casey\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6E7E49B6-1129-4B71-8B97-609B431696D1}.xps
    c:\users\Adam Casey\AppData\Roaming\90KC17I5UF8Y1p2o3e.exe
    c:\users\Adam Casey\AppData\Roaming\Anuqk
    c:\users\Adam Casey\AppData\Roaming\Anuqk\comyg.ixb
    c:\users\Adam Casey\AppData\Roaming\AnyDVD.exe
    c:\users\Adam Casey\AppData\Roaming\EI5H5TT5JV8A1T1r2e3v.exe
    c:\users\Adam Casey\AppData\Roaming\mswinsck.ocx
    c:\users\Adam Casey\AppData\Roaming\MyFolder
    c:\windows\iun6002.exe
    c:\windows\SysWow64\msvcsv60.dll
    c:\windows\XSxS
    G:\autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-18 to 2012-09-18 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-18 23:06 . 2012-09-18 23:06 78848 ----a-w- c:\windows\KMSEmulator.exe
    2012-09-18 00:10 . 2012-09-18 00:10 647168 ----a-w- c:\windows\AutoKMS.exe
    2012-09-18 00:09 . 2012-08-21 03:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-09-18 00:09 . 2012-09-18 00:09 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-09-18 00:09 . 2012-09-18 00:09 -------- d-----w- c:\program files\iTunes
    2012-09-18 00:09 . 2012-09-18 00:09 -------- d-----w- c:\program files (x86)\iTunes
    2012-09-18 00:09 . 2012-09-18 00:09 -------- d-----w- c:\program files\iPod
    2012-09-11 20:21 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-09-11 20:21 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
    2012-09-11 20:21 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
    2012-09-11 20:21 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
    2012-09-11 20:21 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-09-11 20:21 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-09-11 20:21 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-09-10 11:01 . 2012-09-10 11:01 -------- d-----w- C:\Cakewalk Projects
    2012-09-04 05:16 . 2012-09-04 05:16 -------- d-----w- c:\users\Adam Casey\AppData\Local\ESET
    2012-09-04 05:12 . 2012-09-04 05:12 -------- d-----w- c:\program files\ESET
    2012-09-04 05:09 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-09-04 05:09 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-09-02 14:39 . 2012-09-02 14:39 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-09-02 14:38 . 2012-09-02 14:38 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-08-31 23:41 . 2012-08-31 23:41 -------- d-----w- c:\program files (x86)\IK Multimedia
    2012-08-31 05:12 . 2012-08-31 05:12 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
    2012-08-30 06:01 . 2012-08-31 04:40 -------- d-----w- c:\program files (x86)\ZAR
    2012-08-27 23:36 . 2012-08-27 23:36 -------- d-----w- c:\program files\MOTU
    2012-08-27 23:36 . 2012-08-27 23:36 -------- d-----w- c:\program files (x86)\MOTU
    2012-08-25 10:43 . 2012-08-25 22:27 -------- d-----w- c:\users\Adam Casey\AppData\Roaming\dvdcss
    2012-08-22 23:42 . 2012-08-22 23:42 -------- d-----w- c:\program files (x86)\Winamp Detect
    2012-08-22 23:42 . 2012-08-23 05:45 -------- d-----w- c:\users\Adam Casey\AppData\Roaming\Winamp
    2012-08-22 23:42 . 2012-08-23 00:39 -------- d-----w- c:\program files (x86)\Winamp
    2012-08-21 20:31 . 2012-06-09 17:21 206336 ----a-w- c:\windows\system32\unrar.dll
    2012-08-21 20:31 . 2011-12-07 17:37 148992 ----a-w- c:\windows\system32\lagarith.dll
    2012-08-21 20:31 . 2012-08-17 18:00 127488 ----a-w- c:\windows\system32\ff_vfw.dll
    2012-08-21 20:31 . 2012-08-21 20:31 -------- d-----w- c:\program files\K-Lite Codec Pack x64
    2012-08-21 20:15 . 2011-12-07 17:32 216064 ----a-w- c:\windows\SysWow64\lagarith.dll
    2012-08-21 20:15 . 2011-06-24 14:44 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll
    2012-08-21 20:15 . 2011-06-24 14:28 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll
    2012-08-21 20:15 . 2011-12-21 17:14 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
    2012-08-21 20:15 . 2012-08-17 18:00 112640 ----a-w- c:\windows\SysWow64\ff_vfw.dll
    2012-08-21 05:45 . 2012-08-21 05:45 -------- d-----w- c:\users\Adam Casey\AppData\Roaming\4Front
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-11 20:24 . 2011-07-24 03:56 64462936 ----a-w- c:\windows\system32\MRT.exe
    2012-09-03 08:17 . 2012-04-02 20:12 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-09-03 08:17 . 2011-07-21 06:33 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-02 14:38 . 2012-07-29 12:45 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-09-02 14:38 . 2011-07-21 08:24 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-08-21 03:01 . 2011-07-21 06:44 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
    2012-08-21 03:01 . 2011-07-21 06:44 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
    2012-08-18 12:53 . 2011-07-22 11:00 14848 ----a-w- c:\windows\system32\slwga.dll
    2012-08-18 12:53 . 2011-07-22 11:00 13824 ----a-w- c:\windows\SysWow64\slwga.dll
    2012-08-18 12:53 . 2011-07-22 11:02 1008640 ----a-w- c:\windows\system32\user32.dll
    2012-08-18 12:53 . 2011-07-22 11:01 833024 ----a-w- c:\windows\SysWow64\user32.dll
    2012-07-30 14:27 . 2012-07-30 14:27 65536 ----a-r- c:\users\Adam Casey\AppData\Roaming\Microsoft\Installer\{CDEBE7FF-C832-4B91-9214-A4CA610D78C9}\ARPPRODUCTICON.exe
    2012-07-18 18:15 . 2012-08-15 08:11 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-09 03:42 . 2012-07-09 03:42 4547984 ----a-w- c:\windows\system32\usbaaplrc.dll
    2012-07-09 03:42 . 2012-07-09 03:42 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
    2012-07-04 22:16 . 2012-08-15 08:11 73216 ----a-w- c:\windows\system32\netapi32.dll
    2012-07-04 22:13 . 2012-08-15 08:11 59392 ----a-w- c:\windows\system32\browcli.dll
    2012-07-04 22:13 . 2012-08-15 08:11 136704 ----a-w- c:\windows\system32\browser.dll
    2012-07-04 21:14 . 2012-08-15 08:11 41984 ----a-w- c:\windows\SysWow64\browcli.dll
    2012-07-04 17:43 . 2012-07-04 17:43 419840 ----a-w- c:\windows\system32\systemcpl.dll
    2012-06-29 04:55 . 2012-08-15 12:12 17809920 ----a-w- c:\windows\system32\mshtml.dll
    2012-06-29 04:09 . 2012-08-15 12:12 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2012-06-29 03:56 . 2012-08-15 12:12 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2012-06-29 03:49 . 2012-08-15 12:12 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-06-29 03:49 . 2012-08-15 12:12 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-06-29 03:48 . 2012-08-15 12:12 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-06-29 03:47 . 2012-08-15 12:12 237056 ----a-w- c:\windows\system32\url.dll
    2012-06-29 03:45 . 2012-08-15 12:12 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-06-29 03:44 . 2012-08-15 12:12 816640 ----a-w- c:\windows\system32\jscript.dll
    2012-06-29 03:43 . 2012-08-15 12:12 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-06-29 03:42 . 2012-08-15 12:12 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-06-29 03:40 . 2012-08-15 12:12 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-06-29 03:39 . 2012-08-15 12:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-06-29 03:35 . 2012-08-15 12:12 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-06-29 00:16 . 2012-08-15 12:12 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-06-29 00:09 . 2012-08-15 12:12 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-06-29 00:08 . 2012-08-15 12:12 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-06-29 00:04 . 2012-08-15 12:12 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-06-29 00:00 . 2012-08-15 12:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-01-07 01:28 . 2012-01-07 01:28 102400 ----a-w- c:\program files\RemoteVolumeControl.exe
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2012-08-18 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Adam Casey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Adam Casey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Adam Casey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Adam Casey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "googletalk"="c:\users\Adam Casey\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    "Akamai NetSession Interface"="c:\users\Adam Casey\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
    "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-02 252848]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    MOTU Pedal Service.lnk - c:\program files (x86)\MOTU\Audio\MFWAKeys.exe [2012-6-4 1457552]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files (x86)\Qualcomm\Eudora\EuShlExt.dll" [2005-11-14 86016]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-22 135664]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-03 250568]
    R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-24 245760]
    R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-22 135664]
    R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]
    R3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\DRIVERS\ew_jucdcecm.sys [x]
    R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
    R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [x]
    R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 29720]
    R3 MFWAMIDI64;MOTU Audio MIDI for 64 bit;c:\windows\system32\drivers\MFWAMIDI64.sys [2012-06-04 32408]
    R3 MFWAWAVE64;MOTU Audio Wave for 64 bit;c:\windows\system32\drivers\MFWAWAVE64.sys [2012-06-04 82584]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 MotuFWA64;MotuFWA64;c:\windows\system32\drivers\Motufwa64.sys [2012-06-04 609944]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-31 114144]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-09 22528]
    R3 OXSDIDRV_x64;Oxford Semi eSATA Filter (x64);c:\windows\system32\DRIVERS\OXSDIDRV_x64.sys [2009-09-27 51760]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [2010-04-09 627744]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 SynUSB64;SynUSB64;c:\windows\system32\DRIVERS\SynUSB64.sys [2007-10-24 29432]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-18 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
    S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-03-13 62496]
    S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-13 209768]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-13 148528]
    S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-13 38288]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-19 203776]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144]
    S2 LaCieDesktopManagerService;LaCieDesktopManagerService;c:\program files\LaCie\Desktop Manager\lacie_dm_service.exe [2009-12-02 1118208]
    S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2010-03-25 5018624]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-19 9319936]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-19 306176]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-17 47616]
    S3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\MotuBus64.sys [2012-06-04 29848]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-27 395264]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-12-06 13:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-18 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 08:17]
    .
    2012-09-18 c:\windows\Tasks\AutoKMS.job
    - c:\windows\AutoKMS.exe [2012-09-18 00:10]
    .
    2012-09-18 c:\windows\Tasks\AutoKMSDaily.job
    - c:\windows\AutoKMS.exe [2012-09-18 00:10]
    .
    2012-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-22 11:51]
    .
    2012-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-22 11:51]
    .
    2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2815916078-2259092287-661349574-1000Core.job
    - c:\users\Adam Casey\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-19 10:53]
    .
    2012-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2815916078-2259092287-661349574-1000UA.job
    - c:\users\Adam Casey\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-19 10:53]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 97792 ----a-w- c:\users\Adam Casey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 97792 ----a-w- c:\users\Adam Casey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 97792 ----a-w- c:\users\Adam Casey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 97792 ----a-w- c:\users\Adam Casey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-09-04 4081008]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com.au/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 211.31.138.11 211.29.132.12
    FF - ProfilePath - c:\users\Adam Casey\AppData\Roaming\Mozilla\Firefox\Profiles\u88r5vt9.default\
    FF - prefs.js: browser.startup.homepage - www.google.com.au
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    ShellIconOverlayIdentifiers-{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} - c:\windows\SysWOW64\CbFsMntNtf3.dll
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    Wow6432Node-HKLM-Run-SlySoft - c:\users\Adam Casey\AppData\Roaming\AnyDVD.exe
    AddRemove-dBpoweramp FLAC Codec - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp Monkeys Audio Codec - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp Ogg Vorbis Codec - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp WavPack Codec - c:\windows\system32\SpoonUninstall.exe
    AddRemove-Drumagog 4 Platinum4.11 - c:\windows\iun6002.exe
    AddRemove-Native Instruments GuitarRig Mobile IO Driver - c:\programdata\{4F32CAF7-963B-404D-BF13-C48BA3F5F6A7}\GuitarRig Mobile IO Driver Setup.exe
    AddRemove-Native Instruments Session IO Driver - c:\programdata\{AC46DC4F-66BD-4733-A8B4-0B69418C12D0}\Session IO Driver Setup.exe
    AddRemove-XPort 360_is1 - g:\downloads\XPort 360\unins000.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\SysWOW64\bgsvcgen.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
    c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    .
    **************************************************************************
    .
    Completion time: 2012-09-19 09:20:25 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-09-18 23:20
    .
    Pre-Run: 26,211,696,640 bytes free
    Post-Run: 26,720,079,872 bytes free
    .
    - - End Of File - - B19A9A7A2AF0310B5B1C0D64D79DD71A

  6. #6
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2


    **If you are using a 64bit system please use either of the following links for your download instead:
    Link 1
    Link 2

    • Right-click and Run as Administrator SystemLook.exe to run it.
    • Copy the content within the following codebox into the main textfield:
      Code:
      :filefind
      *user32*
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt

  7. #7
    Junior Member
    Join Date
    Aug 2011
    Posts
    24

    Default

    Hi there,

    Yes: I'm using 64 bit Windows 7. Forgot to mention that: apologies.

    Here is the log:

    SystemLook 30.07.11 by jpshortstuff
    Log created at 07:24 on 20/09/2012 by Adam Casey
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "*user32*"
    C:\Windows\ERDNT\cache64\user32.dll --a---- 1008128 bytes [14:16 18/08/2011] [13:27 20/11/2010] FE70103391A64039A921DBFFF9C7AB1B
    C:\Windows\ERDNT\cache86\user32.dll --a---- 833024 bytes [14:16 18/08/2011] [12:08 20/11/2010] 5E0DB2D8B2750543CD2EBB9EA8E6CDD3
    C:\Windows\System32\user32.dll --a---- 1008640 bytes [11:02 22/07/2011] [12:53 18/08/2012] 2C353B6CE0C8D03225CAA2AF33B68D79
    C:\Windows\System32\user32.dll.bak --a---- 1008128 bytes [11:02 22/07/2011] [13:27 20/11/2010] FE70103391A64039A921DBFFF9C7AB1B
    C:\Windows\System32\en-US\user32.dll.mui --a---- 17920 bytes [10:59 22/07/2011] [12:58 20/11/2010] EF9BC0D92F9AF6A446CA3179EFDA0CE0
    C:\Windows\System32\manifeststore\user32.amx --a---- 342524 bytes [10:59 22/07/2011] [09:50 20/11/2010] 2FFFCC20E95D9DF2A4046328F6BB7AEC
    C:\Windows\SysWOW64\user32.dll --a---- 833024 bytes [11:01 22/07/2011] [12:53 18/08/2012] 861C4346F9281DC0380DE72C8D55D6BE
    C:\Windows\SysWOW64\user32.dll.bak --a---- 833024 bytes [11:01 22/07/2011] [12:08 20/11/2010] 5E0DB2D8B2750543CD2EBB9EA8E6CDD3
    C:\Windows\SysWOW64\en-US\user32.dll.mui --a---- 17920 bytes [10:59 22/07/2011] [11:59 20/11/2010] 6B63EA7979F501C37FC55A26CA162ACD
    C:\Windows\SysWOW64\manifeststore\user32.amx --a---- 367164 bytes [11:01 22/07/2011] [09:06 20/11/2010] DE03DD1A689B53FB2B4A5E480AC7AA4F
    C:\Windows\winsxs\amd64_microsoft-windows-a..structure-manifests_31bf3856ad364e35_6.1.7600.16385_none_f9c056b9cd0366f5\user32.amx --a---- 342512 bytes [23:38 13/07/2009] [23:38 13/07/2009] 3B091A3E23D263AD36787541F528B59C
    C:\Windows\winsxs\amd64_microsoft-windows-a..structure-manifests_31bf3856ad364e35_6.1.7601.17514_none_fbf16a81c9f1ea8f\user32.amx --a---- 342524 bytes [10:59 22/07/2011] [09:50 20/11/2010] 2FFFCC20E95D9DF2A4046328F6BB7AEC
    C:\Windows\winsxs\amd64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7600.16385_en-us_99f2e97144ce40b4\user32.dll.mui --a---- 17920 bytes [05:35 14/07/2009] [02:26 14/07/2009] 7CA57982056C7BCED0B96A892F595802
    C:\Windows\winsxs\amd64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7601.17514_en-us_9c23fd3941bcc44e\user32.dll.mui --a---- 17920 bytes [10:59 22/07/2011] [12:58 20/11/2010] EF9BC0D92F9AF6A446CA3179EFDA0CE0
    C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll --a---- 1008640 bytes [23:38 13/07/2009] [01:41 14/07/2009] 72D7B3EA16946E8F0CF7458150031CC6
    C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll --a---- 1008128 bytes [11:02 22/07/2011] [13:27 20/11/2010] FE70103391A64039A921DBFFF9C7AB1B
    C:\Windows\winsxs\Backup\amd64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7601.17514_en-us_9c23fd3941bcc44e.manifest --a---- 2380 bytes [07:34 24/07/2011] [03:53 24/07/2011] FCF0C7FBF64A5B153F63B68A9D1587A2
    C:\Windows\winsxs\Backup\amd64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7601.17514_en-us_9c23fd3941bcc44e_user32.dll.mui_14652dbb --a---- 17920 bytes [07:34 24/07/2011] [03:53 24/07/2011] EF9BC0D92F9AF6A446CA3179EFDA0CE0
    C:\Windows\winsxs\Backup\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973.manifest --a---- 2735 bytes [07:34 24/07/2011] [03:52 24/07/2011] 15E19DF34278CE935EBA06DC1ACD2CC8
    C:\Windows\winsxs\Backup\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973_user32.dll_55f4ed20 --a---- 1008128 bytes [07:34 24/07/2011] [03:52 24/07/2011] FE70103391A64039A921DBFFF9C7AB1B
    C:\Windows\winsxs\Backup\wow64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7601.17514_en-us_a678a78b761d8649.manifest --a---- 2388 bytes [07:35 24/07/2011] [03:55 24/07/2011] 1CECD60B9F87140B907C8A94695322E3
    C:\Windows\winsxs\Backup\wow64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7601.17514_en-us_a678a78b761d8649_user32.dll.mui_14652dbb --a---- 17920 bytes [07:35 24/07/2011] [03:55 24/07/2011] 6B63EA7979F501C37FC55A26CA162ACD
    C:\Windows\winsxs\Backup\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e.manifest --a---- 2743 bytes [07:34 24/07/2011] [03:53 24/07/2011] 95DE794ABE239191A81508A617C359A1
    C:\Windows\winsxs\Backup\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e_user32.dll_55f4ed20 --a---- 833024 bytes [07:34 24/07/2011] [03:53 24/07/2011] 5E0DB2D8B2750543CD2EBB9EA8E6CDD3
    C:\Windows\winsxs\Manifests\amd64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7600.16385_en-us_99f2e97144ce40b4.manifest --a---- 2380 bytes [05:35 14/07/2009] [02:44 14/07/2009] D158A8077128FBC1064621A53C592687
    C:\Windows\winsxs\Manifests\amd64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7601.17514_en-us_9c23fd3941bcc44e.manifest ------- 2380 bytes [10:38 22/07/2011] [19:31 19/11/2010] FCF0C7FBF64A5B153F63B68A9D1587A2
    C:\Windows\winsxs\Manifests\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9.manifest --a---- 2735 bytes [02:33 14/07/2009] [02:27 14/07/2009] 3DEA0F7C04BC5EFD14A5394C78519ADA
    C:\Windows\winsxs\Manifests\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973.manifest ------- 2735 bytes [10:38 22/07/2011] [20:22 19/11/2010] 15E19DF34278CE935EBA06DC1ACD2CC8
    C:\Windows\winsxs\Manifests\wow64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a44793c3792f02af.manifest --a---- 2388 bytes [05:35 14/07/2009] [02:28 14/07/2009] 59AB29211504364A7B74570CB76C5A20
    C:\Windows\winsxs\Manifests\wow64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7601.17514_en-us_a678a78b761d8649.manifest ------- 2388 bytes [10:37 22/07/2011] [18:27 19/11/2010] 1CECD60B9F87140B907C8A94695322E3
    C:\Windows\winsxs\Manifests\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4.manifest --a---- 2743 bytes [02:33 14/07/2009] [01:42 14/07/2009] F7C77BB466026FC29CFD83601477A600
    C:\Windows\winsxs\Manifests\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e.manifest ------- 2743 bytes [10:37 22/07/2011] [18:58 19/11/2010] 95DE794ABE239191A81508A617C359A1
    C:\Windows\winsxs\wow64_microsoft-windows-a..structure-manifests_31bf3856ad364e35_6.1.7600.16385_none_0415010c016428f0\user32.amx --a---- 367152 bytes [23:25 13/07/2009] [23:25 13/07/2009] EB5C28C6794A89EF22CB20FB92980C19
    C:\Windows\winsxs\wow64_microsoft-windows-a..structure-manifests_31bf3856ad364e35_6.1.7601.17514_none_064614d3fe52ac8a\user32.amx --a---- 367164 bytes [11:01 22/07/2011] [09:06 20/11/2010] DE03DD1A689B53FB2B4A5E480AC7AA4F
    C:\Windows\winsxs\wow64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a44793c3792f02af\user32.dll.mui --a---- 17920 bytes [05:35 14/07/2009] [02:03 14/07/2009] D448B52149F95F1250100F9BD0ED7152
    C:\Windows\winsxs\wow64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7601.17514_en-us_a678a78b761d8649\user32.dll.mui --a---- 17920 bytes [10:59 22/07/2011] [11:59 20/11/2010] 6B63EA7979F501C37FC55A26CA162ACD
    C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll --a---- 833024 bytes [23:24 13/07/2009] [01:11 14/07/2009] E8B0FFC209E504CB7E79FC24E6C085F0
    C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll --a---- 833024 bytes [11:01 22/07/2011] [12:08 20/11/2010] 5E0DB2D8B2750543CD2EBB9EA8E6CDD3

    -= EOF =-

  8. #8
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Just to keep you aware...I am talking with some colleagues about your system. I will return as soon as I can.

  9. #9
    Junior Member
    Join Date
    Aug 2011
    Posts
    24

    Default

    No problem, Jeff! Thanks for letting me know!

  10. #10
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi,
    [*]Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    ClearJavaCache::

    DDS::
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    [*]Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


    [*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".[*]Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.[*]ComboFix may request an update; please allow it.[*]ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.[*]When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.[/list]
    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
    ----------

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •