[Closed] Random adverts start playing in the background, malware scan shows trojans

[Spax88]

So I've got some Malware, I downloaded a bad link. My antivirus (ESETNod32) flagged it up and said it was quarantined but then random adverts started playing in the background (and as much as I want rock hard abs in under three months, I don't want to hear about it). So Malware quick scan performed, 10 objects found, restart done, data log to follow.

So do I need to do anything else or has Malware done the job?

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7283

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

26/07/2011 19:08:56
mbam-log-2011-07-26 (19-08-56).txt

Scan type: Quick scan
Objects scanned: 181461
Time elapsed: 12 minute(s), 47 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
c:\Users\Joss\AppData\Local\Temp\Twg.exe (Trojan.FakeAlert.SA) -> 2540 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\8DDYX0ZBPZ (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XMZH42I4GI (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8DDYX0ZBPZ (Trojan.FakeAlert.SA) -> Value: 8DDYX0ZBPZ -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
c:\Users\NAME REMOVED\AppData\Local\Temp\Twg.exe (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.

 

[Bobbye]

Welcome to TechSpot! I'll help with the malware.

Trojan.FakeAlert is a trojan which installs via fake codecs or browser exploits. Once installed it delivers popup advertisements for useless products. These symptoms will be accompanied by the installation of a rogue application with no user prompts or action required.

We should be able to remove it.It's important that you don't act on any 'alerts' or messages you get.
=============================================
Please follow the additional steps in the Preliminary Virus and Malware Removal thread HERE.

You don't need to repeat Malwarebytes at this time.
.
NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
=======================================
My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• Follow the order of the tasks I give you. Order is crucial in cleaning process.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.
• Please let me know if there is any change in the system.

If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================

 

[Spax88]

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Joss at 21:05:36 on 2011-07-26
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3001.1360 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\alg.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Renoise 2.7.0\Renoise.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Joss\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joss\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joss\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joss\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joss\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joss\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joss\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joss\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joss\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joss\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joss\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Joss\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Joss\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joss\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joss\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Joss\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joss\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joss\Downloads\c2fixc5b.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyServer = http=;ftp=;https=;
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
uRun: [<NO NAME>] C:\Users\Joss\AppData\Local\Temp\Crack\RealHideIP.exe
uRun: [Google Update] "C:\Users\Joss\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOTUPE~1.LNK - C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{F5C8A099-E88E-48E9-BD36-F5951290968D} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{F5C8A099-E88E-48E9-BD36-F5951290968D} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{F5C8A099-E88E-48E9-BD36-F5951290968D}\24F6F6D624F6F6D6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F5C8A099-E88E-48E9-BD36-F5951290968D}\4616E6 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{F5C8A099-E88E-48E9-BD36-F5951290968D}\4616E6 : DhcpNameServer = 192.168.2.1 194.168.4.100 194.168.8.100
TCP: Interfaces\{F5C8A099-E88E-48E9-BD36-F5951290968D}\6796277696E6D65646961693039383437393 : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{F5C8A099-E88E-48E9-BD36-F5951290968D}\7657E69647 : DhcpNameServer = 192.168.1.1
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
============= SERVICES / DRIVERS ===============
.
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
R3 motubus;MOTU Audio MIDI Extension;C:\Windows\system32\drivers\MotuBus64.sys --> C:\Windows\system32\drivers\MotuBus64.sys [?]
R3 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2mdx64.sys --> C:\Windows\system32\DRIVERS\o2mdx64.sys [?]
R3 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sdx64.sys --> C:\Windows\system32\DRIVERS\o2sdx64.sys [?]
R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\system32\DRIVERS\seehcri.sys --> C:\Windows\system32\DRIVERS\seehcri.sys [?]
S3 MFWAMIDI64;MOTU Audio MIDI for 64 bit;C:\Windows\system32\drivers\MFWAMIDI64.sys --> C:\Windows\system32\drivers\MFWAMIDI64.sys [?]
S3 MFWAWAVE64;MOTU Audio Wave for 64 bit;C:\Windows\system32\drivers\MFWAWAVE64.sys --> C:\Windows\system32\drivers\MFWAWAVE64.sys [?]
S3 MotuFWA64;MotuFWA64;C:\Windows\system32\drivers\Motufwa64.sys --> C:\Windows\system32\drivers\Motufwa64.sys [?]
S3 OSFMount;OSFMount;C:\Program Files\OSFMount\OSFMount.sys [2011-7-25 539712]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);C:\Windows\system32\DRIVERS\s1018bus.sys --> C:\Windows\system32\DRIVERS\s1018bus.sys [?]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s1018mdfl.sys --> C:\Windows\system32\DRIVERS\s1018mdfl.sys [?]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s1018mdm.sys --> C:\Windows\system32\DRIVERS\s1018mdm.sys [?]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s1018mgmt.sys --> C:\Windows\system32\DRIVERS\s1018mgmt.sys [?]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);C:\Windows\system32\DRIVERS\s1018nd5.sys --> C:\Windows\system32\DRIVERS\s1018nd5.sys [?]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s1018obex.sys --> C:\Windows\system32\DRIVERS\s1018obex.sys [?]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);C:\Windows\system32\DRIVERS\s1018unic.sys --> C:\Windows\system32\DRIVERS\s1018unic.sys [?]
.
=============== File Associations ===============
.
cmdfile=NOTEPAD.EXE %1
JSEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-07-26 16:52:13 266752 ----a-w- C:\Windows\Tzigoa.exe
2011-07-26 16:48:15 -------- d-----w- C:\Program Files (x86)\energyXT
2011-07-26 15:11:51 765952 ----a-w- C:\Windows\SysWow64\msvcp71d.dll
2011-07-26 15:11:51 544768 ----a-w- C:\Windows\SysWow64\msvcr71d.dll
2011-07-26 15:11:48 -------- d-----w- C:\Program Files (x86)\BBE Sound
2011-07-25 22:22:55 233472 ----a-w- C:\Windows\SysWow64\REX Shared Library.dll
2011-07-25 15:22:36 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2011-07-25 02:38:25 -------- d-----w- C:\Program Files (x86)\Native Instruments
2011-07-25 02:21:30 -------- d-----w- C:\Program Files\OSFMount
2011-07-25 01:03:03 -------- d-----w- C:\Users\Joss\TruePianos Settings
2011-07-25 01:01:59 -------- d-----w- C:\Users\Joss\AppData\Roaming\Cakewalk
2011-07-25 01:01:28 -------- dc----w- C:\ProgramData\{D69A48BF-7653-4AA8-94BC-5847522A4573}
2011-07-24 23:32:21 487424 ----a-w- C:\Windows\SysWow64\msvcp70.dll
2011-07-24 23:32:21 1047552 ----a-w- C:\Windows\SysWow64\mfc71u.dll
2011-07-24 23:09:44 -------- d-----w- C:\ProgramData\Cakewalk
2011-07-23 17:28:08 -------- d-----w- C:\Windows\MOTU
2011-07-23 17:27:59 -------- d-----w- C:\Program Files (x86)\MOTU
2011-07-23 17:27:57 -------- d-----w- C:\Program Files\MOTU
2011-07-23 17:25:21 -------- d-----w- C:\Users\Joss\AppData\Local\Applications
2011-07-22 13:43:16 -------- d-----w- C:\Program Files (x86)\Renoise 2.7.0
2011-07-22 11:56:11 8578896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AD5C8475-6F07-4E5D-8C5C-0092BA804465}\mpengine.dll
2011-07-15 01:02:43 -------- d-----w- C:\Program Files\ESET
2011-07-13 14:55:50 -------- d-----w- C:\Windows\System32\SPReview
2011-07-13 14:48:53 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-07-13 14:42:10 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2011-07-13 14:42:10 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-07-13 14:40:59 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-07-13 14:39:59 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2011-07-13 14:38:59 293376 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2011-07-13 14:37:59 287744 ----a-w- C:\Program Files\Internet Explorer\jsprofilerui.dll
2011-07-13 14:36:59 89600 ----a-w- C:\Windows\SysWow64\wbem\WmiApRpl.dll
2011-07-13 14:35:59 402944 ----a-w- C:\Windows\SysWow64\drmmgrtn.dll
2011-07-13 14:34:59 33280 ----a-w- C:\Windows\System32\drivers\kbdhid.sys
2011-07-13 14:33:57 209920 ----a-w- C:\Windows\SysWow64\PkgMgr.exe
2011-07-13 14:33:57 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll
2011-07-13 14:33:23 323072 ----a-w- C:\Windows\SysWow64\drvstore.dll
2011-07-13 14:33:22 257024 ----a-w- C:\Windows\SysWow64\dpx.dll
2011-07-13 14:33:13 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2011-07-13 14:33:13 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2011-07-13 14:25:41 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-07-13 14:25:41 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-07-13 14:25:41 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-07-13 14:25:15 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-07-13 14:25:01 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-07-13 14:23:22 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-07-13 14:23:19 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-07-11 00:49:34 691551 ----a-w- C:\Program Files (x86)\Uninstall Information\{ABAF1232-6213-4062-9D52-04E04A730CEA}\unins000.exe
2011-07-11 00:21:59 -------- d-----w- C:\Users\Joss\AppData\Local\ESET
2011-07-04 06:59:06 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-07-04 06:59:06 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-07-04 06:59:05 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-07-04 06:59:05 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-07-04 06:59:05 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-07-04 06:59:01 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-07-04 06:59:01 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-07-04 06:57:40 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-07-04 06:57:40 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-07-03 08:58:59 778752 ----a-w- C:\Windows\System32\mssvp.dll
2011-07-03 08:57:58 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-07-03 08:49:15 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-06-27 11:31:37 -------- d-----w- C:\Users\Joss\AppData\Local\SCE
.
==================== Find3M ====================
.
2011-07-13 15:51:59 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-07-13 15:51:57 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-07-06 18:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 18:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-27 11:55:43 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
2011-06-10 18:20:28 2892 ----a-w- C:\Windows\SysWow64\audcon.sys
2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-28 03:30:09 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 02:53:58 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-24 18:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-04 03:52:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
.
============= FINISH: 21:06:57.67 ===============

 

[Spax88]

The Gmer scan came up with nothing. Is this right or has something gone wrong?

 

[Bobbye]

GMER can leave a short log. Did the scan seem to run okay?

Please paste the Attach.txt log in the next reply. You missed this:

• When done, DDS will open two (2) logs:
  [o]DDS.txt
  [o]Attach.txt
• Close the program window.
• Enable your Antivirus protection and reconnect to the internet.

** Include the contents of both logs in your new topic. The scan will instruct you to post Attach.txt as an attachment. No need for that though, just paste it as you would any other log.

===================================================
You have quite a few entries that need to be removed and others that need to be identified.
If you have any more programs or app that have been pirated, please remove them> example:

uRun: [<NO NAME>] C:\Users\Joss\AppData\Local\Temp\Crack\RealHideIP.exe

Piracy and file sharing are straight roads to malware.
=======
Download CKScanner and save to your desktop.

• Doubleclick CKScanner.exe and click Search For Files.
• When the cursor hourglass disappears, click Save List To File.
• A message box will verify that the file is saved.
• Double-click the CKFiles.txt icon on your desktop and copy/paste the contents
  in your next reply.

==================================================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.

Please leave all 3 logs pasted into your next reply.

 

[Spax88]

The Gmer scan ran fine and then a pop up came up saying it had detected no changes. Do you want me to run it again?

The attach.txt log was attached to my first post.

DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 07/05/2010 16:23:48
System Uptime: 26/07/2011 19:10:21 (2 hours ago)
.
Motherboard: Acer | | Homa
Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz | U2E1 | 996/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 143 GiB total, 19.323 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP225: 25/07/2011 17:03:22 - Scheduled Checkpoint
.
==== Installed Programs ======================
.
7-Zip 4.65
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Apple Software Update
ASIO4ALL
Atheros Driver Installation Program
Avanquest update
Bass Station 1.50
BBE Sonic Sweet Bundle VST RTAS v1.0
DivX Setup
Drumazon
eLicenser Control
energyXT 2.5.3
energyXT 2.5.4
Foxit Reader
GEAR driver installer for x86 and x64
Google Chrome
Google Update Helper
Hot Corners 2
Intel(R) C++ Redistributables for Windows* on IA-64
Java Auto Updater
Java(TM) 6 Update 26
Live 8.2.2
MagicDisc 2.7.106
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Native Instruments Guitar Rig 3
Nepheton
Ohm Force - Ohmicide VST
OhmForce Predatohm VST2
OpenOffice.org 3.2
QuickTime
Realtek High Definition Audio Driver
reFX Vanguard 1.7.2
Sonic Charge Bitspeek VST
Sonic Charge Bitspeek VST v1.0
Sony Ericsson PC Suite 6.009.00
Synapse Junglist VSTi v3.2
Tunatic
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.1.9
Vuze
.
==== Event Viewer Messages From Past Week ========
.
26/07/2011 19:10:46, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126
26/07/2011 16:43:34, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
25/07/2011 22:40:51, Error: bowser [8003] - The master browser has received a server announcement from the computer STUFF-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F5C8A099-E88E-48E9-BD36-F5951290968D}. The master browser is stopping or an election is being forced.
25/07/2011 14:14:30, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
25/07/2011 03:31:16, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
24/07/2011 14:18:18, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.6. The computer with the IP address 192.168.0.9 did not allow the name to be claimed by this computer.
23/07/2011 18:24:38, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
23/07/2011 12:16:37, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{F5C8A099-E88E-48E9-BD36-F5951290968D} because another computer on the network has the same name. The server could not start.
23/07/2011 12:16:37, Error: NetBT [4321] - The name "BILLYBOLLOCKS :20" could not be registered on the interface with IP address 169.254.255.107. The computer with the IP address 192.168.0.6 did not allow the name to be claimed by this computer.
23/07/2011 12:16:37, Error: NetBT [4321] - The name "BILLYBOLLOCKS :0" could not be registered on the interface with IP address 169.254.255.107. The computer with the IP address 192.168.0.6 did not allow the name to be claimed by this computer.
23/07/2011 12:16:26, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================

The pirated file you highlighted I only used for a day before getting rid of it, that folder was just left over after uninstalling, I've removed it now.

CKScanner results:
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\image-line\sawer\presets\ambient\mc cracked.sawer
c:\users\joss\documents\ableton\presets\audio effects\vinyl distortion\crack.adv
c:\users\joss\documents\ableton\presets\instruments\instrument rack\guitars and plucked\synthetic\lead-cracker.adg
c:\users\joss\music\metal and rock\post metal\mastodon\crack the skye\01 oblivion.m4a
c:\users\joss\music\metal and rock\post metal\mastodon\crack the skye\02 divinations.m4a
c:\users\joss\music\metal and rock\post metal\mastodon\crack the skye\03 quintessence.m4a
c:\users\joss\music\metal and rock\post metal\mastodon\crack the skye\04 the czar_ i. usurper ii. escape i.m4a
c:\users\joss\music\metal and rock\post metal\mastodon\crack the skye\05 ghost of karelia.m4a
c:\users\joss\music\metal and rock\post metal\mastodon\crack the skye\06 crack the skye.m4a
c:\users\joss\music\metal and rock\post metal\mastodon\crack the skye\07 the last baron.m4a
c:\users\joss\music\metal and rock\sonic youth\nyc ghosts & flowers\04 small flowers crack concrete.m4a
c:\users\joss\renoise ting\samples\wrong music sample pack vol. 1 - ebola\other noises\crackly.wav.asd
scanner sequence 3.GE.11.LECANO
----- EOF -----

Combo Fix log:
ComboFix 11-07-29.03 - Joss 30/07/2011 16:00:02.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3001.1362 [GMT 1:00]
Running from: c:\users\Joss\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\hpe6AF2.dll
c:\users\Joss\AppData\Local\Microsoft\Windows\Temporary Internet Files\Programs7067.Settings_Collection.bin
c:\windows\SysWow64\msvfd32.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-30 )))))))))))))))))))))))))))))))
.
.
2011-07-30 15:06 . 2011-07-30 15:06 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-07-30 15:06 . 2011-07-30 15:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-27 11:58 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B23ED091-F40A-4745-8642-8E08A4B48088}\mpengine.dll
2011-07-26 22:59 . 2011-07-26 22:59 -------- d-----w- c:\users\Joss\AppData\Local\Chromium
2011-07-26 22:59 . 2011-07-26 22:59 -------- d-----w- c:\program files (x86)\SRWare Iron
2011-07-26 16:48 . 2011-07-26 17:04 -------- d-----w- c:\program files (x86)\energyXT
2011-07-26 15:11 . 2003-03-18 18:04 765952 ----a-w- c:\windows\SysWow64\msvcp71d.dll
2011-07-26 15:11 . 2003-03-18 18:03 544768 ----a-w- c:\windows\SysWow64\msvcr71d.dll
2011-07-26 15:11 . 2011-07-26 15:11 -------- d-----w- c:\program files (x86)\BBE Sound
2011-07-25 22:22 . 2011-03-29 13:38 233472 ----a-w- c:\windows\SysWow64\REX Shared Library.dll
2011-07-25 15:22 . 2011-07-25 15:24 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2011-07-25 02:38 . 2011-07-25 02:38 -------- d-----w- c:\program files (x86)\Native Instruments
2011-07-25 02:21 . 2011-07-25 02:21 -------- d-----w- c:\program files\OSFMount
2011-07-25 01:03 . 2011-07-25 01:03 -------- d-----w- c:\users\Joss\TruePianos Settings
2011-07-25 01:01 . 2011-07-25 02:40 -------- d-----w- c:\users\Joss\AppData\Roaming\Cakewalk
2011-07-25 01:01 . 2011-07-25 01:01 -------- dc----w- c:\programdata\{D69A48BF-7653-4AA8-94BC-5847522A4573}
2011-07-24 23:32 . 2006-02-24 08:00 487424 ----a-w- c:\windows\SysWow64\msvcp70.dll
2011-07-24 23:32 . 2006-02-24 08:00 1047552 ----a-w- c:\windows\SysWow64\mfc71u.dll
2011-07-24 23:09 . 2011-07-25 02:42 -------- d-----w- c:\programdata\Cakewalk
2011-07-23 17:28 . 2011-07-23 17:28 -------- d-----w- c:\windows\MOTU
2011-07-23 17:27 . 2011-07-23 17:28 -------- d-----w- c:\program files (x86)\MOTU
2011-07-23 17:27 . 2011-07-23 17:28 -------- d-----w- c:\program files\MOTU
2011-07-23 17:25 . 2011-07-23 17:25 -------- d-----w- c:\users\Joss\AppData\Local\Applications
2011-07-22 13:43 . 2011-07-26 18:47 -------- d-----w- c:\program files (x86)\Renoise 2.7.0
2011-07-15 01:02 . 2011-07-15 01:02 -------- d-----w- c:\program files\ESET
2011-07-13 14:55 . 2011-07-13 14:55 -------- d-----w- c:\windows\system32\SPReview
2011-07-13 14:48 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-07-13 14:42 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2011-07-13 14:42 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-07-13 14:40 . 2010-11-05 01:53 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-07-13 14:39 . 2010-11-20 13:34 215936 ----a-w- c:\windows\system32\drivers\vhdmp.sys
2011-07-13 14:38 . 2010-11-20 13:33 289664 ----a-w- c:\windows\system32\drivers\fltMgr.sys
2011-07-13 14:37 . 2010-11-20 13:33 152960 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-07-13 14:36 . 2010-11-20 13:27 446976 ----a-w- c:\windows\system32\sqlcese30.dll
2011-07-13 14:35 . 2010-11-20 13:27 337920 ----a-w- c:\windows\system32\raschap.dll
2011-07-13 14:34 . 2010-11-20 13:27 10752 ----a-w- c:\windows\system32\riched32.dll
2011-07-13 14:33 . 2010-11-20 12:17 209920 ----a-w- c:\windows\SysWow64\PkgMgr.exe
2011-07-13 14:33 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll
2011-07-13 14:33 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll
2011-07-13 14:33 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-07-13 14:25 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-07-13 14:25 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-07-13 14:25 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-07-13 14:25 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-07-13 14:25 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-07-13 14:23 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-07-13 14:23 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-07-11 11:57 . 2011-07-11 11:57 -------- d-----w- c:\users\Joss\AppData\Roaming\Media Player Classic
2011-07-11 00:49 . 2011-07-11 10:14 691551 ----a-w- c:\program files (x86)\Uninstall Information\{ABAF1232-6213-4062-9D52-04E04A730CEA}\unins000.exe
2011-07-11 00:21 . 2011-07-11 00:21 -------- d-----w- c:\users\Joss\AppData\Local\ESET
2011-07-04 06:59 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-07-04 06:59 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-07-04 06:59 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-07-04 06:59 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-07-04 06:59 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-07-04 06:59 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-07-04 06:59 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-07-04 06:57 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-07-04 06:57 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-07-03 08:58 . 2011-05-04 05:22 778752 ----a-w- c:\windows\system32\mssvp.dll
2011-07-03 08:57 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-07-03 08:49 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-07-03 08:23 . 2011-07-03 08:23 -------- d-----w- c:\program files (x86)\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-13 15:51 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-07-13 15:51 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-07-06 18:52 . 2011-04-10 16:51 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 18:52 . 2011-04-10 16:51 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-27 11:55 . 2011-06-12 20:12 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-25 16:22 . 2010-05-09 13:14 2588952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-06-25 16:22 . 2010-08-09 11:34 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-06-16 14:30 . 2010-05-16 13:13 2588952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-06-16 14:20 . 2010-06-13 16:58 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-06-15 03:59 . 2010-05-09 13:14 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-06-10 18:20 . 2011-06-10 18:20 2892 ----a-w- c:\windows\SysWow64\audcon.sys
2011-06-09 16:50 . 2010-05-16 13:13 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-06-03 05:57 . 2011-07-13 14:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-06-03 05:56 . 2011-07-13 14:48 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-06-03 03:53 . 2011-07-13 14:48 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-05-24 18:14 . 2010-05-08 12:32 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 03:52 . 2010-08-10 19:43 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MOTU Pedal Service.lnk - c:\program files (x86)\MOTU\Audio\MFWAKeys.exe [2011-3-14 188784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 136176]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 136176]
R3 MFWAMIDI64;MOTU Audio MIDI for 64 bit;c:\windows\system32\drivers\MFWAMIDI64.sys [x]
R3 MFWAWAVE64;MOTU Audio Wave for 64 bit;c:\windows\system32\drivers\MFWAWAVE64.sys [x]
R3 MotuFWA64;MotuFWA64;c:\windows\system32\drivers\Motufwa64.sys [x]
R3 OSFMount;OSFMount;c:\program files\OSFMount\OSFMount.sys [2011-06-27 539712]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\MotuBus64.sys [x]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [x]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 22:27]
.
2011-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 22:27]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1220392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 2306448]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-23 11725928]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2918656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyServer = http=;ftp=;https=;
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{F5C8A099-E88E-48E9-BD36-F5951290968D}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{F5C8A099-E88E-48E9-BD36-F5951290968D}\4616E6: NameServer = 208.67.222.222,208.67.220.220
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
Wow6432Node-HKLM-Run-WinampAgent - c:\program files (x86)\Winamp\winampa.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
AddRemove-Sonic Charge Bitspeek VST - c:\program files (x86)\VstPlugins\SonicCharge\Uninstall Sonic Charge Bitspeek.exe
AddRemove-{0B8565BA-BAD5-4732-B122-5FD78EFC50A9} - c:\programdata\{A397AF63-B3A1-40DF-AA85-5C5368304B60}\Service Center Setup.exe
AddRemove-{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9} - c:\programdata\{C2686527-0D57-4F0B-ADAB-EE203CA30FC6}\Massive Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
.
**************************************************************************
.
Completion time: 2011-07-30 16:16:20 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-30 15:16
.
Pre-Run: 22,177,566,720 bytes free
Post-Run: 34,512,289,792 bytes free
.
- - End Of File - - 74104FC6B2E5DE674CCC983C49564CF9


Edit: Please don't put the logs in a quote box. It looks nice, but it takes up a lot of real estate.
Deleted duplicate Combofix log
ComboFix 11-07-29.03 - Joss 30/07/2011 16:00:02.1.2 - x64
ComboFix 11-07-29.03 - Joss 30/07/2011 16:00:02.1.2 - x64

 

[Bobbye]

Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

File::
Folder::
c:\users\Guest\AppData\Local\temp
c:\users\Default\AppData\Local\temp
DDS::
uInternet Settings,ProxyServer = http=;ftp=;https=;
uURLSearchHooks: H - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
uRun: [<NO NAME>] C:\Users\Joss\AppData\Local\Temp\Crack\RealHideIP.exe
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
FileLook::
C:\Windows\Tzigoa.exe
C:\Program Files (x86)\Uninstall Information\{ABAF1232-6213-4062-9D52-04E04A730CEA}\unins000.exe
C:\Windows\SysWow64\setup16.exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"QuickTime Task"=-
"SunJavaUpdateSched"=-
"DivXUpdate"=-
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ru n-]
"QuickTime Task"=-
"SunJavaUpdateSched"=-
RegLock::
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00, 79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00, \

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESETOnlineScan
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  [o] Double click on the
  
  on your desktop.
• Check 'Yes I accept terms of use.'
• Click Start button
• Accept any security warnings from your browser.
  
  
• Uncheck 'Remove found threats'
• Check 'Scan archives/
• Leave remaining settings as is.
• Press the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
• When the scan completes, press List of found threats
• Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
• Push the Back button
• Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
===========================================
Recommend that you remove all of these ou od the Trusted Zone:
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
Nothing needs to be in the Trusted Zone. The security is lower in that zone and these sites are a vulnerability.

 

[Spax88]

Are you referring to the trusted zone in IE because I don't use IE at all, I use Iron Browser. Or does Iron have a trusted zone as well?

ComboFix scan log:
ComboFix 11-08-01.05 - Joss 01/08/2011 21:54:01.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3001.2025 [GMT 1:00]
Running from: c:\users\Joss\Desktop\ComboFix.exe
Command switches used :: c:\users\Joss\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Default\AppData\Local\temp
c:\users\Guest\AppData\Local\temp
.
.
((((((((((((((((((((((((( Files Created from 2011-07-01 to 2011-08-01 )))))))))))))))))))))))))))))))
.
.
2011-08-01 15:24 . 2011-08-01 15:24 -------- dc-h--w- c:\programdata\{13A9B825-42CB-4973-913D-2194B5A4CF94}
2011-08-01 15:23 . 2011-08-01 15:23 -------- d-----w- c:\program files\Common Files\Native Instruments
2011-08-01 13:09 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{59D780DC-97EB-4223-9682-E3A5DD426E95}\mpengine.dll
2011-07-26 22:59 . 2011-07-26 22:59 -------- d-----w- c:\users\Joss\AppData\Local\Chromium
2011-07-26 22:59 . 2011-07-26 22:59 -------- d-----w- c:\program files (x86)\SRWare Iron
2011-07-26 16:48 . 2011-07-26 17:04 -------- d-----w- c:\program files (x86)\energyXT
2011-07-26 15:11 . 2003-03-18 18:04 765952 ----a-w- c:\windows\SysWow64\msvcp71d.dll
2011-07-26 15:11 . 2003-03-18 18:03 544768 ----a-w- c:\windows\SysWow64\msvcr71d.dll
2011-07-26 15:11 . 2011-07-26 15:11 -------- d-----w- c:\program files (x86)\BBE Sound
2011-07-25 22:22 . 2011-03-29 13:38 233472 ----a-w- c:\windows\SysWow64\REX Shared Library.dll
2011-07-25 15:22 . 2011-07-25 15:24 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2011-07-25 02:38 . 2011-07-25 02:38 -------- d-----w- c:\program files (x86)\Native Instruments
2011-07-25 02:21 . 2011-07-25 02:21 -------- d-----w- c:\program files\OSFMount
2011-07-25 01:03 . 2011-07-25 01:03 -------- d-----w- c:\users\Joss\TruePianos Settings
2011-07-25 01:01 . 2011-07-25 02:40 -------- d-----w- c:\users\Joss\AppData\Roaming\Cakewalk
2011-07-25 01:01 . 2011-07-25 01:01 -------- dc----w- c:\programdata\{D69A48BF-7653-4AA8-94BC-5847522A4573}
2011-07-24 23:32 . 2006-02-24 08:00 487424 ----a-w- c:\windows\SysWow64\msvcp70.dll
2011-07-24 23:32 . 2006-02-24 08:00 1047552 ----a-w- c:\windows\SysWow64\mfc71u.dll
2011-07-24 23:09 . 2011-07-25 02:42 -------- d-----w- c:\programdata\Cakewalk
2011-07-23 17:28 . 2011-07-23 17:28 -------- d-----w- c:\windows\MOTU
2011-07-23 17:27 . 2011-07-23 17:28 -------- d-----w- c:\program files (x86)\MOTU
2011-07-23 17:27 . 2011-07-23 17:28 -------- d-----w- c:\program files\MOTU
2011-07-23 17:25 . 2011-07-23 17:25 -------- d-----w- c:\users\Joss\AppData\Local\Applications
2011-07-22 13:43 . 2011-07-26 18:47 -------- d-----w- c:\program files (x86)\Renoise 2.7.0
2011-07-15 01:02 . 2011-07-15 01:02 -------- d-----w- c:\program files\ESET
2011-07-13 14:55 . 2011-07-13 14:55 -------- d-----w- c:\windows\system32\SPReview
2011-07-13 14:48 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-07-13 14:42 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2011-07-13 14:42 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-07-13 14:40 . 2010-11-05 01:53 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-07-13 14:39 . 2010-11-20 12:21 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2011-07-13 14:38 . 2010-11-20 13:33 289664 ----a-w- c:\windows\system32\drivers\fltMgr.sys
2011-07-13 14:37 . 2010-11-20 13:33 152960 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-07-13 14:36 . 2010-11-20 13:27 446976 ----a-w- c:\windows\system32\sqlcese30.dll
2011-07-13 14:35 . 2010-11-20 13:27 337920 ----a-w- c:\windows\system32\raschap.dll
2011-07-13 14:34 . 2010-11-20 13:27 10752 ----a-w- c:\windows\system32\riched32.dll
2011-07-13 14:33 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2011-07-13 14:33 . 2010-11-20 12:17 209920 ----a-w- c:\windows\SysWow64\PkgMgr.exe
2011-07-13 14:33 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll
2011-07-13 14:33 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll
2011-07-13 14:33 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2011-07-13 14:33 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-07-13 14:25 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-07-13 14:25 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-07-13 14:25 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-07-13 14:25 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-07-13 14:25 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-07-13 14:23 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-07-13 14:23 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-07-11 11:57 . 2011-07-11 11:57 -------- d-----w- c:\users\Joss\AppData\Roaming\Media Player Classic
2011-07-11 00:49 . 2011-07-11 10:14 691551 ----a-w- c:\program files (x86)\Uninstall Information\{ABAF1232-6213-4062-9D52-04E04A730CEA}\unins000.exe
2011-07-11 00:21 . 2011-07-11 00:21 -------- d-----w- c:\users\Joss\AppData\Local\ESET
2011-07-04 06:59 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-07-04 06:59 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-07-04 06:59 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-07-04 06:59 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-07-04 06:59 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-07-04 06:59 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-07-04 06:59 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-07-04 06:57 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-07-04 06:57 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-07-03 08:58 . 2011-05-04 05:22 778752 ----a-w- c:\windows\system32\mssvp.dll
2011-07-03 08:57 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-07-03 08:49 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-07-03 08:23 . 2011-07-03 08:23 -------- d-----w- c:\program files (x86)\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-13 15:51 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-07-13 15:51 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-07-06 18:52 . 2011-04-10 16:51 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 18:52 . 2011-04-10 16:51 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-27 11:55 . 2011-06-12 20:12 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-25 16:22 . 2010-05-09 13:14 2588952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-06-25 16:22 . 2010-08-09 11:34 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-06-16 14:30 . 2010-05-16 13:13 2588952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-06-16 14:20 . 2010-06-13 16:58 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-06-15 03:59 . 2010-05-09 13:14 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-06-10 18:20 . 2011-06-10 18:20 2892 ----a-w- c:\windows\SysWow64\audcon.sys
2011-06-09 16:50 . 2010-05-16 13:13 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-06-03 05:57 . 2011-07-13 14:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-24 18:14 . 2010-05-08 12:32 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 03:52 . 2010-08-10 19:43 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\program files (x86)\Uninstall Information\{ABAF1232-6213-4062-9D52-04E04A730CEA}\unins000.exe ---
Company:
File Description: Setup/Uninstall
File Version: 51.49.0.0
Product Name:
Copyright:
Original Filename:
File size: 691551
Created time: 2011-07-11 00:49
Modified time: 2011-07-11 10:14
MD5: FE767632C09A933DA2230B1E83EBB48E
SHA1: 05F8CE4E2AFA9040B9A8356B4E39C0BB8D8D0AED
.
.
--- c:\windows\SysWow64\setup16.exe ---
Company: Microsoft Corporation
File Description: MS-Setup Setup Exe
File Version: 3.01 (win7_rtm.090713-1255)
Product Name: Microsoft® Windows® Operating System
Copyright: Copyright © Microsoft Corp. 1991-1997
Original Filename: SETUP.EXE.MUI
File size: 25600
Created time: 2011-07-13 14:48
Modified time: 2011-06-03 05:57
MD5: 026C31765BB3B867818F9C95450226C7
SHA1: 2FF8D20C964F6A3834A38901126D46940B4BE6D1
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-30_15.09.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2011-08-01 21:24 40774 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-05-07 15:26 . 2011-08-01 21:24 18928 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-223097677-2296790081-3549509352-1000_UserData.bin
- 2010-05-07 14:20 . 2011-07-27 13:31 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-07 14:20 . 2011-08-01 18:10 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-07 14:20 . 2011-07-27 13:31 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-07 14:20 . 2011-08-01 18:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-27 13:31 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-01 18:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-08 12:21 . 2011-08-01 21:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-08 12:21 . 2011-07-30 15:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-07-31 06:26 90520 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-05-08 12:21 . 2011-08-01 21:05 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-08 12:21 . 2011-07-30 15:10 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-08 12:21 . 2011-07-30 15:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-08 12:21 . 2011-08-01 21:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-07 15:27 . 2011-07-30 15:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-07 15:27 . 2011-08-01 21:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-07 15:27 . 2011-08-01 21:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-07 15:27 . 2011-07-30 15:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-01 13:36 . 2011-08-01 13:36 25088 c:\windows\Installer\1c7979.msi
+ 2011-08-01 21:03 . 2011-08-01 21:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-07-30 15:08 . 2011-07-30 15:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-07-30 15:08 . 2011-07-30 15:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-01 21:03 . 2011-08-01 21:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-05-07 23:45 . 2011-08-01 15:11 182762 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 05:12 . 2011-08-01 18:10 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2011-07-17 10:32 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2011-07-30 15:07 283324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-08-01 21:01 283324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-08-01 15:23 . 2011-08-01 15:23 528384 c:\windows\Installer\7e14bb.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MOTU Pedal Service.lnk - c:\program files (x86)\MOTU\Audio\MFWAKeys.exe [2011-3-14 188784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 136176]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 136176]
R3 MFWAMIDI64;MOTU Audio MIDI for 64 bit;c:\windows\system32\drivers\MFWAMIDI64.sys [x]
R3 MFWAWAVE64;MOTU Audio Wave for 64 bit;c:\windows\system32\drivers\MFWAWAVE64.sys [x]
R3 MotuFWA64;MotuFWA64;c:\windows\system32\drivers\Motufwa64.sys [x]
R3 OSFMount;OSFMount;c:\program files\OSFMount\OSFMount.sys [2011-06-27 539712]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\MotuBus64.sys [x]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [x]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 22:27]
.
2011-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 22:27]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1220392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 2306448]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-23 11725928]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2918656]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{F5C8A099-E88E-48E9-BD36-F5951290968D}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{F5C8A099-E88E-48E9-BD36-F5951290968D}\4616E6: NameServer = 208.67.222.222,208.67.220.220
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
.
**************************************************************************
.
Completion time: 2011-08-01 22:28:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-01 21:28
ComboFix2.txt 2011-07-30 15:16
.
Pre-Run: 34,536,787,968 bytes free
Post-Run: 34,482,634,752 bytes free
.
- - End Of File - - 43A449F6CD116A45C7EBAFDF54A27E70



C:\Users\Joss\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\43d86215-408da194 multiple threats
C:\Users\Joss\Documents\Vuze Downloads\Windows 7 Loader eXtreme Edition v3.503-NAPALUM~DiBYA\w7lxe.exe a variant of Win32/HackKMS.A application
C:\Users\Joss\Renoise Ting\Novation\n.exe a variant of Win32/Keygen.AD application

Edit: Quote attributes remove again. Please do not put logs in Quotes

 

[Bobbye]

The operating system has been pirated:
Windows 7 Loader Extreme Edition – is a tool that can be used to to activate any version of Windows 7/ Vista/ Server 2008 R2/ 2008.

C:\Users\Joss\Documents\Vuze Downloads\Windows 7 Loader eXtreme Edition v3.503-NAPALUM~DiBYA\w7lxe.exe a variant of Win32/HackKMS.A application

As has Novation:
C:\Users\Joss\Renoise Ting\Novation\n.exe a variant of Win32/Keygen.AD application

So I've got some Malware, I downloaded a bad link

And you're going to keep getting malware.

Support is withdrawn.