bit coin mining software

[Ashcrapper]

Hi all,

I recently had some bit coin miner installed by something dodgy, kept getting ieutil.exe has crashed errors popping up and my GPUs getting hammered. found a folder in C: called temporary with loads of crap in it so after reading a bit online deleted that, stopped iehighutil with msconfig, couldnt find anything in the registry relating to it though.

Thought I had sorted the issue but ever since web browsing it really slow, strangely enough in chrome more than IE/firefox. initally thought that it was my broadband connection but its perfect browsing on ipad/iphone.

Thats as far as my knowledge takes me sadly so was wondering if one of you more educated gentleman could help out

Thanks,

Ash

[daledoc1]

Hello and welcome, Ashcrapper:

Please follow the recommendations in this pinned topic: Available Assistance For Possibly Infected Computers.

A qualified malware helper will guide you through the scanning and cleanup process.

Thanks,

daledoc1

[Ashcrapper]

Hi mate, thanks very much. Done the instructions, info below:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Enterprise

Boot Device: \Device\HarddiskVolume1

Install Date: 26/01/2011 21:08:30

System Uptime: 16/03/2013 11:13:19 (2 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P6T DELUXE

Processor: Intel® Core i7 CPU 920 @ 2.67GHz | LGA1366 | 2668/133mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 112 GiB total, 27.49 GiB free.

D: is FIXED (NTFS) - 293 GiB total, 20.968 GiB free.

E: is FIXED (NTFS) - 488 GiB total, 14.841 GiB free.

F: is CDROM ()

G: is FIXED (NTFS) - 488 GiB total, 13.618 GiB free.

H: is FIXED (NTFS) - 293 GiB total, 10.888 GiB free.

I: is FIXED (NTFS) - 346 GiB total, 11.573 GiB free.

J: is FIXED (NTFS) - 488 GiB total, 21.2 GiB free.

K: is FIXED (NTFS) - 421 GiB total, 12.743 GiB free.

L: is FIXED (NTFS) - 443 GiB total, 19.403 GiB free.

M: is CDROM ()

N: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}

Description: High Definition Audio Controller

Device ID: PCI\VEN_1002&DEV_AA80&SUBSYS_AA801043&REV_00\4&2276C4A6&0&0138

Manufacturer: Microsoft

Name: High Definition Audio Controller

PNP Device ID: PCI\VEN_1002&DEV_AA80&SUBSYS_AA801043&REV_00\4&2276C4A6&0&0138

Service: HDAudBus

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

7-Zip 9.20 (x64 edition)

Adobe Acrobat XI Pro

Adobe AIR

Adobe Creative Cloud Connection

Adobe Dreamweaver CS6

Adobe Edge Animate

Adobe Edge Code Preview 3

Adobe Edge Reflow Preview

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Help Manager

Adobe Illustrator CS6

Adobe InDesign CS6

Adobe Photoshop CS6

Adobe Reader X (10.1.6)

Adobe Touch App Plugins

Adobe Widget Browser

Amazon MP3 Downloader 1.0.17

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Media Foundation Decoders

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ASUS Xonar DS Audio Driver

Bonjour

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CPUID CPU-Z 1.57.1

D3DX10

DAEMON Tools Lite

Dead Space™ 3

FileZilla Client 3.4.0

FLAC 1.2.1b (remove only)

Google Chrome

GoToMyPC

IETester v0.4.10 (remove only)

ImgBurn

ImTOO iPhone Transfer Platinum

iTunes

Java 7 Update 17

Java Auto Updater

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft_VC80_ATL_x86

Microsoft_VC80_ATL_x86_x64

Microsoft_VC80_CRT_x86

Microsoft_VC80_CRT_x86_x64

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFC_x86_x64

Microsoft_VC80_MFCLOC_x86

Microsoft_VC80_MFCLOC_x86_x64

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

Microsoft_VC90_MFCLOC_x86

Microsoft_VC90_MFCLOC_x86_x64

Miro Video Converter

MobileMe Control Panel

Monkey's Audio

Mozilla Firefox 16.0 (x86 en-GB)

Mozilla Maintenance Service

MSI Afterburner 2.1.0

MSVCRT

NewsLeecher v5.0 Beta 3

NVIDIA PhysX

OpenAL

Opera 11.51

PDF Settings CS6

QuickPar 0.9

RadeonPro 1.0 (Build 1.1.0.6)

Razer DeathAdder Black Edition Mouse

Safari

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

setup version 1.0

Skype™ 6.1

SopCast 3.5.0

Spybot - Search & Destroy

The Cave © SEGA version 1

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Uplay

Veetle TV 0.9.18

VLC media player 1.1.11

Winamp

Winamp Detector Plug-in

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Share Manager

Windows XP Mode

.

==== Event Viewer Messages From Past Week ========

.

13/03/2013 18:07:30, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.

11/03/2013 09:59:04, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -

Embedding

.

==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.17.2

Run by Ash at 13:38:53 on 2013-03-16

Microsoft Windows 7 Enterprise 6.1.7601.1.1252.44.1033.18.12279.9353 [GMT 0:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\atieclxx.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\SysWOW64\HsMgr.exe

C:\Windows\system\HsMgr64.exe

C:\Program Files\Adobe\Adobe Creative Cloud Connection (64 Bit)\Creative Cloud Connection.exe

C:\Program Files\ASUS Xonar DS Audio\Customapp\ASUSAUDIOCENTER.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Razer\DeathAdderBlackEdition\razerhid.exe

C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Razer\DeathAdderBlackEdition\razertra.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Razer\DeathAdderBlackEdition\razerofa.exe

C:\Program Files (x86)\Razer\DeathAdderBlackEdition\vdDaemon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\firefox.exe

C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uWindow Title = Internet Explorer, optimized for Bing and MSN

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll

TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll

uRun: [Google Update] "C:\Users\Ash\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [AdobeBridge] <no file>

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [DeathAdderBlackEdition] C:\Program Files (x86)\Razer\DeathAdderBlackEdition\razerhid.exe

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: Download with ImTOO iPhone Transfer Platinum - C:\Program Files (x86)\ImTOO\iPhone Transfer Platinum\upod_link.HTM

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{34A3199A-2B20-4FB4-A0D6-0498AA0D574A} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{4093B349-5DC0-4A1C-94D9-F8E29C0D700A} : DHCPNameServer = 88.82.13.60 88.82.13.60

TCP: Interfaces\{84270934-BABC-4798-A3F0-289DBBFC0A5B} : DHCPNameServer = 88.82.13.60 88.82.13.60

TCP: Interfaces\{E2AD7C71-5E99-4E11-A9D5-E6CAB4A17875} : DHCPNameServer = 192.168.0.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd

x64-Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke

x64-Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

.

INFO: x64-HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\wf5q0gj8.default\

FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll

FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll

FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins\npwachk.dll

FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll

FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll

FF - plugin: C:\Users\Ash\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2013-02-24 20:21; web2pdfextension@web2pdf.adobedotcom; C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn

.

============= SERVICES / DRIVERS ===============

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-1-26 254528]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-2-16 240640]

R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-5-6 21992]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-1-15 96768]

R3 cmudaxp;ASUS Xonar DS Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2011-1-26 1266688]

R3 DABlackFltr;DeathAdder Black Edition Mouse;C:\Windows\System32\drivers\DABlack.sys [2012-5-9 23040]

R3 VKbms;Virtual HID Minidriver;C:\Windows\System32\drivers\VKbms.sys [2012-5-9 13312]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]

S3 atillk64;atillk64;C:\hd6950flash\atillk64.sys [2011-5-4 14608]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-13 19456]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-13 57856]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-13 1255736]

S4 RadeonPro Support Service;RadeonPro Support Service;C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [2011-4-11 12800]

.

=============== File Associations ===============

.

FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"

ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"

.

=============== Created Last 30 ================

.

2013-03-14 03:40:30 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{74BBDC32-AA5D-4476-BC5F-DE21FFCFAB8F}\mpengine.dll

2013-03-12 20:17:52 -------- d-----w- C:\Users\Ash\AppData\Roaming\Malwarebytes

2013-03-12 20:17:41 -------- d-----w- C:\ProgramData\Malwarebytes

2013-03-12 20:17:40 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-12 20:17:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-03-12 20:13:08 -------- d-----w- C:\ProgramData\Origin

2013-03-12 18:41:19 -------- d-----w- C:\Program Files (x86)\AppName

2013-03-07 20:39:57 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2013-03-07 20:39:52 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-03-07 20:39:52 -------- d-----w- C:\Program Files\iTunes

2013-03-07 20:39:52 -------- d-----w- C:\Program Files\iPod

2013-03-07 20:39:52 -------- d-----w- C:\Program Files (x86)\iTunes

2013-03-07 20:39:39 -------- d-----w- C:\Program Files\Bonjour

2013-03-07 20:39:39 -------- d-----w- C:\Program Files (x86)\Bonjour

2013-03-07 20:28:33 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-03-07 20:28:33 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-03-07 20:26:56 46080 ----a-w- C:\Windows\System32\atmlib.dll

2013-03-07 20:26:56 367616 ----a-w- C:\Windows\System32\atmfd.dll

2013-03-07 20:26:56 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2013-03-07 20:26:55 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2013-03-07 20:22:49 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys

2013-03-07 20:22:49 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys

2013-03-07 20:22:49 68608 ----a-w- C:\Windows\System32\taskhost.exe

2013-03-07 20:22:49 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys

2013-03-07 20:22:49 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2013-03-07 20:22:49 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys

2013-03-07 20:22:49 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys

2013-03-07 20:06:44 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-02-22 18:15:45 -------- d-----w- C:\Program Files (x86)\AMD AVT

2013-02-22 18:15:44 -------- d-----w- C:\Program Files (x86)\AMD APP

2013-02-21 22:15:34 -------- d-----w- C:\ProgramData\ALM

2013-02-21 21:10:03 -------- d-----r- C:\Users\Ash\Creative Cloud Files

2013-02-21 21:09:38 -------- d-----w- C:\Users\Ash\AppData\Roaming\CloudSync

2013-02-16 06:36:08 78640 ----a-w- C:\Windows\System32\atimpc64.dll

2013-02-16 06:36:08 78640 ----a-w- C:\Windows\System32\amdpcom64.dll

2013-02-16 06:36:06 71912 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2013-02-16 06:36:06 71912 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2013-02-16 06:35:52 139904 ----a-w- C:\Windows\System32\atiuxp64.dll

2013-02-16 06:35:48 118792 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2013-02-16 06:35:44 113672 ----a-w- C:\Windows\System32\atiu9p64.dll

2013-02-16 06:35:40 92512 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2013-02-16 06:35:36 1150328 ----a-w- C:\Windows\System32\aticfx64.dll

2013-02-16 06:35:30 968560 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2013-02-16 06:35:10 7192856 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2013-02-16 06:34:56 4475192 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2013-02-16 06:34:42 6036160 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2013-02-16 06:34:30 5035000 ----a-w- C:\Windows\System32\atiumd6a.dll

2013-02-16 06:34:24 7040928 ----a-w- C:\Windows\System32\atiumd64.dll

2013-02-16 06:22:44 11612672 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2013-02-16 03:27:06 23581184 ----a-w- C:\Windows\System32\atio6axx.dll

2013-02-16 03:21:26 163840 ----a-w- C:\Windows\System32\atiapfxx.exe

2013-02-16 03:18:56 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2013-02-16 03:18:54 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2013-02-16 03:18:48 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2013-02-16 03:18:46 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2013-02-16 03:18:34 16082944 ----a-w- C:\Windows\System32\aticaldd64.dll

2013-02-16 03:15:46 77312 ----a-w- C:\Windows\System32\coinst_12.10.17.dll

2013-02-16 03:14:18 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2013-02-16 03:08:10 19755520 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2013-02-16 02:57:42 442368 ----a-w- C:\Windows\System32\atidemgy.dll

2013-02-16 02:57:32 561152 ----a-w- C:\Windows\System32\atieclxx.exe

2013-02-16 02:56:42 240640 ----a-w- C:\Windows\System32\atiesrxx.exe

2013-02-16 02:55:18 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2013-02-16 02:55:04 25600 ----a-w- C:\Windows\System32\atimuixx.dll

2013-02-16 02:55:00 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2013-02-16 02:54:54 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2013-02-16 02:30:12 630272 ----a-w- C:\Windows\System32\atiadlxx.dll

2013-02-16 02:30:02 425984 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2013-02-16 02:29:48 17920 ----a-w- C:\Windows\System32\atig6pxx.dll

2013-02-16 02:29:46 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2013-02-16 02:29:46 14848 ----a-w- C:\Windows\System32\atiglpxx.dll

2013-02-16 02:29:40 44032 ----a-w- C:\Windows\System32\atig6txx.dll

2013-02-16 02:29:34 34816 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2013-02-16 02:29:24 576000 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2013-02-16 02:26:42 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2013-02-15 22:35:16 222720 ----a-w- C:\Windows\System32\clinfo.exe

2013-02-15 22:34:58 76288 ----a-w- C:\Windows\System32\OpenVideo64.dll

2013-02-15 22:34:52 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2013-02-15 22:34:48 64000 ----a-w- C:\Windows\System32\OVDecode64.dll

2013-02-15 22:34:46 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2013-02-15 22:34:36 29149696 ----a-w- C:\Windows\System32\amdocl64.dll

2013-02-15 22:32:36 23810048 ----a-w- C:\Windows\SysWow64\amdocl.dll

2013-02-15 22:31:23 186432 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

2013-02-15 22:30:40 54784 ----a-w- C:\Windows\System32\OpenCL.dll

2013-02-15 22:30:36 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2013-02-15 22:24:16 5067264 ----a-w- C:\Windows\System32\amdsc64.dll

2013-02-15 22:24:12 4083200 ----a-w- C:\Windows\SysWow64\amdsc.dll

.

==================== Find3M ====================

.

2013-03-16 12:06:26 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-16 12:06:26 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-03-07 20:06:42 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2013-03-07 20:06:42 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-02-16 06:35:22 8209496 ----a-w- C:\Windows\System32\atidxx64.dll

2013-01-30 22:20:52 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2013-01-20 00:55:00 429056 ----a-w- C:\Windows\SysWow64\MACDll.dll

2013-01-17 01:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe

2013-01-15 10:11:26 96768 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys

2013-01-15 10:11:12 110080 ----a-w- C:\Windows\System32\DelayAPO.dll

2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll

2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll

2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll

2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll

2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll

2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll

2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll

2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll

2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll

2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll

2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll

2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll

2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll

2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll

2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll

2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll

2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll

2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll

2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll

2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll

2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll

2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll

2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll

2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll

2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll

2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll

2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-12-27 19:04:04 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

.

============= FINISH: 13:39:04.10 ===============

[daledoc1]

Hi:

Thanks for the logs.

However, we can't analyze them or work on malware removal in this particular section of the forum.

So, please start a NEW topic in the malware removal section >>HERE<<.

When you do, please explain the issue you're experiencing and include the same logs that you posted here.

Then, please wait for assistance -- the forum can be quite busy and many of the helpers are volunteers.

Someone will help you as soon as possible.

Thanks,

daledoc1

[Ashcrapper]

having a bit of a nightmare here arent I. sorry mate, will do. thanks

[daledoc1]

No problem.

Good luck!

daledoc1