Jump to content

Malwarebytes

Is it gone?

- - - - -
Started by L00N3R, Sep 30 2011 12:15 PM

14 replies to this topic

#1
L00N3R
Posted 30 September 2011 - 12:15 PM

    Elite Member

  • Malware Hunters
  • PipPipPipPipPip
  • 898 posts
  • Gender:Not Telling
I got myself infected with some malware by accident (friend of mine ran it). The malware file was from here: 
hxxp://hotelcrystalpark.com/firefox_1/download_firefox_6.0.1.php

I scanned with MBAM and it detected Trojan.Fakealert then scanned with MSE and it found the following:

Spoiler

Removed everything that was detected of course. I have no symptoms now, I just wanted to make sure I'm not infected anymore.

Feel free to take your time with this topic, and thanks a lot for your time.
"Trusting every aspect of our lives to a giant computer was the smartest thing we ever did!"
- Homer on cloud computing

#2
screen317
Posted 04 October 2011 - 04:37 PM

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,465 posts
  • Gender:Male
  • Location:New Haven, CT
Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3
L00N3R
Posted 05 October 2011 - 12:55 PM

    Elite Member

  • Malware Hunters
  • PipPipPipPipPip
  • 898 posts
  • Gender:Not Telling
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Databaseversjon: 7879

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

05.10.2011 19:47:01
mbam-log-2011-10-05 (19-47-01).txt

Skanntype: Hurtigsøk
Objekter skannet: 176789
Tid tilbakelagt: 2 minutt(er), 42 sekund(er)

Minneprosesser infisert: 0
Minnemoduler infisert: 0
Registernøkler infisert: 0
Registerverdier infisert: 0
Registerfiler infisert: 0
Mapper infisert: 0
Filer infisert 0

Minneprosesser infisert:
(Ingen skadelige objekter funnet)

Minnemoduler infisert:
(Ingen skadelige objekter funnet)

Registernøkler infisert:
(Ingen skadelige objekter funnet)

Registerverdier infisert:
(Ingen skadelige objekter funnet)

Registerfiler infisert:
(Ingen skadelige objekter funnet)

Mapper infisert:
(Ingen skadelige objekter funnet)

Filer infisert
(Ingen skadelige objekter funnet)


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by USERNAME at 19:48:48 on 2011-10-05
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.47.1044.18.1982.829 [GMT 2:00]
.
AV: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Users\USERNAME\Local Settings\Apps\F.lux\flux.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\scrnsave.scr
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Windows Internet Explorer provided by Akershus Fylkeskommune
uStart Page = hxxp://portalen.akershus-fk.no
uDefault_Page_URL = hxxp://portalen.akershus-fk.no
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
BHO: Påloggingshjelp for Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\USERNAME\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [F.lux] "C:\Users\USERNAME\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
mRun: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DefaultLogonDomain = Akershus-FK
IE: E&ksporter til Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd til OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll
DPF: DirectEdit - hxxps://support.itslearning.com/browsertest/components/DirectEdit.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73}\14B6562737865737D264B40275966496 : DhcpNameServer = 148.83.249.50 148.83.249.51
TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73}\14B6562737865737D264B402759664960274A6563747 : DhcpNameServer = 148.83.249.50 148.83.249.51
TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73}\D4E294E255E2C4 : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{2B9F5787-88A5-4945-90E7-C4B18563BC5E}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
mRun-x64: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\USERNAME\AppData\Roaming\Mozilla\Firefox\Profiles\psm2bo5w.default\
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Users\USERNAME\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 hpHotkeyMonitor;hpHotkeyMonitor;C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2011-5-13 317496]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-3-25 539248]
R3 KeyScrambler;KeyScrambler;C:\Windows\system32\drivers\keyscrambler.sys --> C:\Windows\system32\drivers\keyscrambler.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-8-27 156288]
S2 gupdate;Google-oppdatering-tjenesten (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-21 136176]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 gupdatem;Google-oppdatering-tjenesten (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-21 136176]
S3 IntcDAud;Intel® Skjermlyd;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\drivers\nusb3hub.sys --> C:\Windows\system32\drivers\nusb3hub.sys [?]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\drivers\nusb3xhc.sys --> C:\Windows\system32\drivers\nusb3xhc.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;C:\Windows\system32\DRIVERS\Rtenic64.sys --> C:\Windows\system32\DRIVERS\Rtenic64.sys [?]
S3 StorSvc;Oppbevaringstjeneste;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\system32\drivers\Synth3dVsc.sys --> C:\Windows\system32\drivers\Synth3dVsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-10-05 16:33:31 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{446AB021-1DF4-4553-A28A-9D90891ABC2D}\offreg.dll
2011-10-05 16:33:22 9049936 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{446AB021-1DF4-4553-A28A-9D90891ABC2D}\mpengine.dll
2011-10-01 19:49:53 -------- d-----w- C:\Users\USERNAME\AppData\Local\Spotify
2011-10-01 19:49:38 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\Spotify
2011-09-30 08:43:08 -------- d-----w- C:\Users\USERNAME\AppData\Local\Apple Computer
2011-09-30 08:41:39 -------- d-----w- C:\Users\USERNAME\AppData\Local\Apple
2011-09-28 09:50:59 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\.purple
2011-09-28 09:50:37 -------- d-----w- C:\Program Files (x86)\Pidgin
2011-09-28 09:45:58 -------- d-----w- C:\Users\USERNAME\AppData\Local\Windows Live
2011-09-28 09:45:57 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-09-28 07:05:25 134104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-09-25 14:27:28 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2011-09-25 10:55:31 -------- d-----w- C:\Program Files (x86)\NoVirusThanks
2011-09-21 10:14:42 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\Mount&Blade Warband
2011-09-21 10:08:40 -------- d-----w- C:\Program Files (x86)\VirusTotalUploader2
2011-09-21 09:58:51 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
2011-09-21 09:58:46 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll
2011-09-21 09:56:52 -------- d-----w- C:\Program Files (x86)\Mount&Blade Warband
2011-09-19 06:59:13 29696 ----a-w- C:\Windows\System32\drivers\tap0901.sys
2011-09-16 07:35:19 -------- d-----w- C:\Program Files (x86)\uTorrent
2011-09-16 07:33:40 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\uTorrent
2011-09-16 07:33:40 -------- d-----w- C:\Users\USERNAME\AppData\Local\uTorrent
2011-09-16 07:18:38 -------- d-----w- C:\Program Files (x86)\proXPN
2011-09-15 07:26:39 -------- d-----w- C:\Users\USERNAME\AppData\Local\VMware
2011-09-15 07:23:21 81008 ----a-w- C:\Windows\System32\drivers\vmci.sys
2011-09-15 07:23:18 68720 ----a-w- C:\Windows\System32\drivers\vmx86.sys
2011-09-15 07:22:46 334448 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe
2011-09-15 07:22:41 404080 ----a-w- C:\Windows\SysWow64\vmnat.exe
2011-09-15 07:22:41 30320 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys
2011-09-15 07:22:35 968816 ----a-w- C:\Windows\System32\vnetlib64.dll
2011-09-15 07:22:13 31856 ----a-w- C:\Windows\System32\drivers\VMkbd.sys
2011-09-15 07:22:11 38512 ----a-w- C:\Windows\System32\drivers\hcmon.sys
2011-09-15 07:21:48 -------- d-----w- C:\Program Files (x86)\Common Files\VMware
2011-09-15 07:21:25 -------- d-----w- C:\Program Files (x86)\VMware
2011-09-14 13:44:14 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\.minecraft
2011-09-14 10:13:11 -------- d-----w- C:\Users\USERNAME\VirtualBox VMs
2011-09-14 10:04:58 -------- d-----w- C:\Users\USERNAME\.VirtualBox
2011-09-14 10:04:07 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2011-09-14 10:04:00 128816 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2011-09-14 10:03:53 -------- d-----w- C:\Program Files\Oracle
2011-09-13 11:20:49 -------- d-----w- C:\Program Files (x86)\TunnelBear
2011-09-12 06:59:06 -------- d-----w- C:\Users\USERNAME\AppData\Local\Opera
2011-09-08 12:13:11 -------- d-----w- C:\Users\USERNAME\AppData\Local\Diagnostics
2011-09-08 07:00:24 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2DB06253-C2D9-4C12-BD94-E077B637C2F6}\gapaengine.dll
2011-09-07 10:14:55 -------- d-----w- C:\Program Files\Paint.NET
2011-09-07 10:14:40 -------- d-----w- C:\Users\USERNAME\AppData\Local\Paint.NET
2011-09-07 10:00:29 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2011-09-07 10:00:25 -------- d-----w- C:\Program Files (x86)\Steam
2011-09-06 09:51:36 -------- d-----r- C:\Program Files (x86)\Skype
2011-09-06 07:47:38 -------- d-----w- C:\Users\USERNAME\AppData\Local\DOSBox
2011-09-06 07:47:26 -------- d-----w- C:\Program Files (x86)\DOSBox-0.74
.
==================== Find3M ====================
.
2011-09-22 09:52:28 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-17 10:21:24 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-08-15 12:32:10 165680 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2011-08-15 12:32:10 146736 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2011-08-15 12:32:08 320816 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
2011-07-26 17:49:12 37888 ----a-w- C:\Windows\System32\drivers\taphss.sys
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 05:26:20 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-07-09 04:29:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
.
============= FINISH: 19:49:45,26 ===============

Thanks :)
"Trusting every aspect of our lives to a giant computer was the smartest thing we ever did!"
- Homer on cloud computing

#4
screen317
Posted 08 October 2011 - 08:39 PM

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,465 posts
  • Gender:Male
  • Location:New Haven, CT
Hi,

Please visit this webpage for instructions for running ComboFix:
http://www.bleepingc...to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.


-screen317
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#5
L00N3R
Posted 09 October 2011 - 08:00 AM

    Elite Member

  • Malware Hunters
  • PipPipPipPipPip
  • 898 posts
  • Gender:Not Telling
Combofix
Spoiler

DDS
Spoiler

"Trusting every aspect of our lives to a giant computer was the smartest thing we ever did!"
- Homer on cloud computing

#6
screen317
Posted 12 October 2011 - 01:45 AM

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,465 posts
  • Gender:Male
  • Location:New Haven, CT
Hi,

Please see:

HijackThis Forum Policy
[indent]
We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.[/indent]It's likely why your issue began in the first place.


This goes for uTorrent and anything else you may have installed.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#7
L00N3R
Posted 14 October 2011 - 12:05 AM

    Elite Member

  • Malware Hunters
  • PipPipPipPipPip
  • 898 posts
  • Gender:Not Telling
µTorrent is uninstalled. :)
"Trusting every aspect of our lives to a giant computer was the smartest thing we ever did!"
- Homer on cloud computing

#8
screen317
Posted 18 October 2011 - 01:50 AM

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,465 posts
  • Gender:Male
  • Location:New Haven, CT
Okay.

Grab a fresh copy of ComboFix, run it, and post its log, in addition to a DDS log. Don't use the spoiler tags please.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#9
L00N3R
Posted 18 October 2011 - 02:12 AM

    Elite Member

  • Malware Hunters
  • PipPipPipPipPip
  • 898 posts
  • Gender:Not Telling
ComboFix 11-10-17.02 - USERNAME 18.10.2011 9:01.2.2 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.47.1044.18.1982.969 [GMT 2:00]
Kjører fra: d:\USERNAME\Desktop\ComboFix.exe
AV: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((( Filer Opprettet Fra 2011-09-18 til 2011-10-18 )))))))))))))))))))))))))))))))))
.
.
2011-10-18 07:06 . 2011-10-18 07:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-18 06:56 . 2011-10-18 06:56 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2B29AA69-EA6A-4636-BC18-AF7C9D49411D}\offreg.dll
2011-10-18 06:56 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2B29AA69-EA6A-4636-BC18-AF7C9D49411D}\mpengine.dll
2011-10-14 12:03 . 2011-10-14 12:03 -------- d-----w- c:\users\USERNAME\AppData\Roaming\LolClient
2011-10-13 13:19 . 2011-10-13 13:18 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8037D578-0C93-4413-83F2-22330A210D39}\gapaengine.dll
2011-10-13 13:02 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 13:01 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 13:01 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 13:01 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-13 13:01 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-13 13:00 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-13 13:00 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 13:00 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 13:00 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-13 08:45 . 2011-10-13 08:45 -------- d-----w- c:\program files (x86)\iFinger
2011-10-11 20:23 . 2008-07-31 08:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll
2011-10-11 20:23 . 2008-07-31 08:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll
2011-10-11 20:23 . 2008-07-12 06:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2011-10-11 20:23 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2011-10-11 20:23 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2011-10-11 20:19 . 2011-10-11 20:19 -------- d-----w- C:\Riot Games
2011-10-11 08:07 . 2011-10-18 07:06 -------- d-----w- c:\users\USERNAME\AppData\Local\PMB Files
2011-10-11 08:07 . 2011-10-14 11:55 -------- d-----w- c:\programdata\PMB Files
2011-10-11 08:07 . 2011-10-11 08:07 -------- d-----w- c:\program files (x86)\Pando Networks
2011-10-08 18:51 . 2011-10-08 18:51 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2011-10-08 18:51 . 2011-10-08 18:51 -------- d-----w- c:\users\USERNAME\SystemRequirementsLab
2011-10-08 15:45 . 2011-10-08 15:45 -------- d-----w- c:\program files\CCleaner
2011-10-07 17:16 . 2011-10-07 17:16 -------- d-----w- c:\users\USERNAME\AppData\Roaming\GameRanger
2011-10-07 16:44 . 2011-10-07 16:44 -------- d-----w- c:\program files (x86)\Elaborate Bytes
2011-10-01 19:49 . 2011-10-17 15:39 -------- d-----w- c:\users\USERNAME\AppData\Local\Spotify
2011-10-01 19:49 . 2011-10-17 15:43 -------- d-----w- c:\users\USERNAME\AppData\Roaming\Spotify
2011-09-30 08:43 . 2011-09-30 08:43 -------- d-----w- c:\users\USERNAME\AppData\Local\Apple Computer
2011-09-30 08:43 . 2011-09-30 08:43 -------- d-----w- c:\users\USERNAME\AppData\Roaming\Apple Computer
2011-09-30 08:42 . 2011-09-30 08:42 -------- d-----w- c:\program files (x86)\Safari
2011-09-30 08:42 . 2011-09-30 08:42 -------- d-----w- c:\programdata\Apple Computer
2011-09-30 08:41 . 2011-09-30 08:41 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-09-30 08:41 . 2011-09-30 08:41 -------- d-----w- c:\users\USERNAME\AppData\Local\Apple
2011-09-30 08:41 . 2011-09-30 08:41 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-09-30 08:41 . 2011-09-30 08:41 -------- d-----w- c:\programdata\Apple
2011-09-28 09:50 . 2011-09-28 10:21 -------- d-----w- c:\users\USERNAME\AppData\Roaming\.purple
2011-09-28 09:50 . 2011-09-28 09:50 -------- d-----w- c:\program files (x86)\Pidgin
2011-09-28 09:47 . 2011-09-28 09:48 -------- d-----w- c:\program files (x86)\Windows Live
2011-09-28 09:45 . 2011-09-28 09:45 -------- d-----w- c:\users\USERNAME\AppData\Local\Windows Live
2011-09-28 09:45 . 2011-09-28 09:45 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2011-09-28 07:05 . 2011-09-30 16:13 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-09-25 14:27 . 2011-09-25 14:27 -------- d-----w- c:\programdata\Hewlett-Packard
2011-09-25 14:27 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2011-09-25 10:55 . 2011-09-25 10:55 -------- d-----w- c:\program files (x86)\NoVirusThanks
2011-09-21 10:59 . 2011-10-07 12:20 -------- d-----w- c:\program files (x86)\Google
2011-09-21 10:14 . 2011-09-21 10:15 -------- d-----w- c:\users\USERNAME\AppData\Roaming\Mount&Blade Warband
2011-09-21 10:08 . 2011-09-21 10:08 -------- d-----w- c:\program files (x86)\VirusTotalUploader2
2011-09-21 09:58 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2011-09-21 09:58 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2011-09-21 09:56 . 2011-09-21 10:01 -------- d-----w- c:\program files (x86)\Mount&Blade Warband
2011-09-19 06:59 . 2010-02-25 15:51 29696 ----a-w- c:\windows\system32\drivers\tap0901.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-13 08:12 . 2011-06-24 09:33 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-28 09:46 . 2011-03-28 16:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-17 10:21 . 2011-09-03 20:42 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-09-14 13:58 . 2011-08-23 10:46 274616 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2011-09-13 00:26 . 2011-06-28 13:12 9049936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-03 20:42 . 2011-09-03 20:42 53248 ----a-r- c:\users\USERNAME\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-08-25 10:17 . 2011-08-25 10:17 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-08-25 10:17 . 2011-08-25 10:17 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-08-25 10:17 . 2011-08-25 10:17 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-08-25 10:17 . 2011-08-25 10:17 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-08-25 10:17 . 2011-08-25 10:17 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-08-25 10:17 . 2011-08-25 10:17 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-08-25 10:17 . 2011-08-25 10:17 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-08-25 10:17 . 2011-08-25 10:17 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-08-25 10:17 . 2011-08-25 10:17 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-08-25 10:17 . 2011-08-25 10:17 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-08-25 10:17 . 2011-08-25 10:17 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-08-25 10:17 . 2011-08-25 10:17 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-08-25 10:17 . 2011-08-25 10:17 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-08-25 10:17 . 2011-08-25 10:17 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-08-25 10:17 . 2011-08-25 10:17 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-08-25 10:17 . 2011-08-25 10:17 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-08-25 10:17 . 2011-08-25 10:17 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-08-25 10:17 . 2011-08-25 10:17 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-08-25 10:17 . 2011-08-25 10:17 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-08-25 10:17 . 2011-08-25 10:17 222208 ----a-w- c:\windows\system32\msls31.dll
2011-08-25 10:17 . 2011-08-25 10:17 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-08-25 10:17 . 2011-08-25 10:17 12288 ----a-w- c:\windows\system32\mshta.exe
2011-08-25 10:17 . 2011-08-25 10:17 114176 ----a-w- c:\windows\system32\admparse.dll
2011-08-25 10:17 . 2011-08-25 10:17 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-08-25 10:17 . 2011-08-25 10:17 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-08-25 10:17 . 2011-08-25 10:17 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-08-25 10:17 . 2011-08-25 10:17 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-08-25 10:17 . 2011-08-25 10:17 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-08-25 10:17 . 2011-08-25 10:17 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-08-25 10:17 . 2011-08-25 10:17 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-08-25 10:17 . 2011-08-25 10:17 448512 ----a-w- c:\windows\system32\html.iec
2011-08-25 10:17 . 2011-08-25 10:17 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-25 10:17 . 2011-08-25 10:17 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-25 10:17 . 2011-08-25 10:17 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-08-25 10:17 . 2011-08-25 10:17 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-08-25 10:17 . 2011-08-25 10:17 160256 ----a-w- c:\windows\system32\wextract.exe
2011-08-15 12:32 . 2011-09-14 10:04 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-08-15 12:32 . 2011-09-14 10:04 128816 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-08-15 12:32 . 2011-08-15 12:32 165680 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-08-15 12:32 . 2011-08-15 12:32 146736 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-08-15 12:32 . 2011-08-15 12:32 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2011-07-26 17:49 . 2011-07-26 17:49 37888 ----a-w- c:\windows\system32\drivers\taphss.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-09_12.49.24 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-08-25 10:17 . 2011-08-25 10:17 72704 c:\windows\SysWOW64\mshtmled.dll
+ 2011-10-14 13:01 . 2011-09-01 02:23 72704 c:\windows\SysWOW64\mshtmled.dll
- 2011-08-25 10:17 . 2011-08-25 10:17 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-10-14 13:01 . 2011-09-01 02:26 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-10-14 13:01 . 2011-09-01 02:26 65024 c:\windows\SysWOW64\jsproxy.dll
- 2011-08-25 10:17 . 2011-08-25 10:17 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2011-06-23 17:10 . 2011-10-15 13:08 30546 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-10-18 06:44 37000 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 09:17 . 2011-10-09 08:29 75124 c:\windows\system32\perfc014.dat
+ 2009-07-14 09:17 . 2011-10-18 06:46 75124 c:\windows\system32\perfc014.dat
+ 2011-10-14 13:01 . 2011-09-01 05:12 96256 c:\windows\system32\mshtmled.dll
- 2011-08-25 10:17 . 2011-08-25 10:17 96256 c:\windows\system32\mshtmled.dll
+ 2011-10-14 13:01 . 2011-09-01 05:15 86528 c:\windows\system32\migration\WininetPlugin.dll
- 2011-08-25 10:17 . 2011-08-25 10:17 86528 c:\windows\system32\migration\WininetPlugin.dll
- 2011-08-25 10:17 . 2011-08-25 10:17 85504 c:\windows\system32\jsproxy.dll
+ 2011-10-14 13:01 . 2011-09-01 05:15 85504 c:\windows\system32\jsproxy.dll
- 2011-07-21 14:01 . 2011-10-08 15:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-21 14:01 . 2011-10-16 13:41 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-21 14:01 . 2011-10-16 13:41 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-07-21 14:01 . 2011-10-08 15:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-08 15:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-10-16 13:41 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2011-10-18 06:49 88816 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-07-21 10:43 . 2011-07-21 10:43 27648 c:\windows\Installer\1367eb9.msp
- 2011-06-23 16:57 . 2011-09-26 18:21 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-06-23 16:57 . 2011-10-13 13:02 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-06-23 16:57 . 2011-09-26 18:21 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
+ 2011-06-23 16:57 . 2011-10-13 13:02 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
- 2011-06-23 16:57 . 2011-09-26 18:21 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-06-23 16:57 . 2011-10-13 13:02 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-10-13 08:45 . 2011-10-13 08:45 19790 c:\windows\Installer\{87A7E808-D6BE-40E6-97FD-AAAC0F39A886}\iFinger.exe
+ 2011-08-23 10:44 . 2011-10-18 06:44 6684 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-573178753-3869741976-1425505419-177982_UserData.bin
+ 2011-10-18 06:41 . 2011-10-18 06:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-09 08:24 . 2011-10-09 08:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-18 06:41 . 2011-10-18 06:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-09 08:24 . 2011-10-09 08:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-08-25 10:17 . 2011-08-25 10:17 231936 c:\windows\SysWOW64\url.dll
+ 2011-10-14 13:01 . 2011-09-01 02:27 231936 c:\windows\SysWOW64\url.dll
+ 2011-10-13 08:12 . 2011-10-13 08:12 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_Plugin.exe
+ 2011-10-13 08:12 . 2011-10-13 08:12 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
+ 2011-10-13 08:12 . 2011-10-13 08:12 335520 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.dll
- 2011-08-25 10:17 . 2011-08-25 10:17 716800 c:\windows\SysWOW64\jscript.dll
+ 2011-10-14 13:01 . 2011-09-01 02:24 716800 c:\windows\SysWOW64\jscript.dll
- 2009-07-13 23:26 . 2009-07-14 01:15 361472 c:\windows\SysWOW64\IME\IMEJP10\IMJPAPI.DLL
+ 2011-10-10 13:02 . 2011-07-27 04:27 361472 c:\windows\SysWOW64\IME\IMEJP10\IMJPAPI.DLL
- 2011-08-25 10:17 . 2011-08-25 10:17 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-10-14 13:01 . 2011-09-01 02:21 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-06-27 07:55 . 2011-10-12 17:34 315668 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-06-23 23:28 . 2011-10-17 15:28 254866 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2011-08-25 10:17 . 2011-08-25 10:17 237056 c:\windows\system32\url.dll
+ 2011-10-14 13:01 . 2011-09-01 05:16 237056 c:\windows\system32\url.dll
+ 2009-07-14 09:17 . 2011-10-18 06:46 450310 c:\windows\system32\perfh014.dat
- 2009-07-14 09:17 . 2011-10-09 08:29 450310 c:\windows\system32\perfh014.dat
+ 2009-07-14 02:36 . 2011-10-18 06:46 609290 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-10-09 08:29 609290 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-10-18 06:46 104568 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-10-09 08:29 104568 c:\windows\system32\perfc009.dat
- 2011-08-25 10:17 . 2011-08-25 10:17 818176 c:\windows\system32\jscript.dll
+ 2011-10-14 13:01 . 2011-09-01 05:14 818176 c:\windows\system32\jscript.dll
+ 2011-10-10 13:02 . 2011-07-27 05:33 546304 c:\windows\system32\IME\IMEJP10\IMJPAPI.DLL
- 2009-07-13 23:40 . 2009-07-14 01:41 546304 c:\windows\system32\IME\IMEJP10\IMJPAPI.DLL
- 2011-08-25 10:17 . 2011-08-25 10:17 248320 c:\windows\system32\ieui.dll
+ 2011-10-14 13:01 . 2011-09-01 05:08 248320 c:\windows\system32\ieui.dll
+ 2009-07-14 04:45 . 2011-10-13 14:47 376024 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 05:01 . 2011-10-17 17:13 385756 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-10-08 22:44 385756 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-08-21 21:19 . 2011-08-21 21:19 133120 c:\windows\Installer\96e82c.msp
+ 2011-06-19 21:33 . 2011-06-19 21:33 407552 c:\windows\Installer\1367eb1.msp
+ 2011-10-14 12:08 . 2011-10-14 12:08 371272 c:\windows\Installer\{AA59DDE4-B672-4621-A016-4C248204957A}\SkypeIcon.exe
- 2011-10-07 12:01 . 2011-10-07 12:01 371272 c:\windows\Installer\{AA59DDE4-B672-4621-A016-4C248204957A}\SkypeIcon.exe
+ 2011-06-23 16:57 . 2011-10-13 13:02 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2011-06-23 16:57 . 2011-09-26 18:21 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-06-23 16:57 . 2011-10-13 13:02 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2011-06-23 16:57 . 2011-09-26 18:21 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2011-06-23 16:57 . 2011-09-26 18:21 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2011-06-23 16:57 . 2011-10-13 13:02 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2011-06-23 16:57 . 2011-10-13 13:02 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
- 2011-06-23 16:57 . 2011-09-26 18:21 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
+ 2011-06-23 16:57 . 2011-10-13 13:02 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2011-06-23 16:57 . 2011-09-26 18:21 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2011-06-23 16:57 . 2011-09-26 18:21 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
+ 2011-06-23 16:57 . 2011-10-13 13:02 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
+ 2011-10-13 13:01 . 2011-08-17 05:28 315392 c:\windows\ehome\Microsoft.MediaCenter.Interop.dll
- 2011-06-27 09:34 . 2010-11-20 13:44 315392 c:\windows\ehome\Microsoft.MediaCenter.Interop.dll
+ 2011-10-13 14:47 . 2011-10-13 14:47 522240 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\3563d3f83c115eae9c5387cc7b0d1b7d\Microsoft.MediaCenter.Interop.ni.dll
+ 2011-10-13 13:01 . 2011-08-17 05:28 315392 c:\windows\assembly\GAC_64\Microsoft.MediaCenter.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Interop.dll
- 2011-06-27 09:34 . 2010-11-20 13:44 315392 c:\windows\assembly\GAC_64\Microsoft.MediaCenter.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Interop.dll
+ 2011-10-14 13:01 . 2011-09-01 02:28 1126912 c:\windows\SysWOW64\wininet.dll
- 2011-08-25 10:17 . 2011-08-25 10:17 1126912 c:\windows\SysWOW64\wininet.dll
+ 2011-10-14 13:01 . 2011-09-01 02:28 1102848 c:\windows\SysWOW64\urlmon.dll
- 2011-08-25 10:17 . 2011-08-25 10:17 1102848 c:\windows\SysWOW64\urlmon.dll
+ 2011-06-24 09:33 . 2011-10-13 08:12 8522400 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
+ 2011-10-14 13:01 . 2011-09-01 02:35 1798144 c:\windows\SysWOW64\jscript9.dll
+ 2011-10-14 13:01 . 2011-09-01 02:23 1791488 c:\windows\SysWOW64\iertutil.dll
- 2011-08-25 10:17 . 2011-08-25 10:17 1791488 c:\windows\SysWOW64\iertutil.dll
+ 2011-10-14 13:01 . 2011-09-01 02:33 9704960 c:\windows\SysWOW64\ieframe.dll
- 2011-08-25 10:17 . 2011-08-25 10:17 1389056 c:\windows\system32\wininet.dll
+ 2011-10-14 13:01 . 2011-09-01 05:17 1389056 c:\windows\system32\wininet.dll
- 2011-08-25 10:17 . 2011-08-25 10:17 1344512 c:\windows\system32\urlmon.dll
+ 2011-10-14 13:01 . 2011-09-01 05:18 1344512 c:\windows\system32\urlmon.dll
+ 2011-10-14 13:01 . 2011-09-01 05:24 2309120 c:\windows\system32\jscript9.dll
+ 2011-10-14 13:01 . 2011-09-01 05:12 2143744 c:\windows\system32\iertutil.dll
+ 2009-07-14 04:45 . 2011-10-15 12:56 6834469 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-10-07 15:35 6834469 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-08-25 13:59 . 2011-10-17 09:16 5958756 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-573178753-3869741976-1425505419-177982-4096.dat
+ 2011-07-21 10:34 . 2011-07-21 10:34 3456000 c:\windows\Installer\96e860.msp
+ 2011-07-21 10:45 . 2011-07-21 10:45 3809792 c:\windows\Installer\96e846.msp
+ 2011-08-21 21:18 . 2011-08-21 21:18 1585152 c:\windows\Installer\96e825.msp
+ 2011-07-21 10:51 . 2011-07-21 10:51 9623040 c:\windows\Installer\1367e7b.msp
+ 2011-07-21 10:41 . 2011-07-21 10:41 8413696 c:\windows\Installer\1367e61.msp
+ 2011-06-23 16:57 . 2011-10-13 13:02 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-06-23 16:57 . 2011-09-26 18:21 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-06-23 16:57 . 2011-10-13 13:02 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2011-06-23 16:57 . 2011-09-26 18:21 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-06-23 16:57 . 2011-10-13 13:02 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2011-06-23 16:57 . 2011-09-26 18:21 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2011-06-23 16:57 . 2011-09-26 18:21 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\Icon.9D6CC272.FB07.4CCF.BA62.C793BD18F37A.exe
+ 2011-06-23 16:57 . 2011-10-13 13:02 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\Icon.9D6CC272.FB07.4CCF.BA62.C793BD18F37A.exe
- 2011-06-23 16:57 . 2011-09-26 18:21 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\Icon.58599A6F.C47E.4F6A.9B74.130813500B46.exe
+ 2011-06-23 16:57 . 2011-10-13 13:02 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\Icon.58599A6F.C47E.4F6A.9B74.130813500B46.exe
- 2011-06-23 16:57 . 2011-09-26 18:21 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\Icon.0ABA67DE.B9F7.4720.83BA.38B0FED98479.exe
+ 2011-06-23 16:57 . 2011-10-13 13:02 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\Icon.0ABA67DE.B9F7.4720.83BA.38B0FED98479.exe
- 2011-06-23 16:57 . 2011-09-26 18:21 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-06-23 16:57 . 2011-10-13 13:02 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-10-15 14:30 . 2011-10-15 14:30 1142784 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\006437adec3104e688788eea08c535fd\Microsoft.MediaCenter.Shell.ni.dll
+ 2011-10-14 13:01 . 2011-09-01 02:36 12275200 c:\windows\SysWOW64\mshtml.dll
+ 2009-07-14 02:34 . 2011-10-15 12:53 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-08-30 14:38 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-10-14 13:01 . 2011-09-01 05:34 17781760 c:\windows\system32\mshtml.dll
+ 2011-06-24 09:13 . 2011-10-10 13:02 49062856 c:\windows\system32\MRT.exe
- 2011-08-25 10:17 . 2011-08-25 10:17 10886144 c:\windows\system32\ieframe.dll
+ 2011-10-14 13:00 . 2011-09-01 05:24 10886144 c:\windows\system32\ieframe.dll
+ 2011-08-23 10:22 . 2011-10-17 09:16 33435484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-573178753-3869741976-1425505419-177982-8192.dat
+ 2011-10-14 12:07 . 2011-10-14 12:07 18452480 c:\windows\Installer\494f48b.msi
+ 2011-07-21 10:36 . 2011-07-21 10:36 66808320 c:\windows\Installer\1367e97.msp
+ 2010-03-12 22:05 . 2010-03-12 22:05 11121528 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OARTCONV.DLL
+ 2010-03-13 13:08 . 2010-03-13 13:08 20516712 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OART.DLL
+ 2011-10-15 14:31 . 2011-10-15 14:31 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\5e125ecb8c921809c2d3ba09e5c77c9e\ehshell.ni.dll
+ 2011-10-13 08:44 . 2011-10-13 08:44 123099648 c:\windows\Installer\463d45.msi
.
-- Snapshot resatt til dagens dato --
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\USERNAME\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-09-08 1242448]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-10-11 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-05-13 318520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DefaultLogonDomain"= Akershus-FK
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-573178753-3869741976-1425505419-177982\Scripts\Logon\0\0]
"Script"=\\akershus-fk.no\NETLOGON\Undervisning\LOGON00-Rettigheter bærbare til elever IV.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 gupdate;Google-oppdatering-tjenesten (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 136176]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 gupdatem;Google-oppdatering-tjenesten (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 136176]
R3 IntcDAud;Intel® Skjermlyd;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;c:\windows\system32\DRIVERS\Rtenic64.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2011-05-13 317496]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
.
2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 10:59]
.
2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 10:59]
.
2011-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-573178753-3869741976-1425505419-177982Core.job
- c:\users\USERNAME\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-30 10:25]
.
2011-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-573178753-3869741976-1425505419-177982UA.job
- c:\users\USERNAME\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-30 10:25]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
.
------- Tilleggsskanning -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://portalen.akershus-fk.no
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&ksporter til Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd til OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 148.83.249.50 148.83.249.51
DPF: DirectEdit - hxxps://support.itslearning.com/browsertest/components/DirectEdit.CAB
FF - ProfilePath - c:\users\USERNAME\AppData\Roaming\Mozilla\Firefox\Profiles\psm2bo5w.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.itslearning.com/index.aspx?CustomerId=124&Username=sigsve
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?q=
.
- - - - TOMME PEKERE FJERNET - - - -
.
Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
.
.
.
--------------------- LÅSTE REGISTERNØKLER ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tidspunkt ferdig: 2011-10-18 09:09:00
ComboFix-quarantined-files.txt 2011-10-18 07:09
ComboFix2.txt 2011-10-09 12:51
.
Pre-Run: 9 049 726 976 byte ledig
Post-Run: 8 876 912 640 byte ledig
.
- - End Of File - - 2F7359DD68A1CA280B3AA89F0A4FC05A


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by USERNAME at 9:09:58 on 2011-10-18
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.47.1044.18.1982.794 [GMT 2:00]
.
AV: Microsoft Forefront Endpoint Protection 2010 *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Forefront Endpoint Protection 2010 *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\WizMouse\WizMouse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://portalen.akershus-fk.no
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
BHO: Påloggingshjelp for Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [F.lux] "C:\Users\USERNAME\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DefaultLogonDomain = Akershus-FK
IE: E&ksporter til Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd til OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: DirectEdit - hxxps://support.itslearning.com/browsertest/components/DirectEdit.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 148.83.249.50 148.83.249.51
TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73} : DhcpNameServer = 148.83.249.50 148.83.249.51
TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73}\14B6562737865737D264B402759664960274A6563747 : DhcpNameServer = 148.83.249.50 148.83.249.51
TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73}\35C65647E65627E6564747 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73}\84A656D6D656 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73}\D4E294E255E2C4 : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{2B9F5787-88A5-4945-90E7-C4B18563BC5E}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\USERNAME\AppData\Roaming\Mozilla\Firefox\Profiles\psm2bo5w.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.itslearning.com/index.aspx?CustomerId=124&Username=sigsve
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?q=
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 hpHotkeyMonitor;hpHotkeyMonitor;C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2011-5-13 317496]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R3 KeyScrambler;KeyScrambler;C:\Windows\system32\drivers\keyscrambler.sys --> C:\Windows\system32\drivers\keyscrambler.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-8-27 156288]
S2 gupdate;Google-oppdatering-tjenesten (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-21 136176]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 gupdatem;Google-oppdatering-tjenesten (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-21 136176]
S3 IntcDAud;Intel® Skjermlyd;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\drivers\nusb3hub.sys --> C:\Windows\system32\drivers\nusb3hub.sys [?]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\drivers\nusb3xhc.sys --> C:\Windows\system32\drivers\nusb3xhc.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;C:\Windows\system32\DRIVERS\Rtenic64.sys --> C:\Windows\system32\DRIVERS\Rtenic64.sys [?]
S3 StorSvc;Oppbevaringstjeneste;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\system32\drivers\Synth3dVsc.sys --> C:\Windows\system32\drivers\Synth3dVsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-10-18 06:56:11 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2B29AA69-EA6A-4636-BC18-AF7C9D49411D}\offreg.dll
2011-10-18 06:56:09 9049936 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2B29AA69-EA6A-4636-BC18-AF7C9D49411D}\mpengine.dll
2011-10-14 12:03:53 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\LolClient
2011-10-13 13:19:12 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8037D578-0C93-4413-83F2-22330A210D39}\gapaengine.dll
2011-10-13 13:02:14 3138048 ----a-w- C:\Windows\System32\win32k.sys
2011-10-13 13:01:22 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-13 13:01:22 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-10-13 13:01:22 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-10-13 13:01:22 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-10-13 13:00:30 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-13 13:00:29 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-13 13:00:29 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-13 13:00:29 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-13 08:45:26 -------- d-----w- C:\Program Files (x86)\iFinger
2011-10-11 20:23:51 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll
2011-10-11 20:23:51 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll
2011-10-11 20:23:51 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2011-10-11 20:23:51 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2011-10-11 20:23:50 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2011-10-11 20:19:20 -------- d-----w- C:\Riot Games
2011-10-11 08:07:25 -------- d-----w- C:\Users\USERNAME\AppData\Local\PMB Files
2011-10-11 08:07:23 -------- d-----w- C:\ProgramData\PMB Files
2011-10-11 08:07:09 -------- d-----w- C:\Program Files (x86)\Pando Networks
2011-10-09 12:42:38 98816 ----a-w- C:\Windows\sed.exe
2011-10-09 12:42:38 518144 ----a-w- C:\Windows\SWREG.exe
2011-10-09 12:42:38 256000 ----a-w- C:\Windows\PEV.exe
2011-10-09 12:42:38 208896 ----a-w- C:\Windows\MBR.exe
2011-10-08 18:51:56 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2011-10-08 18:51:48 -------- d-----w- C:\Users\USERNAME\SystemRequirementsLab
2011-10-08 15:45:34 -------- d-----w- C:\Program Files\CCleaner
2011-10-07 17:16:31 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\GameRanger
2011-10-07 16:44:09 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes
2011-10-01 19:49:53 -------- d-----w- C:\Users\USERNAME\AppData\Local\Spotify
2011-10-01 19:49:38 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\Spotify
2011-09-30 08:43:08 -------- d-----w- C:\Users\USERNAME\AppData\Local\Apple Computer
2011-09-30 08:41:39 -------- d-----w- C:\Users\USERNAME\AppData\Local\Apple
2011-09-28 09:50:59 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\.purple
2011-09-28 09:50:37 -------- d-----w- C:\Program Files (x86)\Pidgin
2011-09-28 09:45:58 -------- d-----w- C:\Users\USERNAME\AppData\Local\Windows Live
2011-09-28 09:45:57 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-09-28 07:05:25 134104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-09-25 14:27:28 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2011-09-25 10:55:31 -------- d-----w- C:\Program Files (x86)\NoVirusThanks
2011-09-21 10:14:42 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\Mount&Blade Warband
2011-09-21 10:08:40 -------- d-----w- C:\Program Files (x86)\VirusTotalUploader2
2011-09-21 09:58:51 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
2011-09-21 09:58:46 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll
2011-09-21 09:56:52 -------- d-----w- C:\Program Files (x86)\Mount&Blade Warband
2011-09-19 06:59:13 29696 ----a-w- C:\Windows\System32\drivers\tap0901.sys
.
==================== Find3M ====================
.
2011-10-13 08:12:37 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-17 10:21:24 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-09-14 13:58:46 274616 ----a-w- C:\Windows\System32\drivers\keyscrambler.sys
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-15 12:32:10 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2011-08-15 12:32:10 165680 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2011-08-15 12:32:10 146736 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2011-08-15 12:32:10 128816 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2011-08-15 12:32:08 320816 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
2011-07-26 17:49:12 37888 ----a-w- C:\Windows\System32\drivers\taphss.sys
.
============= FINISH: 9:10:18,68 ===============
"Trusting every aspect of our lives to a giant computer was the smartest thing we ever did!"
- Homer on cloud computing

#10
screen317
Posted 18 October 2011 - 02:15 AM

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,465 posts
  • Gender:Male
  • Location:New Haven, CT
Hi,

Next, please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Next, download my Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#11
L00N3R
Posted 21 October 2011 - 02:17 PM

    Elite Member

  • Malware Hunters
  • PipPipPipPipPip
  • 898 posts
  • Gender:Not Telling
Eset log (Very short though, but it was the right location):

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

Security check:
Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 29
Out of date Java installed!
Adobe Reader X (10.1.1) - Norsk
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````
"Trusting every aspect of our lives to a giant computer was the smartest thing we ever did!"
- Homer on cloud computing

#12
screen317
Posted 23 October 2011 - 06:37 PM

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,465 posts
  • Gender:Male
  • Location:New Haven, CT
Hi,



Run TFC by OldTimer to clear temporary files:
  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.


Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.



After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):


ESET Online Scanner v3

Restart your computer.

Get the latest version of Java, Adobe Reader, and Adobe Flash Player.


Let me know what issues remain.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#13
L00N3R
Posted 24 October 2011 - 02:10 AM

    Elite Member

  • Malware Hunters
  • PipPipPipPipPip
  • 898 posts
  • Gender:Not Telling
Everything is running fine now.

Thanks for the help :)
"Trusting every aspect of our lives to a giant computer was the smartest thing we ever did!"
- Homer on cloud computing

#14
screen317
Posted 28 October 2011 - 06:27 PM

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,465 posts
  • Gender:Male
  • Location:New Haven, CT
Great!

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!


Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?




Safe surfing,

-screen317
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#15
screen317
Posted 31 October 2011 - 10:52 PM

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,465 posts
  • Gender:Male
  • Location:New Haven, CT
Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us