Jump to content

Shaoni

Members
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. System appears to be 100% clean. I guess TFC did the job. Should I bump this if I keep getting redirected or is there anything else I should try? MBAM: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.27.08 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Shaoni :: SHAONI-HP [administrator] Protection: Enabled 27.06.2012 19:47:30 mbam-log-2012-06-27 (19-47-30).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 205493 Time elapsed: 4 minute(s), 44 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ESET: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=0f4afbef602b354fbb739a9af9a6adf1 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-06-28 12:26:50 # local_time=2012-06-28 02:26:50 (+0100, Vest-Europa (sommertid)) # country="Norway" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=5893 16776573 100 94 135430 92513233 0 0 # compatibility_mode=8192 67108863 100 0 146 146 0 0 # scanned=241732 # found=0 # cleaned=0 # scan_time=3027 Security Check: Results of screen317's Security Check version 0.99.42 Windows 7 x64 (UAC is enabled) Out of date service pack!! Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware versión 1.61.0.1400 Java 6 Update 29 Java version out of Date! Mozilla Firefox (13.0.1) Google Chrome 19.0.1084.52 Google Chrome 19.0.1084.56 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````
  2. Malwarebytes log came out exactly as before, 0 infections anywhere, even after getting updated. Combofix: ComboFix 12-06-27.01 - Shaoni 27.06.2012 20:00:48.1.2 - x64 Microsoft Windows 7 Professional 6.1.7600.0.1252.47.1044.18.1791.819 [GMT 2:00] Kjører fra: c:\users\Shaoni\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\drivers\etc\hosts.txt . . ((((((((((((((((((((((((((( Filer Opprettet Fra 2012-05-27 til 2012-06-27 ))))))))))))))))))))))))))))))))) . . 2012-06-26 21:59 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{350F2ECF-F35C-42DF-BB11-DF58FD628ED1}\mpengine.dll 2012-06-23 20:07 . 2012-06-23 20:07 -------- d-----w- c:\users\Shaoni\AppData\Local\Macromedia 2012-06-22 14:39 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-22 14:39 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-22 14:39 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-22 14:39 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-22 14:38 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-22 14:38 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-22 14:38 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-22 14:38 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-22 14:38 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-20 01:35 . 2012-06-20 02:02 -------- d-----w- c:\users\Shaoni\AppData\Roaming\TS3Client 2012-06-17 14:03 . 2012-06-17 14:03 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll 2012-06-17 14:03 . 2012-06-17 14:03 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll 2012-06-16 19:10 . 2012-06-16 19:10 -------- d-----w- c:\users\Shaoni\AppData\Local\FlashDevelop 2012-06-16 18:48 . 2012-06-16 18:48 -------- d-----w- c:\program files (x86)\FlashDevelop 2012-06-16 01:21 . 2011-03-11 08:09 51024 ----a-w- c:\windows\system32\vcomp100.dll 2012-06-14 00:51 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-14 00:51 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-14 00:51 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-14 00:51 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll 2012-06-14 00:51 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-06-14 00:51 . 2012-05-04 10:08 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-06-14 00:51 . 2012-05-04 10:08 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-06-14 00:50 . 2012-05-15 01:32 3144192 ----a-w- c:\windows\system32\win32k.sys 2012-06-14 00:50 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-14 00:50 . 2012-04-07 12:18 3213824 ----a-w- c:\windows\system32\msi.dll 2012-06-14 00:50 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-06-14 00:50 . 2012-04-24 05:59 182272 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-14 00:50 . 2012-04-24 05:59 1460224 ----a-w- c:\windows\system32\crypt32.dll 2012-06-14 00:50 . 2012-04-24 05:59 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-14 00:50 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-06-14 00:50 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-06-14 00:50 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-06-13 01:14 . 2012-06-13 01:14 -------- d-----w- c:\program files\TeamSpeak 3 Client 2012-06-12 19:39 . 2012-06-12 19:44 -------- d-----w- c:\program files (x86)\Amnesia - The Dark Descent 2012-06-12 19:32 . 2012-06-12 19:32 -------- d-----w- c:\program files (x86)\Elaborate Bytes 2012-06-11 20:22 . 2012-06-11 20:22 -------- d-----w- c:\users\Shaoni\AppData\Local\SplitMediaLabs 2012-06-11 20:20 . 2012-06-11 20:20 -------- d-----w- c:\program files (x86)\SplitMediaLabs 2012-06-11 20:20 . 2012-06-11 20:20 -------- d-----w- c:\programdata\SplitMediaLabs 2012-06-11 20:18 . 2012-06-11 20:18 -------- d-----w- c:\users\Shaoni\AppData\Roaming\SplitMediaLabs 2012-06-11 17:06 . 2012-06-27 18:18 -------- d-----w- c:\users\Shaoni\AppData\Roaming\Skype 2012-06-11 17:05 . 2012-06-11 17:05 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-06-11 17:05 . 2012-06-11 17:05 -------- d-----r- c:\program files (x86)\Skype 2012-06-11 17:05 . 2012-06-11 17:06 -------- d-----w- c:\programdata\Skype 2012-06-10 21:33 . 2003-07-06 12:12 152576 ----a-w- c:\windows\system32\CNCS32.DLL 2012-06-10 20:51 . 2012-06-10 20:51 -------- d-----w- c:\program files (x86)\Game Maker 8 Pro Edition 2012-06-08 14:07 . 2012-06-08 14:08 -------- d-----w- c:\program files (x86)\Multimedia Fusion 2 2012-06-06 18:59 . 2012-06-06 18:59 -------- d-----w- c:\users\Shaoni\AppData\Roaming\SmartFTP 2012-06-06 18:55 . 2012-06-06 18:55 -------- d-----w- c:\program files\SmartFTP Client 2012-06-06 18:53 . 2012-06-06 18:53 -------- d-----w- c:\program files (x86)\SmartFTP Client 4.0 (x64) Setup Files 2012-05-29 11:44 . 2012-05-29 11:44 -------- d-----w- c:\users\Shaoni\AppData\Roaming\Toribash 2012-05-29 11:44 . 2012-05-29 11:44 -------- d-----w- C:\Games 2012-05-29 10:12 . 2012-06-27 18:17 -------- d-----w- c:\users\Shaoni\AppData\Local\TSVNCache . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-23 19:19 . 2012-05-14 18:35 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-23 19:19 . 2012-03-14 17:48 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-17 22:50 . 2012-05-17 22:50 71680 ----a-w- c:\windows\system32\frapsv64.dll 2012-05-17 22:50 . 2012-05-17 22:50 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll 2012-05-08 12:25 . 2012-05-08 12:25 235 ----a-w- c:\windows\SysWow64\nxEuUninstall.bat 2012-05-08 12:25 . 2012-05-08 12:25 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe 2012-04-24 05:21 . 2012-04-24 05:21 0 ----a-w- c:\windows\SysWow64\sho9356.tmp 2012-04-23 01:44 . 2012-04-23 01:44 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-04-23 01:44 . 2012-04-23 01:44 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-04-23 01:44 . 2012-04-23 01:44 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2012-04-23 01:44 . 2012-04-23 01:44 85504 ----a-w- c:\windows\system32\iesetup.dll 2012-04-23 01:44 . 2012-04-23 01:44 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2012-04-23 01:44 . 2012-04-23 01:44 76800 ----a-w- c:\windows\system32\tdc.ocx 2012-04-23 01:44 . 2012-04-23 01:44 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2012-04-23 01:44 . 2012-04-23 01:44 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2012-04-23 01:44 . 2012-04-23 01:44 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2012-04-23 01:44 . 2012-04-23 01:44 603648 ----a-w- c:\windows\system32\vbscript.dll 2012-04-23 01:44 . 2012-04-23 01:44 49664 ----a-w- c:\windows\system32\imgutil.dll 2012-04-23 01:44 . 2012-04-23 01:44 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2012-04-23 01:44 . 2012-04-23 01:44 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-04-23 01:44 . 2012-04-23 01:44 448512 ----a-w- c:\windows\system32\html.iec 2012-04-23 01:44 . 2012-04-23 01:44 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-04-23 01:44 . 2012-04-23 01:44 367104 ----a-w- c:\windows\SysWow64\html.iec 2012-04-23 01:44 . 2012-04-23 01:44 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2012-04-23 01:44 . 2012-04-23 01:44 30720 ----a-w- c:\windows\system32\licmgr10.dll 2012-04-23 01:44 . 2012-04-23 01:44 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-04-23 01:44 . 2012-04-23 01:44 222208 ----a-w- c:\windows\system32\msls31.dll 2012-04-23 01:44 . 2012-04-23 01:44 165888 ----a-w- c:\windows\system32\iexpress.exe 2012-04-23 01:44 . 2012-04-23 01:44 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-04-23 01:44 . 2012-04-23 01:44 160256 ----a-w- c:\windows\system32\wextract.exe 2012-04-23 01:44 . 2012-04-23 01:44 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2012-04-23 01:44 . 2012-04-23 01:44 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2012-04-23 01:44 . 2012-04-23 01:44 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-04-23 01:44 . 2012-04-23 01:44 12288 ----a-w- c:\windows\system32\mshta.exe 2012-04-23 01:44 . 2012-04-23 01:44 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2012-04-23 01:44 . 2012-04-23 01:44 114176 ----a-w- c:\windows\system32\admparse.dll 2012-04-23 01:44 . 2012-04-23 01:44 111616 ----a-w- c:\windows\system32\iesysprep.dll 2012-04-23 01:44 . 2012-04-23 01:44 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2012-04-23 01:44 . 2012-04-23 01:44 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2012-04-20 01:17 . 2012-04-20 01:17 0 ----a-w- c:\windows\SysWow64\shoD589.tmp 2012-04-12 16:12 . 2012-04-12 16:12 147248 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2012-04-12 16:12 . 2012-05-01 02:53 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2012-04-12 16:12 . 2012-05-01 02:52 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2012-04-04 16:33 . 2012-05-16 02:37 955800 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-04-04 16:33 . 2012-05-16 02:37 839056 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-04 13:56 . 2012-05-27 15:57 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-30 11:09 . 2012-05-11 21:49 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys . . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\Shaoni\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\Shaoni\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\Shaoni\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-03-15 742264] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-03-24 1242448] "WhatPulse"="c:\program files (x86)\WhatPulse\WhatPulse.exe" [2011-11-15 3990528] "KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2012-05-08 438272] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400] "HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2010-02-11 710656] "HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896] "BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992] "LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024] "File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-12-12 11265536] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "D-Link D-Link DWA-121"="c:\program files (x86)\D-Link\DWA-121 revA\AirNCFG.exe" [2010-09-26 1041728] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456] . c:\users\Shaoni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Shaoni\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2011-12-19 2362720] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP] 2009-12-07 18:36 75320 ----a-w- c:\windows\System32\DeviceNP.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ DPPassFilter scecli . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056] R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2009-10-21 40760] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-12-07 362040] R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304] R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120] R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 OxPPort;OxPPort;c:\windows\system32\DRIVERS\OxPPort.sys [2008-07-31 98304] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-23 1255736] S0 SafeBoot;SafeBoot; [x] S0 SbAlg;SbAlg; [x] S0 SbFsLock;SbFsLock; [x] S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys [2010-06-07 15872] S1 RsvLock;RsvLock; [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-11 203264] S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 D_Link_DWA-121_WPS;D_Link_DWA-121_WPS Service;c:\program files (x86)\D-Link\DWA-121 revA\ANIWConnService.exe [2010-07-11 53248] S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-01-12 36864] S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-02 281192] S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-12 297984] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-11 6790656] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-11 221184] S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-02-02 704512] S3 DRTL8192cu;D-Link DWA Wireless N USB Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [2010-08-19 748648] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-03 331880] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-10-19 39480] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-04-12 147248] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . --- Andre tjenester/drivere lastet i minnet --- . *NewlyCreated* - WS2IFSL . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) . 2012-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 19:19] . 2012-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4186856315-2171103671-2923768269-1003Core.job - c:\users\Shaoni\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-14 16:46] . 2012-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4186856315-2171103671-2923768269-1003UA.job - c:\users\Shaoni\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-14 16:46] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\Shaoni\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\Shaoni\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\Shaoni\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\Shaoni\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Tilleggsskanning ------- . uStart Page = hxxp://isearch.avg.com/?cid={4239988E-650D-4FD8-B60F-C9B0105CF733}&mid=1d99233e8e1447d0a802d94961e4913a-c4dd7f8ad735c313a7791894eb41bf978829701a〈=en&ds=is015&pr=sa&d=2012-05-07 08:28&v=11.0.0.9&sap=hp uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm Trusted Zone: //about.htm/ Trusted Zone: //Exclude.htm/ Trusted Zone: //FWEvent.htm/ Trusted Zone: //LanguageSelection.htm/ Trusted Zone: //Message.htm/ Trusted Zone: //MyAgttryCmd.htm/ Trusted Zone: //MyAgttryNag.htm/ Trusted Zone: //MyNotification.htm/ Trusted Zone: //NOCLessUpdate.htm/ Trusted Zone: //quarantine.htm/ Trusted Zone: //ScanNow.htm/ Trusted Zone: //strings.vbs/ Trusted Zone: //Template.htm/ Trusted Zone: //Update.htm/ Trusted Zone: //VirFound.htm/ Trusted Zone: mcafee.com\* Trusted Zone: mcafeeasap.com\betavscan Trusted Zone: mcafeeasap.com\vs Trusted Zone: mcafeeasap.com\www TCP: DhcpNameServer = 130.67.15.198 193.213.112.4 10.0.0.138 FF - ProfilePath - c:\users\Shaoni\AppData\Roaming\Mozilla\Firefox\Profiles\toq7b9ty.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com?cid=%7Bb47f3b72-cc88-4086-88bb-cbdcd9f117e0%7D&mid=1d99233e8e1447d0a802d94961e4913a-c4dd7f8ad735c313a7791894eb41bf978829701a&ds=is015&v=11.0.0.9〈=en&pr=sa&d=2012-05-07%2008%3A28%3A44 FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb47f3b72-cc88-4086-88bb-cbdcd9f117e0%7D&mid=1d99233e8e1447d0a802d94961e4913a-c4dd7f8ad735c313a7791894eb41bf978829701a&ds=is015&v=11.0.0.9〈=en&pr=sa&d=2012-05-07%2008%3A28%3A44&sap=ku&q= . - - - - TOMME PEKERE FJERNET - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) AddRemove-{319E272A-B5DB-4939-99D0-1F1F0C55699E} - c:\program files (x86)\InstallShield Installation Information\{319E272A-B5DB-4939-99D0-1F1F0C55699E}\setup.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LÅSTE REGISTERNøKLER --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe c:\nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe c:\users\Shaoni\Desktop\Isaac.exe . ************************************************************************** . Tidspunkt ferdig: 2012-06-27 20:41:22 - maskinen ble startet pÅ nytt ComboFix-quarantined-files.txt 2012-06-27 18:41 . Pre-Run: 170 700 963 840 byte ledig Post-Run: 171 911 704 576 byte ledig . - - End Of File - - B1EF1E0813A08236ED0C946B1D931EAB DDS: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29 Run by Shaoni at 20:46:44 on 2012-06-27 Microsoft Windows 7 Professional 6.1.7600.0.1252.47.1044.18.1791.469 [GMT 2:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files (x86)\D-Link\DWA-121 revA\ANIWConnService.exe c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files (x86)\PDF Complete\pdfsvc.exe C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\System32\alg.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\atieclxx.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\rundll32.exe c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files (x86)\uTorrent\uTorrent.exe C:\Program Files (x86)\WhatPulse\WhatPulse.exe C:\Users\Shaoni\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Trillian\trillian.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\D-Link\DWA-121 revA\AirNCFG.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://isearch.avg.com/?cid={4239988E-650D-4FD8-B60F-C9B0105CF733}&mid=1d99233e8e1447d0a802d94961e4913a-c4dd7f8ad735c313a7791894eb41bf978829701a〈=en&ds=is015&pr=sa&d=2012-05-07 08:28:44&v=11.0.0.9&sap=hp BHO: File Sanitizer for HP ProtectTools: {3134413b-49b4-425c-98a5-893c1f195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll BHO: HP ProtectTools Security Manager Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll BHO: PÅloggingshjelp for Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent uRun: [WhatPulse] C:\Program Files (x86)\WhatPulse\WhatPulse.exe uRun: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe mRun: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe mRun: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe mRun: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [D-Link D-Link DWA-121] C:\Program Files (x86)\D-Link\DWA-121 revA\AirNCFG.exe mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s StartupFolder: C:\Users\Shaoni\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Shaoni\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\Shaoni\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Trillian.lnk - C:\Program Files (x86)\Trillian\trillian.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) Trusted Zone: //about.htm/ Trusted Zone: //Exclude.htm/ Trusted Zone: //FWEvent.htm/ Trusted Zone: //LanguageSelection.htm/ Trusted Zone: //Message.htm/ Trusted Zone: //MyAgttryCmd.htm/ Trusted Zone: //MyAgttryNag.htm/ Trusted Zone: //MyNotification.htm/ Trusted Zone: //NOCLessUpdate.htm/ Trusted Zone: //quarantine.htm/ Trusted Zone: //ScanNow.htm/ Trusted Zone: //strings.vbs/ Trusted Zone: //Template.htm/ Trusted Zone: //Update.htm/ Trusted Zone: //VirFound.htm/ Trusted Zone: mcafee.com\* Trusted Zone: mcafeeasap.com\betavscan Trusted Zone: mcafeeasap.com\vs Trusted Zone: mcafeeasap.com\www DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: DhcpNameServer = 130.67.15.198 193.213.112.4 10.0.0.138 TCP: Interfaces\{1A75FCCB-6B32-4F75-861D-D8E531A08CAC} : DhcpNameServer = 193.213.112.4 130.67.15.198 10.0.0.138 TCP: Interfaces\{AD4CC578-F195-4D05-B5E9-6FDA4FFE253E} : DhcpNameServer = 130.67.15.198 193.213.112.4 10.0.0.138 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Notify: DeviceNP - DeviceNP.dll LSA: Notification Packages = DPPassFilter scecli {3134413B-49B4-425C-98A5-893C1F195601} {395610AE-C624-4f58-B89E-23733EA00F9A} {9030D464-4C02-4ABF-8ECC-5164760863C6} {d2ce3e00-f94a-4740-988e-03dc2f38c34f} {DBC80044-A445-435b-BC74-9C25C1C588A9} {8dcb7100-df86-4384-8842-8fa844297b3f} TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe mRun-x64: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe mRun-x64: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe mRun-x64: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [D-Link D-Link DWA-121] C:\Program Files (x86)\D-Link\DWA-121 revA\AirNCFG.exe mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Shaoni\AppData\Roaming\Mozilla\Firefox\Profiles\toq7b9ty.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com?cid=%7Bb47f3b72-cc88-4086-88bb-cbdcd9f117e0%7D&mid=1d99233e8e1447d0a802d94961e4913a-c4dd7f8ad735c313a7791894eb41bf978829701a&ds=is015&v=11.0.0.9〈=en&pr=sa&d=2012-05-07%2008%3A28%3A44 FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb47f3b72-cc88-4086-88bb-cbdcd9f117e0%7D&mid=1d99233e8e1447d0a802d94961e4913a-c4dd7f8ad735c313a7791894eb41bf978829701a&ds=is015&v=11.0.0.9〈=en&pr=sa&d=2012-05-07%2008%3A28%3A44&sap=ku&q= FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\BYOND\bin\npbyond.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npbyond.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Users\Shaoni\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll . ============= SERVICES / DRIVERS =============== . R0 SbAlg;SbAlg;C:\Windows\System32\drivers\SbAlg.sys [2010-2-2 51800] R0 SbFsLock;SbFsLock;C:\Windows\System32\drivers\SbFsLock.sys [2010-2-2 13256] R1 anodlwf;ANOD Network Security Filter driver;C:\Windows\system32\DRIVERS\anodlwfx.sys --> C:\Windows\system32\DRIVERS\anodlwfx.sys [?] R1 RsvLock;RsvLock;C:\Windows\System32\drivers\rsvlock.sys [2010-2-2 40088] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 D_Link_DWA-121_WPS;D_Link_DWA-121_WPS Service;C:\Program Files (x86)\D-Link\DWA-121 revA\ANIWConnService.exe [2012-4-12 53248] R2 HP ProtectTools Service;HP ProtectTools Service;C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-1-12 36864] R2 HpFkCryptService;Drive Encryption Service;C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-2-2 281192] R2 HPFSService;File Sanitizer for HP ProtectTools;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-12 297984] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-27 654408] R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-10-21 635416] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 DEBridge;DEBridge;C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-2-2 704512] R3 DRTL8192cu;D-Link DWA Wireless N USB Adapter;C:\Windows\system32\DRIVERS\RTL8192cu.sys --> C:\Windows\system32\DRIVERS\RTL8192cu.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-14 250056] S3 DAMDrv;DAMDrv;C:\Windows\system32\DRIVERS\DAMDrv64.sys --> C:\Windows\system32\DRIVERS\DAMDrv64.sys [?] S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\SysWOW64\flcdlock.exe [2009-12-7 362040] S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\system32\DRIVERS\mcvidrv_x64.sys --> C:\Windows\system32\DRIVERS\mcvidrv_x64.sys [?] S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\system32\drivers\mcaudrv_x64.sys --> C:\Windows\system32\drivers\mcaudrv_x64.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-14 113120] S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?] S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 OxPPort;OxPPort;C:\Windows\system32\DRIVERS\OxPPort.sys --> C:\Windows\system32\DRIVERS\OxPPort.sys [?] S3 StorSvc;Oppbevaringstjeneste;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-06-27 17:58:42 98816 ----a-w- C:\Windows\sed.exe 2012-06-27 17:58:42 518144 ----a-w- C:\Windows\SWREG.exe 2012-06-27 17:58:42 256000 ----a-w- C:\Windows\PEV.exe 2012-06-27 17:58:42 208896 ----a-w- C:\Windows\MBR.exe 2012-06-26 21:59:12 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{350F2ECF-F35C-42DF-BB11-DF58FD628ED1}\mpengine.dll 2012-06-23 20:07:52 -------- d-----w- C:\Users\Shaoni\AppData\Local\Macromedia 2012-06-22 14:39:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-22 14:38:59 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-22 14:38:10 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-22 14:38:10 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-20 01:35:35 -------- d-----w- C:\Users\Shaoni\AppData\Roaming\TS3Client 2012-06-17 14:03:29 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll 2012-06-17 14:03:29 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll 2012-06-16 19:10:35 -------- d-----w- C:\Users\Shaoni\AppData\Local\FlashDevelop.old 2012-06-16 19:10:35 -------- d-----w- C:\Users\Shaoni\AppData\Local\FlashDevelop 2012-06-16 18:48:28 -------- d-----w- C:\Program Files (x86)\FlashDevelop 2012-06-16 01:21:29 51024 ----a-w- C:\Windows\System32\vcomp100.dll 2012-06-14 00:51:33 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-06-14 00:51:33 76288 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-06-14 00:51:33 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-06-14 00:51:25 208896 ----a-w- C:\Windows\System32\profsvc.dll 2012-06-14 00:51:14 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-06-14 00:51:14 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-06-14 00:51:13 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-06-14 00:50:56 3144192 ----a-w- C:\Windows\System32\win32k.sys 2012-06-14 00:50:45 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-06-14 00:50:36 3213824 ----a-w- C:\Windows\System32\msi.dll 2012-06-14 00:50:36 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-06-14 00:50:26 182272 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-06-14 00:50:26 1460224 ----a-w- C:\Windows\System32\crypt32.dll 2012-06-14 00:50:26 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-06-14 00:50:26 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-06-14 00:50:25 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-06-14 00:50:25 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-06-13 01:14:14 -------- d-----w- C:\Program Files\TeamSpeak 3 Client 2012-06-12 19:39:51 -------- d-----w- C:\Program Files (x86)\Amnesia - The Dark Descent 2012-06-12 19:32:34 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes 2012-06-11 20:22:56 -------- d-----w- C:\Users\Shaoni\AppData\Local\SplitMediaLabs 2012-06-11 20:20:44 -------- d-----w- C:\Program Files (x86)\SplitMediaLabs 2012-06-11 20:20:42 -------- d-----w- C:\ProgramData\SplitMediaLabs 2012-06-11 20:18:48 -------- d-----w- C:\Users\Shaoni\AppData\Roaming\SplitMediaLabs 2012-06-11 17:05:44 -------- d-----r- C:\Program Files (x86)\Skype 2012-06-10 21:33:46 152576 ----a-w- C:\Windows\System32\CNCS32.DLL 2012-06-10 20:51:14 -------- d-----w- C:\Program Files (x86)\Game Maker 8 Pro Edition 2012-06-08 14:07:55 -------- d-----w- C:\Program Files (x86)\Multimedia Fusion 2 2012-06-06 18:55:46 -------- d-----w- C:\Program Files\SmartFTP Client 2012-06-06 18:53:59 -------- d-----w- C:\Program Files (x86)\SmartFTP Client 4.0 (x64) Setup Files 2012-05-29 11:44:28 -------- d-----w- C:\Users\Shaoni\AppData\Roaming\Toribash 2012-05-29 11:44:02 -------- d-----w- C:\Games 2012-05-29 10:12:17 -------- d-----w- C:\Users\Shaoni\AppData\Local\TSVNCache . ==================== Find3M ==================== . 2012-06-23 19:19:44 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-23 19:19:44 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-05-17 22:50:06 71680 ----a-w- C:\Windows\System32\frapsv64.dll 2012-05-17 22:50:04 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll 2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-05-08 12:25:59 235 ----a-w- C:\Windows\SysWow64\nxEuUninstall.bat 2012-05-08 12:25:57 446464 ----a-w- C:\Windows\NEXON_EU_DownloaderUpdater.exe 2012-04-24 05:21:57 0 ----a-w- C:\Windows\SysWow64\sho9356.tmp 2012-04-20 01:17:37 0 ----a-w- C:\Windows\SysWow64\shoD589.tmp 2012-04-12 16:12:56 147248 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys 2012-04-12 16:12:54 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys 2012-04-12 16:12:54 130864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys 2012-04-04 16:33:18 955800 ----a-w- C:\Windows\System32\npDeployJava1.dll 2012-04-04 16:33:14 839056 ----a-w- C:\Windows\System32\deployJava1.dll 2012-04-04 13:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-03-30 11:09:53 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys . ============= FINISH: 20:47:24,92 ===============
  3. 2 days ago my internet suddenly started acting weird - major sites like Google, Facebook and Youtube didn't work. I could connect to other sites, albeit slowly. Eventually contacted my ISP and got the problem solves, which evidently was a DNS mix up. Shortly after I decided to make an online purchase of World of Warcraft game time, and ran a quick scan with Malwarebytes just to ensure I didn't have any keyloggers or other malicious stuff. Apparently I had one infection, "BEF3.tmp", which I quarantined and removed - then I looked it up on several online virus directories, and found out this particular virus was often paired with "Zlob.DNS Changer". Whoops. The DNS Changer hadn't showed up in the quick scan, so I ran a full scan of my entire machine and there still weren't any more infections. I didn't think much of it, perhaps I was lucky and only had BEF3.tmp, but yeah, no. After playing some World of Warcraft I decided to take a break, and when I tried to start it up again, apparently my 3D Acceleration DirectX driver thingie was malfunctioning. It also automatically opened an ad in my browser, which I recognized as one which has troubled me for a long time (I never paid notice to it before now, but for several months I've had an obnoxious popup ad in the right lower corner on many websites, which I usually just close with the little black X button). A few of my links have also started redirecting me to the same ad, although it's somewhat rare. I'm certain I've got some adware on my PC, and perhaps more than that considering it's apparently made my DirectX fail. (Note, I bought the WoW game time on another PC I have on the same network to be absolutely sure it wouldn't be keylogged. Is there any possibility it has spread to other PCs on my network?) I don't know much about stuff like this, to be honest, but I've been extremely paranoid since this happened. Here's my DDS log, attached the zipped Attach.txt: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29 Run by Shaoni at 7:22:07 on 2012-06-27 Microsoft Windows 7 Professional 6.1.7600.0.1252.47.1044.18.1791.696 [GMT 2:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files (x86)\D-Link\DWA-121 revA\ANIWConnService.exe c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files (x86)\PDF Complete\pdfsvc.exe C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Windows\system32\atieclxx.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\System32\alg.exe C:\Windows\system32\taskhost.exe c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe C:\Windows\system32\taskeng.exe c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files (x86)\WhatPulse\WhatPulse.exe C:\Program Files (x86)\Trillian\trillian.exe C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\D-Link\DWA-121 revA\AirNCFG.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe C:\Program Files\Windows Media Player\wmpnetwk.exe c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe C:\Program Files (x86)\BYOND\bin\byond.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://isearch.avg.com/?cid={4239988E-650D-4FD8-B60F-C9B0105CF733}&mid=1d99233e8e1447d0a802d94961e4913a-c4dd7f8ad735c313a7791894eb41bf978829701a〈=en&ds=is015&pr=sa&d=2012-05-07 08:28:44&v=11.0.0.9&sap=hp mWinlogon: Userinit=userinit.exe, BHO: File Sanitizer for HP ProtectTools: {3134413b-49b4-425c-98a5-893c1f195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll BHO: HP ProtectTools Security Manager Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll BHO: Påloggingshjelp for Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent uRun: [WhatPulse] C:\Program Files (x86)\WhatPulse\WhatPulse.exe uRun: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe uRun: [Google Update] "C:\Users\Shaoni\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe mRun: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe mRun: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe mRun: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [D-Link D-Link DWA-121] C:\Program Files (x86)\D-Link\DWA-121 revA\AirNCFG.exe mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s StartupFolder: C:\Users\Shaoni\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Shaoni\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\Shaoni\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Trillian.lnk - C:\Program Files (x86)\Trillian\trillian.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) Trusted Zone: //about.htm/ Trusted Zone: //Exclude.htm/ Trusted Zone: //FWEvent.htm/ Trusted Zone: //LanguageSelection.htm/ Trusted Zone: //Message.htm/ Trusted Zone: //MyAgttryCmd.htm/ Trusted Zone: //MyAgttryNag.htm/ Trusted Zone: //MyNotification.htm/ Trusted Zone: //NOCLessUpdate.htm/ Trusted Zone: //quarantine.htm/ Trusted Zone: //ScanNow.htm/ Trusted Zone: //strings.vbs/ Trusted Zone: //Template.htm/ Trusted Zone: //Update.htm/ Trusted Zone: //VirFound.htm/ Trusted Zone: mcafee.com\* Trusted Zone: mcafeeasap.com\betavscan Trusted Zone: mcafeeasap.com\vs Trusted Zone: mcafeeasap.com\www DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: DhcpNameServer = 130.67.15.198 193.213.112.4 10.0.0.138 TCP: Interfaces\{1A75FCCB-6B32-4F75-861D-D8E531A08CAC} : DhcpNameServer = 193.213.112.4 130.67.15.198 10.0.0.138 TCP: Interfaces\{AD4CC578-F195-4D05-B5E9-6FDA4FFE253E} : DhcpNameServer = 130.67.15.198 193.213.112.4 10.0.0.138 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Notify: DeviceNP - DeviceNP.dll LSA: Notification Packages = DPPassFilter scecli {3134413B-49B4-425C-98A5-893C1F195601} {395610AE-C624-4f58-B89E-23733EA00F9A} {9030D464-4C02-4ABF-8ECC-5164760863C6} {d2ce3e00-f94a-4740-988e-03dc2f38c34f} {DBC80044-A445-435b-BC74-9C25C1C588A9} {8dcb7100-df86-4384-8842-8fa844297b3f} TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe mRun-x64: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe mRun-x64: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe mRun-x64: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [D-Link D-Link DWA-121] C:\Program Files (x86)\D-Link\DWA-121 revA\AirNCFG.exe mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s Hosts: 149.5.18.173 www.google-analytics.com. Hosts: 149.5.18.173 ad-emea.doubleclick.net. Hosts: 149.5.18.173 www.statcounter.com. Hosts: 108.163.215.51 www.google-analytics.com. Hosts: 108.163.215.51 ad-emea.doubleclick.net. . Note: multiple HOSTS entries found. Please refer to Attach.txt . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Shaoni\AppData\Roaming\Mozilla\Firefox\Profiles\toq7b9ty.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com?cid=%7Bb47f3b72-cc88-4086-88bb-cbdcd9f117e0%7D&mid=1d99233e8e1447d0a802d94961e4913a-c4dd7f8ad735c313a7791894eb41bf978829701a&ds=is015&v=11.0.0.9〈=en&pr=sa&d=2012-05-07%2008%3A28%3A44 FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb47f3b72-cc88-4086-88bb-cbdcd9f117e0%7D&mid=1d99233e8e1447d0a802d94961e4913a-c4dd7f8ad735c313a7791894eb41bf978829701a&ds=is015&v=11.0.0.9〈=en&pr=sa&d=2012-05-07%2008%3A28%3A44&sap=ku&q= FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\BYOND\bin\npbyond.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npbyond.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Users\Shaoni\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll . ============= SERVICES / DRIVERS =============== . R0 SbAlg;SbAlg;C:\Windows\System32\drivers\SbAlg.sys [2010-2-2 51800] R0 SbFsLock;SbFsLock;C:\Windows\System32\drivers\SbFsLock.sys [2010-2-2 13256] R1 anodlwf;ANOD Network Security Filter driver;C:\Windows\system32\DRIVERS\anodlwfx.sys --> C:\Windows\system32\DRIVERS\anodlwfx.sys [?] R1 RsvLock;RsvLock;C:\Windows\System32\drivers\rsvlock.sys [2010-2-2 40088] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 D_Link_DWA-121_WPS;D_Link_DWA-121_WPS Service;C:\Program Files (x86)\D-Link\DWA-121 revA\ANIWConnService.exe [2012-4-12 53248] R2 HP ProtectTools Service;HP ProtectTools Service;C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-1-12 36864] R2 HpFkCryptService;Drive Encryption Service;C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-2-2 281192] R2 HPFSService;File Sanitizer for HP ProtectTools;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-12 297984] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-27 654408] R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-10-21 635416] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 DEBridge;DEBridge;C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-2-2 704512] R3 DRTL8192cu;D-Link DWA Wireless N USB Adapter;C:\Windows\system32\DRIVERS\RTL8192cu.sys --> C:\Windows\system32\DRIVERS\RTL8192cu.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-14 250056] S3 DAMDrv;DAMDrv;C:\Windows\system32\DRIVERS\DAMDrv64.sys --> C:\Windows\system32\DRIVERS\DAMDrv64.sys [?] S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\SysWOW64\flcdlock.exe [2009-12-7 362040] S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\system32\DRIVERS\mcvidrv_x64.sys --> C:\Windows\system32\DRIVERS\mcvidrv_x64.sys [?] S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\system32\drivers\mcaudrv_x64.sys --> C:\Windows\system32\drivers\mcaudrv_x64.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-14 113120] S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?] S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 OxPPort;OxPPort;C:\Windows\system32\DRIVERS\OxPPort.sys --> C:\Windows\system32\DRIVERS\OxPPort.sys [?] S3 StorSvc;Oppbevaringstjeneste;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-06-26 21:59:12 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{350F2ECF-F35C-42DF-BB11-DF58FD628ED1}\mpengine.dll 2012-06-23 20:07:52 -------- d-----w- C:\Users\Shaoni\AppData\Local\Macromedia 2012-06-22 14:39:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-22 14:38:10 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-22 14:38:10 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-20 01:35:35 -------- d-----w- C:\Users\Shaoni\AppData\Roaming\TS3Client 2012-06-17 14:03:29 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll 2012-06-17 14:03:29 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll 2012-06-16 19:10:35 -------- d-----w- C:\Users\Shaoni\AppData\Local\FlashDevelop.old 2012-06-16 19:10:35 -------- d-----w- C:\Users\Shaoni\AppData\Local\FlashDevelop 2012-06-16 18:48:28 -------- d-----w- C:\Program Files (x86)\FlashDevelop 2012-06-16 01:21:29 51024 ----a-w- C:\Windows\System32\vcomp100.dll 2012-06-14 00:51:33 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-06-14 00:51:33 76288 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-06-14 00:51:33 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-06-14 00:51:25 208896 ----a-w- C:\Windows\System32\profsvc.dll 2012-06-14 00:51:14 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-06-14 00:51:14 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-06-14 00:51:13 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-06-14 00:50:56 3144192 ----a-w- C:\Windows\System32\win32k.sys 2012-06-14 00:50:45 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-06-14 00:50:36 3213824 ----a-w- C:\Windows\System32\msi.dll 2012-06-14 00:50:36 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-06-14 00:50:26 182272 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-06-14 00:50:26 1460224 ----a-w- C:\Windows\System32\crypt32.dll 2012-06-14 00:50:26 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-06-14 00:50:26 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-06-14 00:50:25 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-06-14 00:50:25 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-06-13 01:14:14 -------- d-----w- C:\Program Files\TeamSpeak 3 Client 2012-06-12 19:39:51 -------- d-----w- C:\Program Files (x86)\Amnesia - The Dark Descent 2012-06-12 19:32:34 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes 2012-06-11 20:22:56 -------- d-----w- C:\Users\Shaoni\AppData\Local\SplitMediaLabs 2012-06-11 20:20:44 -------- d-----w- C:\Program Files (x86)\SplitMediaLabs 2012-06-11 20:20:42 -------- d-----w- C:\ProgramData\SplitMediaLabs 2012-06-11 20:18:48 -------- d-----w- C:\Users\Shaoni\AppData\Roaming\SplitMediaLabs 2012-06-11 17:05:44 -------- d-----r- C:\Program Files (x86)\Skype 2012-06-10 21:33:46 152576 ----a-w- C:\Windows\System32\CNCS32.DLL 2012-06-10 20:51:14 -------- d-----w- C:\Program Files (x86)\Game Maker 8 Pro Edition 2012-06-08 14:07:55 -------- d-----w- C:\Program Files (x86)\Multimedia Fusion 2 2012-06-06 18:55:46 -------- d-----w- C:\Program Files\SmartFTP Client 2012-06-06 18:53:59 -------- d-----w- C:\Program Files (x86)\SmartFTP Client 4.0 (x64) Setup Files 2012-05-29 11:44:28 -------- d-----w- C:\Users\Shaoni\AppData\Roaming\Toribash 2012-05-29 11:44:02 -------- d-----w- C:\Games 2012-05-29 10:12:17 -------- d-----w- C:\Users\Shaoni\AppData\Local\TSVNCache 2012-05-28 14:21:15 -------- d-----w- C:\Users\Shaoni\AppData\Roaming\TortoiseSVN 2012-05-28 14:17:56 -------- d-----w- C:\Users\Shaoni\AppData\Roaming\Subversion 2012-05-28 14:17:20 -------- d-----w- C:\Program Files (x86)\Common Files\TortoiseOverlays 2012-05-28 14:17:18 -------- d-----w- C:\Program Files\Common Files\TortoiseOverlays 2012-05-28 14:17:17 -------- d-----w- C:\Program Files\TortoiseSVN . ==================== Find3M ==================== . 2012-06-23 19:19:44 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-23 19:19:44 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-05-17 22:50:06 71680 ----a-w- C:\Windows\System32\frapsv64.dll 2012-05-17 22:50:04 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll 2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-05-08 12:25:59 235 ----a-w- C:\Windows\SysWow64\nxEuUninstall.bat 2012-05-08 12:25:57 446464 ----a-w- C:\Windows\NEXON_EU_DownloaderUpdater.exe 2012-04-24 05:21:57 0 ----a-w- C:\Windows\SysWow64\sho9356.tmp 2012-04-20 01:17:37 0 ----a-w- C:\Windows\SysWow64\shoD589.tmp 2012-04-12 16:12:56 147248 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys 2012-04-12 16:12:54 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys 2012-04-12 16:12:54 130864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys 2012-04-04 16:33:18 955800 ----a-w- C:\Windows\System32\npDeployJava1.dll 2012-04-04 16:33:14 839056 ----a-w- C:\Windows\System32\deployJava1.dll 2012-04-04 13:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-03-30 11:09:53 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys . ============= FINISH: 7:22:52,36 =============== Attach.rar
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.