L00N3R

Malware Hunters
  • Content count

    912
  • Joined

  • Last visited

About L00N3R

  • Rank
    Elite Member

Contact Methods

  • ICQ
    0
  1. Just adding in - it also happens when you right click a grammatical error and select "Manage language"
  2. Yes, finally a user interface that looks modern, professional and clean! I feel it really shows how you are listening to your community. I like the flat Windows 8 look - I don't like Win 8 itself but its design is whats modern now. I don't get all the fuzz about the smiley face. It doesn't look too silly to me, Avast previously used a smiley in their UI I remember. Also, it kind of fits with the Malwarebytes home page, with mascots including a smiling figure and a terminator robot. To me, Malwarebytes finally has that "professional" feel again
  3. False positive https://www.virustotal.com/en-gb/file/8caa3beb8d255171317185cea1fad3b4ac2aaf1203476e5cd75574b38f34a894/analysis/1376052918/ MD5Checksum.7z
  4. 109.163.230.69 / wtso.net is blocked by MBAM. Is this a false positive? It's clean by Virustotal.
  5. Any update on this?
  6. Could you make an exception for this website? Thanks
  7. No, it's the uninstaller for Dropbox folder sync http://satyadeepk.in/dropbox-folder-sync/
  8. False positive uninstall.7z
  9. Everything is running fine now. Thanks for the help
  10. Eset log (Very short though, but it was the right location): ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK Security check: Results of screen317's Security Check version 0.99.7 Windows 7 (UAC is enabled) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: ESET Online Scanner v3 WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 29 Out of date Java installed! Adobe Reader X (10.1.1) - Norsk ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSMpEng.exe Microsoft Security Essentials msseces.exe Microsoft Security Client Antimalware MsMpEng.exe Microsoft Security Client Antimalware NisSrv.exe ``````````End of Log````````````
  11. ComboFix 11-10-17.02 - USERNAME 18.10.2011 9:01.2.2 - x64 Microsoft Windows 7 Enterprise 6.1.7601.1.1252.47.1044.18.1982.969 [GMT 2:00] Kjører fra: d:\USERNAME\Desktop\ComboFix.exe AV: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((( Filer Opprettet Fra 2011-09-18 til 2011-10-18 ))))))))))))))))))))))))))))))))) . . 2011-10-18 07:06 . 2011-10-18 07:06 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-10-18 06:56 . 2011-10-18 06:56 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2B29AA69-EA6A-4636-BC18-AF7C9D49411D}\offreg.dll 2011-10-18 06:56 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2B29AA69-EA6A-4636-BC18-AF7C9D49411D}\mpengine.dll 2011-10-14 12:03 . 2011-10-14 12:03 -------- d-----w- c:\users\USERNAME\AppData\Roaming\LolClient 2011-10-13 13:19 . 2011-10-13 13:18 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8037D578-0C93-4413-83F2-22330A210D39}\gapaengine.dll 2011-10-13 13:02 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys 2011-10-13 13:01 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll 2011-10-13 13:01 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax 2011-10-13 13:01 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll 2011-10-13 13:01 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax 2011-10-13 13:00 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll 2011-10-13 13:00 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-13 13:00 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll 2011-10-13 13:00 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-10-13 08:45 . 2011-10-13 08:45 -------- d-----w- c:\program files (x86)\iFinger 2011-10-11 20:23 . 2008-07-31 08:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll 2011-10-11 20:23 . 2008-07-31 08:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll 2011-10-11 20:23 . 2008-07-12 06:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll 2011-10-11 20:23 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll 2011-10-11 20:23 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll 2011-10-11 20:19 . 2011-10-11 20:19 -------- d-----w- C:\Riot Games 2011-10-11 08:07 . 2011-10-18 07:06 -------- d-----w- c:\users\USERNAME\AppData\Local\PMB Files 2011-10-11 08:07 . 2011-10-14 11:55 -------- d-----w- c:\programdata\PMB Files 2011-10-11 08:07 . 2011-10-11 08:07 -------- d-----w- c:\program files (x86)\Pando Networks 2011-10-08 18:51 . 2011-10-08 18:51 -------- d-----w- c:\program files (x86)\SystemRequirementsLab 2011-10-08 18:51 . 2011-10-08 18:51 -------- d-----w- c:\users\USERNAME\SystemRequirementsLab 2011-10-08 15:45 . 2011-10-08 15:45 -------- d-----w- c:\program files\CCleaner 2011-10-07 17:16 . 2011-10-07 17:16 -------- d-----w- c:\users\USERNAME\AppData\Roaming\GameRanger 2011-10-07 16:44 . 2011-10-07 16:44 -------- d-----w- c:\program files (x86)\Elaborate Bytes 2011-10-01 19:49 . 2011-10-17 15:39 -------- d-----w- c:\users\USERNAME\AppData\Local\Spotify 2011-10-01 19:49 . 2011-10-17 15:43 -------- d-----w- c:\users\USERNAME\AppData\Roaming\Spotify 2011-09-30 08:43 . 2011-09-30 08:43 -------- d-----w- c:\users\USERNAME\AppData\Local\Apple Computer 2011-09-30 08:43 . 2011-09-30 08:43 -------- d-----w- c:\users\USERNAME\AppData\Roaming\Apple Computer 2011-09-30 08:42 . 2011-09-30 08:42 -------- d-----w- c:\program files (x86)\Safari 2011-09-30 08:42 . 2011-09-30 08:42 -------- d-----w- c:\programdata\Apple Computer 2011-09-30 08:41 . 2011-09-30 08:41 -------- d-----w- c:\program files (x86)\Common Files\Apple 2011-09-30 08:41 . 2011-09-30 08:41 -------- d-----w- c:\users\USERNAME\AppData\Local\Apple 2011-09-30 08:41 . 2011-09-30 08:41 -------- d-----w- c:\program files (x86)\Apple Software Update 2011-09-30 08:41 . 2011-09-30 08:41 -------- d-----w- c:\programdata\Apple 2011-09-28 09:50 . 2011-09-28 10:21 -------- d-----w- c:\users\USERNAME\AppData\Roaming\.purple 2011-09-28 09:50 . 2011-09-28 09:50 -------- d-----w- c:\program files (x86)\Pidgin 2011-09-28 09:47 . 2011-09-28 09:48 -------- d-----w- c:\program files (x86)\Windows Live 2011-09-28 09:45 . 2011-09-28 09:45 -------- d-----w- c:\users\USERNAME\AppData\Local\Windows Live 2011-09-28 09:45 . 2011-09-28 09:45 -------- d-----w- c:\program files (x86)\Common Files\Windows Live 2011-09-28 07:05 . 2011-09-30 16:13 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll 2011-09-25 14:27 . 2011-09-25 14:27 -------- d-----w- c:\programdata\Hewlett-Packard 2011-09-25 14:27 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll 2011-09-25 10:55 . 2011-09-25 10:55 -------- d-----w- c:\program files (x86)\NoVirusThanks 2011-09-21 10:59 . 2011-10-07 12:20 -------- d-----w- c:\program files (x86)\Google 2011-09-21 10:14 . 2011-09-21 10:15 -------- d-----w- c:\users\USERNAME\AppData\Roaming\Mount&Blade Warband 2011-09-21 10:08 . 2011-09-21 10:08 -------- d-----w- c:\program files (x86)\VirusTotalUploader2 2011-09-21 09:58 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll 2011-09-21 09:58 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll 2011-09-21 09:56 . 2011-09-21 10:01 -------- d-----w- c:\program files (x86)\Mount&Blade Warband 2011-09-19 06:59 . 2010-02-25 15:51 29696 ----a-w- c:\windows\system32\drivers\tap0901.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-13 08:12 . 2011-06-24 09:33 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-09-28 09:46 . 2011-03-28 16:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-09-17 10:21 . 2011-09-03 20:42 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2011-09-14 13:58 . 2011-08-23 10:46 274616 ----a-w- c:\windows\system32\drivers\keyscrambler.sys 2011-09-13 00:26 . 2011-06-28 13:12 9049936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-09-03 20:42 . 2011-09-03 20:42 53248 ----a-r- c:\users\USERNAME\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2011-08-25 10:17 . 2011-08-25 10:17 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2011-08-25 10:17 . 2011-08-25 10:17 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2011-08-25 10:17 . 2011-08-25 10:17 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2011-08-25 10:17 . 2011-08-25 10:17 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2011-08-25 10:17 . 2011-08-25 10:17 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2011-08-25 10:17 . 2011-08-25 10:17 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2011-08-25 10:17 . 2011-08-25 10:17 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2011-08-25 10:17 . 2011-08-25 10:17 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2011-08-25 10:17 . 2011-08-25 10:17 367104 ----a-w- c:\windows\SysWow64\html.iec 2011-08-25 10:17 . 2011-08-25 10:17 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2011-08-25 10:17 . 2011-08-25 10:17 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2011-08-25 10:17 . 2011-08-25 10:17 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-08-25 10:17 . 2011-08-25 10:17 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2011-08-25 10:17 . 2011-08-25 10:17 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2011-08-25 10:17 . 2011-08-25 10:17 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2011-08-25 10:17 . 2011-08-25 10:17 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2011-08-25 10:17 . 2011-08-25 10:17 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2011-08-25 10:17 . 2011-08-25 10:17 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2011-08-25 10:17 . 2011-08-25 10:17 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-08-25 10:17 . 2011-08-25 10:17 222208 ----a-w- c:\windows\system32\msls31.dll 2011-08-25 10:17 . 2011-08-25 10:17 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2011-08-25 10:17 . 2011-08-25 10:17 12288 ----a-w- c:\windows\system32\mshta.exe 2011-08-25 10:17 . 2011-08-25 10:17 114176 ----a-w- c:\windows\system32\admparse.dll 2011-08-25 10:17 . 2011-08-25 10:17 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-08-25 10:17 . 2011-08-25 10:17 49664 ----a-w- c:\windows\system32\imgutil.dll 2011-08-25 10:17 . 2011-08-25 10:17 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-08-25 10:17 . 2011-08-25 10:17 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-08-25 10:17 . 2011-08-25 10:17 111616 ----a-w- c:\windows\system32\iesysprep.dll 2011-08-25 10:17 . 2011-08-25 10:17 85504 ----a-w- c:\windows\system32\iesetup.dll 2011-08-25 10:17 . 2011-08-25 10:17 76800 ----a-w- c:\windows\system32\tdc.ocx 2011-08-25 10:17 . 2011-08-25 10:17 448512 ----a-w- c:\windows\system32\html.iec 2011-08-25 10:17 . 2011-08-25 10:17 30720 ----a-w- c:\windows\system32\licmgr10.dll 2011-08-25 10:17 . 2011-08-25 10:17 1492992 ----a-w- c:\windows\system32\inetcpl.cpl 2011-08-25 10:17 . 2011-08-25 10:17 603648 ----a-w- c:\windows\system32\vbscript.dll 2011-08-25 10:17 . 2011-08-25 10:17 165888 ----a-w- c:\windows\system32\iexpress.exe 2011-08-25 10:17 . 2011-08-25 10:17 160256 ----a-w- c:\windows\system32\wextract.exe 2011-08-15 12:32 . 2011-09-14 10:04 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2011-08-15 12:32 . 2011-09-14 10:04 128816 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2011-08-15 12:32 . 2011-08-15 12:32 165680 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys 2011-08-15 12:32 . 2011-08-15 12:32 146736 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2011-08-15 12:32 . 2011-08-15 12:32 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll 2011-07-26 17:49 . 2011-07-26 17:49 37888 ----a-w- c:\windows\system32\drivers\taphss.sys . . ((((((((((((((((((((((((((((( SnapShot@2011-10-09_12.49.24 ))))))))))))))))))))))))))))))))))))))))) . - 2011-08-25 10:17 . 2011-08-25 10:17 72704 c:\windows\SysWOW64\mshtmled.dll + 2011-10-14 13:01 . 2011-09-01 02:23 72704 c:\windows\SysWOW64\mshtmled.dll - 2011-08-25 10:17 . 2011-08-25 10:17 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll + 2011-10-14 13:01 . 2011-09-01 02:26 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll + 2011-10-14 13:01 . 2011-09-01 02:26 65024 c:\windows\SysWOW64\jsproxy.dll - 2011-08-25 10:17 . 2011-08-25 10:17 65024 c:\windows\SysWOW64\jsproxy.dll + 2011-06-23 17:10 . 2011-10-15 13:08 30546 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-10-18 06:44 37000 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2009-07-14 09:17 . 2011-10-09 08:29 75124 c:\windows\system32\perfc014.dat + 2009-07-14 09:17 . 2011-10-18 06:46 75124 c:\windows\system32\perfc014.dat + 2011-10-14 13:01 . 2011-09-01 05:12 96256 c:\windows\system32\mshtmled.dll - 2011-08-25 10:17 . 2011-08-25 10:17 96256 c:\windows\system32\mshtmled.dll + 2011-10-14 13:01 . 2011-09-01 05:15 86528 c:\windows\system32\migration\WininetPlugin.dll - 2011-08-25 10:17 . 2011-08-25 10:17 86528 c:\windows\system32\migration\WininetPlugin.dll - 2011-08-25 10:17 . 2011-08-25 10:17 85504 c:\windows\system32\jsproxy.dll + 2011-10-14 13:01 . 2011-09-01 05:15 85504 c:\windows\system32\jsproxy.dll - 2011-07-21 14:01 . 2011-10-08 15:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-07-21 14:01 . 2011-10-16 13:41 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-07-21 14:01 . 2011-10-16 13:41 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-07-21 14:01 . 2011-10-08 15:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-10-08 15:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-10-16 13:41 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:46 . 2011-10-18 06:49 88816 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2011-07-21 10:43 . 2011-07-21 10:43 27648 c:\windows\Installer\1367eb9.msp - 2011-06-23 16:57 . 2011-09-26 18:21 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe + 2011-06-23 16:57 . 2011-10-13 13:02 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe - 2011-06-23 16:57 . 2011-09-26 18:21 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe + 2011-06-23 16:57 . 2011-10-13 13:02 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe - 2011-06-23 16:57 . 2011-09-26 18:21 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe + 2011-06-23 16:57 . 2011-10-13 13:02 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe + 2011-10-13 08:45 . 2011-10-13 08:45 19790 c:\windows\Installer\{87A7E808-D6BE-40E6-97FD-AAAC0F39A886}\iFinger.exe + 2011-08-23 10:44 . 2011-10-18 06:44 6684 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-573178753-3869741976-1425505419-177982_UserData.bin + 2011-10-18 06:41 . 2011-10-18 06:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-10-09 08:24 . 2011-10-09 08:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-10-18 06:41 . 2011-10-18 06:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-10-09 08:24 . 2011-10-09 08:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-08-25 10:17 . 2011-08-25 10:17 231936 c:\windows\SysWOW64\url.dll + 2011-10-14 13:01 . 2011-09-01 02:27 231936 c:\windows\SysWOW64\url.dll + 2011-10-13 08:12 . 2011-10-13 08:12 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_Plugin.exe + 2011-10-13 08:12 . 2011-10-13 08:12 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe + 2011-10-13 08:12 . 2011-10-13 08:12 335520 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.dll - 2011-08-25 10:17 . 2011-08-25 10:17 716800 c:\windows\SysWOW64\jscript.dll + 2011-10-14 13:01 . 2011-09-01 02:24 716800 c:\windows\SysWOW64\jscript.dll - 2009-07-13 23:26 . 2009-07-14 01:15 361472 c:\windows\SysWOW64\IME\IMEJP10\IMJPAPI.DLL + 2011-10-10 13:02 . 2011-07-27 04:27 361472 c:\windows\SysWOW64\IME\IMEJP10\IMJPAPI.DLL - 2011-08-25 10:17 . 2011-08-25 10:17 176640 c:\windows\SysWOW64\ieui.dll + 2011-10-14 13:01 . 2011-09-01 02:21 176640 c:\windows\SysWOW64\ieui.dll + 2011-06-27 07:55 . 2011-10-12 17:34 315668 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin + 2011-06-23 23:28 . 2011-10-17 15:28 254866 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2011-08-25 10:17 . 2011-08-25 10:17 237056 c:\windows\system32\url.dll + 2011-10-14 13:01 . 2011-09-01 05:16 237056 c:\windows\system32\url.dll + 2009-07-14 09:17 . 2011-10-18 06:46 450310 c:\windows\system32\perfh014.dat - 2009-07-14 09:17 . 2011-10-09 08:29 450310 c:\windows\system32\perfh014.dat + 2009-07-14 02:36 . 2011-10-18 06:46 609290 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2011-10-09 08:29 609290 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2011-10-18 06:46 104568 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2011-10-09 08:29 104568 c:\windows\system32\perfc009.dat - 2011-08-25 10:17 . 2011-08-25 10:17 818176 c:\windows\system32\jscript.dll + 2011-10-14 13:01 . 2011-09-01 05:14 818176 c:\windows\system32\jscript.dll + 2011-10-10 13:02 . 2011-07-27 05:33 546304 c:\windows\system32\IME\IMEJP10\IMJPAPI.DLL - 2009-07-13 23:40 . 2009-07-14 01:41 546304 c:\windows\system32\IME\IMEJP10\IMJPAPI.DLL - 2011-08-25 10:17 . 2011-08-25 10:17 248320 c:\windows\system32\ieui.dll + 2011-10-14 13:01 . 2011-09-01 05:08 248320 c:\windows\system32\ieui.dll + 2009-07-14 04:45 . 2011-10-13 14:47 376024 c:\windows\system32\FNTCACHE.DAT + 2009-07-14 05:01 . 2011-10-17 17:13 385756 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2011-10-08 22:44 385756 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-08-21 21:19 . 2011-08-21 21:19 133120 c:\windows\Installer\96e82c.msp + 2011-06-19 21:33 . 2011-06-19 21:33 407552 c:\windows\Installer\1367eb1.msp + 2011-10-14 12:08 . 2011-10-14 12:08 371272 c:\windows\Installer\{AA59DDE4-B672-4621-A016-4C248204957A}\SkypeIcon.exe - 2011-10-07 12:01 . 2011-10-07 12:01 371272 c:\windows\Installer\{AA59DDE4-B672-4621-A016-4C248204957A}\SkypeIcon.exe + 2011-06-23 16:57 . 2011-10-13 13:02 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe - 2011-06-23 16:57 . 2011-09-26 18:21 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe + 2011-06-23 16:57 . 2011-10-13 13:02 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe - 2011-06-23 16:57 . 2011-09-26 18:21 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe - 2011-06-23 16:57 . 2011-09-26 18:21 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe + 2011-06-23 16:57 . 2011-10-13 13:02 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe + 2011-06-23 16:57 . 2011-10-13 13:02 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe - 2011-06-23 16:57 . 2011-09-26 18:21 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe + 2011-06-23 16:57 . 2011-10-13 13:02 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe - 2011-06-23 16:57 . 2011-09-26 18:21 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe - 2011-06-23 16:57 . 2011-09-26 18:21 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe + 2011-06-23 16:57 . 2011-10-13 13:02 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe + 2011-10-13 13:01 . 2011-08-17 05:28 315392 c:\windows\ehome\Microsoft.MediaCenter.Interop.dll - 2011-06-27 09:34 . 2010-11-20 13:44 315392 c:\windows\ehome\Microsoft.MediaCenter.Interop.dll + 2011-10-13 14:47 . 2011-10-13 14:47 522240 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\3563d3f83c115eae9c5387cc7b0d1b7d\Microsoft.MediaCenter.Interop.ni.dll + 2011-10-13 13:01 . 2011-08-17 05:28 315392 c:\windows\assembly\GAC_64\Microsoft.MediaCenter.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Interop.dll - 2011-06-27 09:34 . 2010-11-20 13:44 315392 c:\windows\assembly\GAC_64\Microsoft.MediaCenter.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Interop.dll + 2011-10-14 13:01 . 2011-09-01 02:28 1126912 c:\windows\SysWOW64\wininet.dll - 2011-08-25 10:17 . 2011-08-25 10:17 1126912 c:\windows\SysWOW64\wininet.dll + 2011-10-14 13:01 . 2011-09-01 02:28 1102848 c:\windows\SysWOW64\urlmon.dll - 2011-08-25 10:17 . 2011-08-25 10:17 1102848 c:\windows\SysWOW64\urlmon.dll + 2011-06-24 09:33 . 2011-10-13 08:12 8522400 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll + 2011-10-14 13:01 . 2011-09-01 02:35 1798144 c:\windows\SysWOW64\jscript9.dll + 2011-10-14 13:01 . 2011-09-01 02:23 1791488 c:\windows\SysWOW64\iertutil.dll - 2011-08-25 10:17 . 2011-08-25 10:17 1791488 c:\windows\SysWOW64\iertutil.dll + 2011-10-14 13:01 . 2011-09-01 02:33 9704960 c:\windows\SysWOW64\ieframe.dll - 2011-08-25 10:17 . 2011-08-25 10:17 1389056 c:\windows\system32\wininet.dll + 2011-10-14 13:01 . 2011-09-01 05:17 1389056 c:\windows\system32\wininet.dll - 2011-08-25 10:17 . 2011-08-25 10:17 1344512 c:\windows\system32\urlmon.dll + 2011-10-14 13:01 . 2011-09-01 05:18 1344512 c:\windows\system32\urlmon.dll + 2011-10-14 13:01 . 2011-09-01 05:24 2309120 c:\windows\system32\jscript9.dll + 2011-10-14 13:01 . 2011-09-01 05:12 2143744 c:\windows\system32\iertutil.dll + 2009-07-14 04:45 . 2011-10-15 12:56 6834469 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat - 2009-07-14 04:45 . 2011-10-07 15:35 6834469 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2011-08-25 13:59 . 2011-10-17 09:16 5958756 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-573178753-3869741976-1425505419-177982-4096.dat + 2011-07-21 10:34 . 2011-07-21 10:34 3456000 c:\windows\Installer\96e860.msp + 2011-07-21 10:45 . 2011-07-21 10:45 3809792 c:\windows\Installer\96e846.msp + 2011-08-21 21:18 . 2011-08-21 21:18 1585152 c:\windows\Installer\96e825.msp + 2011-07-21 10:51 . 2011-07-21 10:51 9623040 c:\windows\Installer\1367e7b.msp + 2011-07-21 10:41 . 2011-07-21 10:41 8413696 c:\windows\Installer\1367e61.msp + 2011-06-23 16:57 . 2011-10-13 13:02 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe - 2011-06-23 16:57 . 2011-09-26 18:21 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe + 2011-06-23 16:57 . 2011-10-13 13:02 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe - 2011-06-23 16:57 . 2011-09-26 18:21 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe + 2011-06-23 16:57 . 2011-10-13 13:02 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe - 2011-06-23 16:57 . 2011-09-26 18:21 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe - 2011-06-23 16:57 . 2011-09-26 18:21 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\Icon.9D6CC272.FB07.4CCF.BA62.C793BD18F37A.exe + 2011-06-23 16:57 . 2011-10-13 13:02 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\Icon.9D6CC272.FB07.4CCF.BA62.C793BD18F37A.exe - 2011-06-23 16:57 . 2011-09-26 18:21 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\Icon.58599A6F.C47E.4F6A.9B74.130813500B46.exe + 2011-06-23 16:57 . 2011-10-13 13:02 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\Icon.58599A6F.C47E.4F6A.9B74.130813500B46.exe - 2011-06-23 16:57 . 2011-09-26 18:21 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\Icon.0ABA67DE.B9F7.4720.83BA.38B0FED98479.exe + 2011-06-23 16:57 . 2011-10-13 13:02 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\Icon.0ABA67DE.B9F7.4720.83BA.38B0FED98479.exe - 2011-06-23 16:57 . 2011-09-26 18:21 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe + 2011-06-23 16:57 . 2011-10-13 13:02 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe + 2011-10-15 14:30 . 2011-10-15 14:30 1142784 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\006437adec3104e688788eea08c535fd\Microsoft.MediaCenter.Shell.ni.dll + 2011-10-14 13:01 . 2011-09-01 02:36 12275200 c:\windows\SysWOW64\mshtml.dll + 2009-07-14 02:34 . 2011-10-15 12:53 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT - 2009-07-14 02:34 . 2011-08-30 14:38 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2011-10-14 13:01 . 2011-09-01 05:34 17781760 c:\windows\system32\mshtml.dll + 2011-06-24 09:13 . 2011-10-10 13:02 49062856 c:\windows\system32\MRT.exe - 2011-08-25 10:17 . 2011-08-25 10:17 10886144 c:\windows\system32\ieframe.dll + 2011-10-14 13:00 . 2011-09-01 05:24 10886144 c:\windows\system32\ieframe.dll + 2011-08-23 10:22 . 2011-10-17 09:16 33435484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-573178753-3869741976-1425505419-177982-8192.dat + 2011-10-14 12:07 . 2011-10-14 12:07 18452480 c:\windows\Installer\494f48b.msi + 2011-07-21 10:36 . 2011-07-21 10:36 66808320 c:\windows\Installer\1367e97.msp + 2010-03-12 22:05 . 2010-03-12 22:05 11121528 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OARTCONV.DLL + 2010-03-13 13:08 . 2010-03-13 13:08 20516712 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OART.DLL + 2011-10-15 14:31 . 2011-10-15 14:31 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\5e125ecb8c921809c2d3ba09e5c77c9e\ehshell.ni.dll + 2011-10-13 08:44 . 2011-10-13 08:44 123099648 c:\windows\Installer\463d45.msi . -- Snapshot resatt til dagens dato -- . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "F.lux"="c:\users\USERNAME\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656] "Steam"="c:\program files (x86)\Steam\steam.exe" [2011-09-08 1242448] "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-10-11 3077528] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-05-13 318520] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "DefaultLogonDomain"= Akershus-FK . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-573178753-3869741976-1425505419-177982\Scripts\Logon\0\0] "Script"=\\akershus-fk.no\NETLOGON\Undervisning\LOGON00-Rettigheter bærbare til elever IV.bat . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 gupdate;Google-oppdatering-tjenesten (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 136176] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x] R3 gupdatem;Google-oppdatering-tjenesten (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 136176] R3 IntcDAud;Intel® Skjermlyd;c:\windows\system32\DRIVERS\IntcDAud.sys [x] R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;c:\windows\system32\DRIVERS\Rtenic64.sys [x] R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2011-05-13 317496] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x] S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x] . . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) . 2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 10:59] . 2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 10:59] . 2011-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-573178753-3869741976-1425505419-177982Core.job - c:\users\USERNAME\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-30 10:25] . 2011-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-573178753-3869741976-1425505419-177982UA.job - c:\users\USERNAME\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-30 10:25] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152] . ------- Tilleggsskanning ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://portalen.akershus-fk.no mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: E&ksporter til Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd til OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 148.83.249.50 148.83.249.51 DPF: DirectEdit - hxxps://support.itslearning.com/browsertest/components/DirectEdit.CAB FF - ProfilePath - c:\users\USERNAME\AppData\Roaming\Mozilla\Firefox\Profiles\psm2bo5w.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.itslearning.com/index.aspx?CustomerId=124&Username=sigsve FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?q= . - - - - TOMME PEKERE FJERNET - - - - . Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe . . . --------------------- LÅSTE REGISTERNØKLER --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Tidspunkt ferdig: 2011-10-18 09:09:00 ComboFix-quarantined-files.txt 2011-10-18 07:09 ComboFix2.txt 2011-10-09 12:51 . Pre-Run: 9 049 726 976 byte ledig Post-Run: 8 876 912 640 byte ledig . - - End Of File - - 2F7359DD68A1CA280B3AA89F0A4FC05A . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by USERNAME at 9:09:58 on 2011-10-18 Microsoft Windows 7 Enterprise 6.1.7601.1.1252.47.1044.18.1982.794 [GMT 2:00] . AV: Microsoft Forefront Endpoint Protection 2010 *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Forefront Endpoint Protection 2010 *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Hpservice.exe C:\Program Files\Sandboxie\SbieSvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\WizMouse\WizMouse.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\notepad.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://portalen.akershus-fk.no uInternet Settings,ProxyOverride = <local> BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll BHO: Påloggingshjelp for Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [F.lux] "C:\Users\USERNAME\Local Settings\Apps\F.lux\flux.exe" /noshow uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: DefaultLogonDomain = Akershus-FK IE: E&ksporter til Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd til OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: DirectEdit - hxxps://support.itslearning.com/browsertest/components/DirectEdit.CAB DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 148.83.249.50 148.83.249.51 TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73} : DhcpNameServer = 148.83.249.50 148.83.249.51 TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73}\14B6562737865737D264B402759664960274A6563747 : DhcpNameServer = 148.83.249.50 148.83.249.51 TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73}\35C65647E65627E6564747 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73}\84A656D6D656 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73}\D4E294E255E2C4 : DhcpNameServer = 192.168.0.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL {18DF081C-E8AD-4283-A596-FA578C2EBDC3} {2B9F5787-88A5-4945-90E7-C4B18563BC5E} {9030D464-4C02-4ABF-8ECC-5164760863C6} {B4F3A835-0E21-4959-BA22-42B3008E02FF} {DBC80044-A445-435b-BC74-9C25C1C588A9} mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\USERNAME\AppData\Roaming\Mozilla\Firefox\Profiles\psm2bo5w.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.itslearning.com/index.aspx?CustomerId=124&Username=sigsve FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?q= . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952] R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264] R2 hpHotkeyMonitor;hpHotkeyMonitor;C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2011-5-13 317496] R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?] R3 KeyScrambler;KeyScrambler;C:\Windows\system32\drivers\keyscrambler.sys --> C:\Windows\system32\drivers\keyscrambler.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?] R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-8-27 156288] S2 gupdate;Google-oppdatering-tjenesten (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-21 136176] S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?] S3 gupdatem;Google-oppdatering-tjenesten (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-21 136176] S3 IntcDAud;Intel® Skjermlyd;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\drivers\nusb3hub.sys --> C:\Windows\system32\drivers\nusb3hub.sys [?] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\drivers\nusb3xhc.sys --> C:\Windows\system32\drivers\nusb3xhc.sys [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;C:\Windows\system32\DRIVERS\Rtenic64.sys --> C:\Windows\system32\DRIVERS\Rtenic64.sys [?] S3 StorSvc;Oppbevaringstjeneste;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992] S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\system32\drivers\Synth3dVsc.sys --> C:\Windows\system32\drivers\Synth3dVsc.sys [?] S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2011-10-18 06:56:11 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2B29AA69-EA6A-4636-BC18-AF7C9D49411D}\offreg.dll 2011-10-18 06:56:09 9049936 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2B29AA69-EA6A-4636-BC18-AF7C9D49411D}\mpengine.dll 2011-10-14 12:03:53 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\LolClient 2011-10-13 13:19:12 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8037D578-0C93-4413-83F2-22330A210D39}\gapaengine.dll 2011-10-13 13:02:14 3138048 ----a-w- C:\Windows\System32\win32k.sys 2011-10-13 13:01:22 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax 2011-10-13 13:01:22 613888 ----a-w- C:\Windows\System32\psisdecd.dll 2011-10-13 13:01:22 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll 2011-10-13 13:01:22 108032 ----a-w- C:\Windows\System32\psisrndr.ax 2011-10-13 13:00:30 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll 2011-10-13 13:00:29 861696 ----a-w- C:\Windows\System32\oleaut32.dll 2011-10-13 13:00:29 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll 2011-10-13 13:00:29 331776 ----a-w- C:\Windows\System32\oleacc.dll 2011-10-13 08:45:26 -------- d-----w- C:\Program Files (x86)\iFinger 2011-10-11 20:23:51 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll 2011-10-11 20:23:51 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll 2011-10-11 20:23:51 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll 2011-10-11 20:23:51 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll 2011-10-11 20:23:50 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll 2011-10-11 20:19:20 -------- d-----w- C:\Riot Games 2011-10-11 08:07:25 -------- d-----w- C:\Users\USERNAME\AppData\Local\PMB Files 2011-10-11 08:07:23 -------- d-----w- C:\ProgramData\PMB Files 2011-10-11 08:07:09 -------- d-----w- C:\Program Files (x86)\Pando Networks 2011-10-09 12:42:38 98816 ----a-w- C:\Windows\sed.exe 2011-10-09 12:42:38 518144 ----a-w- C:\Windows\SWREG.exe 2011-10-09 12:42:38 256000 ----a-w- C:\Windows\PEV.exe 2011-10-09 12:42:38 208896 ----a-w- C:\Windows\MBR.exe 2011-10-08 18:51:56 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab 2011-10-08 18:51:48 -------- d-----w- C:\Users\USERNAME\SystemRequirementsLab 2011-10-08 15:45:34 -------- d-----w- C:\Program Files\CCleaner 2011-10-07 17:16:31 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\GameRanger 2011-10-07 16:44:09 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes 2011-10-01 19:49:53 -------- d-----w- C:\Users\USERNAME\AppData\Local\Spotify 2011-10-01 19:49:38 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\Spotify 2011-09-30 08:43:08 -------- d-----w- C:\Users\USERNAME\AppData\Local\Apple Computer 2011-09-30 08:41:39 -------- d-----w- C:\Users\USERNAME\AppData\Local\Apple 2011-09-28 09:50:59 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\.purple 2011-09-28 09:50:37 -------- d-----w- C:\Program Files (x86)\Pidgin 2011-09-28 09:45:58 -------- d-----w- C:\Users\USERNAME\AppData\Local\Windows Live 2011-09-28 09:45:57 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live 2011-09-28 07:05:25 134104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll 2011-09-25 14:27:28 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll 2011-09-25 10:55:31 -------- d-----w- C:\Program Files (x86)\NoVirusThanks 2011-09-21 10:14:42 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\Mount&Blade Warband 2011-09-21 10:08:40 -------- d-----w- C:\Program Files (x86)\VirusTotalUploader2 2011-09-21 09:58:51 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll 2011-09-21 09:58:46 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll 2011-09-21 09:56:52 -------- d-----w- C:\Program Files (x86)\Mount&Blade Warband 2011-09-19 06:59:13 29696 ----a-w- C:\Windows\System32\drivers\tap0901.sys . ==================== Find3M ==================== . 2011-10-13 08:12:37 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-09-17 10:21:24 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys 2011-09-14 13:58:46 274616 ----a-w- C:\Windows\System32\drivers\keyscrambler.sys 2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll 2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll 2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll 2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-08-15 12:32:10 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys 2011-08-15 12:32:10 165680 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys 2011-08-15 12:32:10 146736 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys 2011-08-15 12:32:10 128816 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys 2011-08-15 12:32:08 320816 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll 2011-07-26 17:49:12 37888 ----a-w- C:\Windows\System32\drivers\taphss.sys . ============= FINISH: 9:10:18,68 ===============
  12. µTorrent is uninstalled.
  13. Combofix DDS
  14. Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Databaseversjon: 7879 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 05.10.2011 19:47:01 mbam-log-2011-10-05 (19-47-01).txt Skanntype: Hurtigsøk Objekter skannet: 176789 Tid tilbakelagt: 2 minutt(er), 42 sekund(er) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert 0 Minneprosesser infisert: (Ingen skadelige objekter funnet) Minnemoduler infisert: (Ingen skadelige objekter funnet) Registernøkler infisert: (Ingen skadelige objekter funnet) Registerverdier infisert: (Ingen skadelige objekter funnet) Registerfiler infisert: (Ingen skadelige objekter funnet) Mapper infisert: (Ingen skadelige objekter funnet) Filer infisert (Ingen skadelige objekter funnet) . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by USERNAME at 19:48:48 on 2011-10-05 Microsoft Windows 7 Enterprise 6.1.7601.1.1252.47.1044.18.1982.829 [GMT 2:00] . AV: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Hpservice.exe C:\Program Files\Sandboxie\SbieSvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe C:\Windows\SysWOW64\vmnat.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe C:\Windows\SysWOW64\vmnetdhcp.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Users\USERNAME\Local Settings\Apps\F.lux\flux.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe C:\Program Files (x86)\VMware\VMware Player\hqtray.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Windows\system32\taskhost.exe C:\Windows\System32\rundll32.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\system32\scrnsave.scr C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uWindow Title = Windows Internet Explorer provided by Akershus Fylkeskommune uStart Page = hxxp://portalen.akershus-fk.no uDefault_Page_URL = hxxp://portalen.akershus-fk.no uInternet Settings,ProxyOverride = <local> mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll BHO: Påloggingshjelp for Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [Google Update] "C:\Users\USERNAME\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [F.lux] "C:\Users\USERNAME\Local Settings\Apps\F.lux\flux.exe" /noshow uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start mRun: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe" mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: DefaultLogonDomain = Akershus-FK IE: E&ksporter til Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd til OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll LSP: C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll DPF: DirectEdit - hxxps://support.itslearning.com/browsertest/components/DirectEdit.CAB DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73}\14B6562737865737D264B40275966496 : DhcpNameServer = 148.83.249.50 148.83.249.51 TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73}\14B6562737865737D264B402759664960274A6563747 : DhcpNameServer = 148.83.249.50 148.83.249.51 TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73}\D4E294E255E2C4 : DhcpNameServer = 192.168.0.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL {18DF081C-E8AD-4283-A596-FA578C2EBDC3} {2B9F5787-88A5-4945-90E7-C4B18563BC5E} {9030D464-4C02-4ABF-8ECC-5164760863C6} {B4F3A835-0E21-4959-BA22-42B3008E02FF} {DBC80044-A445-435b-BC74-9C25C1C588A9} mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start mRun-x64: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe" . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\USERNAME\AppData\Roaming\Mozilla\Firefox\Profiles\psm2bo5w.default\ FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?q= FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Users\USERNAME\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952] R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264] R2 hpHotkeyMonitor;hpHotkeyMonitor;C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2011-5-13 317496] R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?] R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-3-25 539248] R3 KeyScrambler;KeyScrambler;C:\Windows\system32\drivers\keyscrambler.sys --> C:\Windows\system32\drivers\keyscrambler.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?] R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?] R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-8-27 156288] S2 gupdate;Google-oppdatering-tjenesten (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-21 136176] S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?] S3 gupdatem;Google-oppdatering-tjenesten (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-21 136176] S3 IntcDAud;Intel® Skjermlyd;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\drivers\nusb3hub.sys --> C:\Windows\system32\drivers\nusb3hub.sys [?] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\drivers\nusb3xhc.sys --> C:\Windows\system32\drivers\nusb3xhc.sys [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;C:\Windows\system32\DRIVERS\Rtenic64.sys --> C:\Windows\system32\DRIVERS\Rtenic64.sys [?] S3 StorSvc;Oppbevaringstjeneste;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992] S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\system32\drivers\Synth3dVsc.sys --> C:\Windows\system32\drivers\Synth3dVsc.sys [?] S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2011-10-05 16:33:31 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{446AB021-1DF4-4553-A28A-9D90891ABC2D}\offreg.dll 2011-10-05 16:33:22 9049936 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{446AB021-1DF4-4553-A28A-9D90891ABC2D}\mpengine.dll 2011-10-01 19:49:53 -------- d-----w- C:\Users\USERNAME\AppData\Local\Spotify 2011-10-01 19:49:38 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\Spotify 2011-09-30 08:43:08 -------- d-----w- C:\Users\USERNAME\AppData\Local\Apple Computer 2011-09-30 08:41:39 -------- d-----w- C:\Users\USERNAME\AppData\Local\Apple 2011-09-28 09:50:59 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\.purple 2011-09-28 09:50:37 -------- d-----w- C:\Program Files (x86)\Pidgin 2011-09-28 09:45:58 -------- d-----w- C:\Users\USERNAME\AppData\Local\Windows Live 2011-09-28 09:45:57 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live 2011-09-28 07:05:25 134104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll 2011-09-25 14:27:28 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll 2011-09-25 10:55:31 -------- d-----w- C:\Program Files (x86)\NoVirusThanks 2011-09-21 10:14:42 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\Mount&Blade Warband 2011-09-21 10:08:40 -------- d-----w- C:\Program Files (x86)\VirusTotalUploader2 2011-09-21 09:58:51 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll 2011-09-21 09:58:46 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll 2011-09-21 09:56:52 -------- d-----w- C:\Program Files (x86)\Mount&Blade Warband 2011-09-19 06:59:13 29696 ----a-w- C:\Windows\System32\drivers\tap0901.sys 2011-09-16 07:35:19 -------- d-----w- C:\Program Files (x86)\uTorrent 2011-09-16 07:33:40 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\uTorrent 2011-09-16 07:33:40 -------- d-----w- C:\Users\USERNAME\AppData\Local\uTorrent 2011-09-16 07:18:38 -------- d-----w- C:\Program Files (x86)\proXPN 2011-09-15 07:26:39 -------- d-----w- C:\Users\USERNAME\AppData\Local\VMware 2011-09-15 07:23:21 81008 ----a-w- C:\Windows\System32\drivers\vmci.sys 2011-09-15 07:23:18 68720 ----a-w- C:\Windows\System32\drivers\vmx86.sys 2011-09-15 07:22:46 334448 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe 2011-09-15 07:22:41 404080 ----a-w- C:\Windows\SysWow64\vmnat.exe 2011-09-15 07:22:41 30320 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys 2011-09-15 07:22:35 968816 ----a-w- C:\Windows\System32\vnetlib64.dll 2011-09-15 07:22:13 31856 ----a-w- C:\Windows\System32\drivers\VMkbd.sys 2011-09-15 07:22:11 38512 ----a-w- C:\Windows\System32\drivers\hcmon.sys 2011-09-15 07:21:48 -------- d-----w- C:\Program Files (x86)\Common Files\VMware 2011-09-15 07:21:25 -------- d-----w- C:\Program Files (x86)\VMware 2011-09-14 13:44:14 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\.minecraft 2011-09-14 10:13:11 -------- d-----w- C:\Users\USERNAME\VirtualBox VMs 2011-09-14 10:04:58 -------- d-----w- C:\Users\USERNAME\.VirtualBox 2011-09-14 10:04:07 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys 2011-09-14 10:04:00 128816 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys 2011-09-14 10:03:53 -------- d-----w- C:\Program Files\Oracle 2011-09-13 11:20:49 -------- d-----w- C:\Program Files (x86)\TunnelBear 2011-09-12 06:59:06 -------- d-----w- C:\Users\USERNAME\AppData\Local\Opera 2011-09-08 12:13:11 -------- d-----w- C:\Users\USERNAME\AppData\Local\Diagnostics 2011-09-08 07:00:24 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2DB06253-C2D9-4C12-BD94-E077B637C2F6}\gapaengine.dll 2011-09-07 10:14:55 -------- d-----w- C:\Program Files\Paint.NET 2011-09-07 10:14:40 -------- d-----w- C:\Users\USERNAME\AppData\Local\Paint.NET 2011-09-07 10:00:29 -------- d-----w- C:\Program Files (x86)\Common Files\Steam 2011-09-07 10:00:25 -------- d-----w- C:\Program Files (x86)\Steam 2011-09-06 09:51:36 -------- d-----r- C:\Program Files (x86)\Skype 2011-09-06 07:47:38 -------- d-----w- C:\Users\USERNAME\AppData\Local\DOSBox 2011-09-06 07:47:26 -------- d-----w- C:\Program Files (x86)\DOSBox-0.74 . ==================== Find3M ==================== . 2011-09-22 09:52:28 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-09-17 10:21:24 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys 2011-08-15 12:32:10 165680 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys 2011-08-15 12:32:10 146736 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys 2011-08-15 12:32:08 320816 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll 2011-07-26 17:49:12 37888 ----a-w- C:\Windows\System32\drivers\taphss.sys 2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll 2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll 2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll 2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe 2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2011-07-09 05:26:20 2048 ----a-w- C:\Windows\System32\tzres.dll 2011-07-09 04:29:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys . ============= FINISH: 19:49:45,26 =============== Thanks