Shaoni

Got an infection, apparently some nasty adware

8 posts in this topic

2 days ago my internet suddenly started acting weird - major sites like Google, Facebook and Youtube didn't work. I could connect to other sites, albeit slowly. Eventually contacted my ISP and got the problem solves, which evidently was a DNS mix up.

Shortly after I decided to make an online purchase of World of Warcraft game time, and ran a quick scan with Malwarebytes just to ensure I didn't have any keyloggers or other malicious stuff. Apparently I had one infection, "BEF3.tmp", which I quarantined and removed - then I looked it up on several online virus directories, and found out this particular virus was often paired with "Zlob.DNS Changer". Whoops.

The DNS Changer hadn't showed up in the quick scan, so I ran a full scan of my entire machine and there still weren't any more infections. I didn't think much of it, perhaps I was lucky and only had BEF3.tmp, but yeah, no. After playing some World of Warcraft I decided to take a break, and when I tried to start it up again, apparently my 3D Acceleration DirectX driver thingie was malfunctioning. It also automatically opened an ad in my browser, which I recognized as one which has troubled me for a long time (I never paid notice to it before now, but for several months I've had an obnoxious popup ad in the right lower corner on many websites, which I usually just close with the little black X button).

A few of my links have also started redirecting me to the same ad, although it's somewhat rare. I'm certain I've got some adware on my PC, and perhaps more than that considering it's apparently made my DirectX fail.

(Note, I bought the WoW game time on another PC I have on the same network to be absolutely sure it wouldn't be keylogged. Is there any possibility it has spread to other PCs on my network?)

I don't know much about stuff like this, to be honest, but I've been extremely paranoid since this happened. :( Here's my DDS log, attached the zipped Attach.txt:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Shaoni at 7:22:07 on 2012-06-27

Microsoft Windows 7 Professional 6.1.7600.0.1252.47.1044.18.1791.696 [GMT 2:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe

c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\D-Link\DWA-121 revA\ANIWConnService.exe

c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe

C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files (x86)\PDF Complete\pdfsvc.exe

C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Windows\system32\atieclxx.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\System32\alg.exe

C:\Windows\system32\taskhost.exe

c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe

C:\Windows\system32\taskeng.exe

c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\WhatPulse\WhatPulse.exe

C:\Program Files (x86)\Trillian\trillian.exe

C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE

C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe

C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\D-Link\DWA-121 revA\AirNCFG.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe

C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe

C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

C:\Program Files (x86)\BYOND\bin\byond.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://isearch.avg.com/?cid={4239988E-650D-4FD8-B60F-C9B0105CF733}&mid=1d99233e8e1447d0a802d94961e4913a-c4dd7f8ad735c313a7791894eb41bf978829701a〈=en&ds=is015&pr=sa&d=2012-05-07 08:28:44&v=11.0.0.9&sap=hp

mWinlogon: Userinit=userinit.exe,

BHO: File Sanitizer for HP ProtectTools: {3134413b-49b4-425c-98a5-893c1f195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll

BHO: HP ProtectTools Security Manager Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll

BHO: Påloggingshjelp for Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [WhatPulse] C:\Program Files (x86)\WhatPulse\WhatPulse.exe

uRun: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe

uRun: [Google Update] "C:\Users\Shaoni\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"

mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

mRun: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe

mRun: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe

mRun: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [D-Link D-Link DWA-121] C:\Program Files (x86)\D-Link\DWA-121 revA\AirNCFG.exe

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

StartupFolder: C:\Users\Shaoni\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Shaoni\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Shaoni\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Trillian.lnk - C:\Program Files (x86)\Trillian\trillian.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //FWEvent.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 130.67.15.198 193.213.112.4 10.0.0.138

TCP: Interfaces\{1A75FCCB-6B32-4F75-861D-D8E531A08CAC} : DhcpNameServer = 193.213.112.4 130.67.15.198 10.0.0.138

TCP: Interfaces\{AD4CC578-F195-4D05-B5E9-6FDA4FFE253E} : DhcpNameServer = 130.67.15.198 193.213.112.4 10.0.0.138

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Notify: DeviceNP - DeviceNP.dll

LSA: Notification Packages = DPPassFilter scecli

{3134413B-49B4-425C-98A5-893C1F195601}

{395610AE-C624-4f58-B89E-23733EA00F9A}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{d2ce3e00-f94a-4740-988e-03dc2f38c34f}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

{8dcb7100-df86-4384-8842-8fa844297b3f}

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"

mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

mRun-x64: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe

mRun-x64: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe

mRun-x64: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [D-Link D-Link DWA-121] C:\Program Files (x86)\D-Link\DWA-121 revA\AirNCFG.exe

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

Hosts: 149.5.18.173 www.google-analytics.com.

Hosts: 149.5.18.173 ad-emea.doubleclick.net.

Hosts: 149.5.18.173 www.statcounter.com.

Hosts: 108.163.215.51 www.google-analytics.com.

Hosts: 108.163.215.51 ad-emea.doubleclick.net.

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Shaoni\AppData\Roaming\Mozilla\Firefox\Profiles\toq7b9ty.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com?cid=%7Bb47f3b72-cc88-4086-88bb-cbdcd9f117e0%7D&mid=1d99233e8e1447d0a802d94961e4913a-c4dd7f8ad735c313a7791894eb41bf978829701a&ds=is015&v=11.0.0.9〈=en&pr=sa&d=2012-05-07%2008%3A28%3A44

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb47f3b72-cc88-4086-88bb-cbdcd9f117e0%7D&mid=1d99233e8e1447d0a802d94961e4913a-c4dd7f8ad735c313a7791894eb41bf978829701a&ds=is015&v=11.0.0.9〈=en&pr=sa&d=2012-05-07%2008%3A28%3A44&sap=ku&q=

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\BYOND\bin\npbyond.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npbyond.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Users\Shaoni\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SbAlg;SbAlg;C:\Windows\System32\drivers\SbAlg.sys [2010-2-2 51800]

R0 SbFsLock;SbFsLock;C:\Windows\System32\drivers\SbFsLock.sys [2010-2-2 13256]

R1 anodlwf;ANOD Network Security Filter driver;C:\Windows\system32\DRIVERS\anodlwfx.sys --> C:\Windows\system32\DRIVERS\anodlwfx.sys [?]

R1 RsvLock;RsvLock;C:\Windows\System32\drivers\rsvlock.sys [2010-2-2 40088]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 D_Link_DWA-121_WPS;D_Link_DWA-121_WPS Service;C:\Program Files (x86)\D-Link\DWA-121 revA\ANIWConnService.exe [2012-4-12 53248]

R2 HP ProtectTools Service;HP ProtectTools Service;C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-1-12 36864]

R2 HpFkCryptService;Drive Encryption Service;C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-2-2 281192]

R2 HPFSService;File Sanitizer for HP ProtectTools;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-12 297984]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-27 654408]

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-10-21 635416]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 DEBridge;DEBridge;C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-2-2 704512]

R3 DRTL8192cu;D-Link DWA Wireless N USB Adapter;C:\Windows\system32\DRIVERS\RTL8192cu.sys --> C:\Windows\system32\DRIVERS\RTL8192cu.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-14 250056]

S3 DAMDrv;DAMDrv;C:\Windows\system32\DRIVERS\DAMDrv64.sys --> C:\Windows\system32\DRIVERS\DAMDrv64.sys [?]

S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\SysWOW64\flcdlock.exe [2009-12-7 362040]

S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\system32\DRIVERS\mcvidrv_x64.sys --> C:\Windows\system32\DRIVERS\mcvidrv_x64.sys [?]

S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\system32\drivers\mcaudrv_x64.sys --> C:\Windows\system32\drivers\mcaudrv_x64.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-14 113120]

S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 OxPPort;OxPPort;C:\Windows\system32\DRIVERS\OxPPort.sys --> C:\Windows\system32\DRIVERS\OxPPort.sys [?]

S3 StorSvc;Oppbevaringstjeneste;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-06-26 21:59:12 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{350F2ECF-F35C-42DF-BB11-DF58FD628ED1}\mpengine.dll

2012-06-23 20:07:52 -------- d-----w- C:\Users\Shaoni\AppData\Local\Macromedia

2012-06-22 14:39:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-22 14:38:10 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-22 14:38:10 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-20 01:35:35 -------- d-----w- C:\Users\Shaoni\AppData\Roaming\TS3Client

2012-06-17 14:03:29 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-17 14:03:29 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll

2012-06-16 19:10:35 -------- d-----w- C:\Users\Shaoni\AppData\Local\FlashDevelop.old

2012-06-16 19:10:35 -------- d-----w- C:\Users\Shaoni\AppData\Local\FlashDevelop

2012-06-16 18:48:28 -------- d-----w- C:\Program Files (x86)\FlashDevelop

2012-06-16 01:21:29 51024 ----a-w- C:\Windows\System32\vcomp100.dll

2012-06-14 00:51:33 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-06-14 00:51:33 76288 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-06-14 00:51:33 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-06-14 00:51:25 208896 ----a-w- C:\Windows\System32\profsvc.dll

2012-06-14 00:51:14 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-06-14 00:51:14 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-06-14 00:51:13 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-06-14 00:50:56 3144192 ----a-w- C:\Windows\System32\win32k.sys

2012-06-14 00:50:45 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-06-14 00:50:36 3213824 ----a-w- C:\Windows\System32\msi.dll

2012-06-14 00:50:36 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2012-06-14 00:50:26 182272 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-06-14 00:50:26 1460224 ----a-w- C:\Windows\System32\crypt32.dll

2012-06-14 00:50:26 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-06-14 00:50:26 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-06-14 00:50:25 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-06-14 00:50:25 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-06-13 01:14:14 -------- d-----w- C:\Program Files\TeamSpeak 3 Client

2012-06-12 19:39:51 -------- d-----w- C:\Program Files (x86)\Amnesia - The Dark Descent

2012-06-12 19:32:34 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes

2012-06-11 20:22:56 -------- d-----w- C:\Users\Shaoni\AppData\Local\SplitMediaLabs

2012-06-11 20:20:44 -------- d-----w- C:\Program Files (x86)\SplitMediaLabs

2012-06-11 20:20:42 -------- d-----w- C:\ProgramData\SplitMediaLabs

2012-06-11 20:18:48 -------- d-----w- C:\Users\Shaoni\AppData\Roaming\SplitMediaLabs

2012-06-11 17:05:44 -------- d-----r- C:\Program Files (x86)\Skype

2012-06-10 21:33:46 152576 ----a-w- C:\Windows\System32\CNCS32.DLL

2012-06-10 20:51:14 -------- d-----w- C:\Program Files (x86)\Game Maker 8 Pro Edition

2012-06-08 14:07:55 -------- d-----w- C:\Program Files (x86)\Multimedia Fusion 2

2012-06-06 18:55:46 -------- d-----w- C:\Program Files\SmartFTP Client

2012-06-06 18:53:59 -------- d-----w- C:\Program Files (x86)\SmartFTP Client 4.0 (x64) Setup Files

2012-05-29 11:44:28 -------- d-----w- C:\Users\Shaoni\AppData\Roaming\Toribash

2012-05-29 11:44:02 -------- d-----w- C:\Games

2012-05-29 10:12:17 -------- d-----w- C:\Users\Shaoni\AppData\Local\TSVNCache

2012-05-28 14:21:15 -------- d-----w- C:\Users\Shaoni\AppData\Roaming\TortoiseSVN

2012-05-28 14:17:56 -------- d-----w- C:\Users\Shaoni\AppData\Roaming\Subversion

2012-05-28 14:17:20 -------- d-----w- C:\Program Files (x86)\Common Files\TortoiseOverlays

2012-05-28 14:17:18 -------- d-----w- C:\Program Files\Common Files\TortoiseOverlays

2012-05-28 14:17:17 -------- d-----w- C:\Program Files\TortoiseSVN

.

==================== Find3M ====================

.

2012-06-23 19:19:44 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-23 19:19:44 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:50:06 71680 ----a-w- C:\Windows\System32\frapsv64.dll

2012-05-17 22:50:04 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-05-08 12:25:59 235 ----a-w- C:\Windows\SysWow64\nxEuUninstall.bat

2012-05-08 12:25:57 446464 ----a-w- C:\Windows\NEXON_EU_DownloaderUpdater.exe

2012-04-24 05:21:57 0 ----a-w- C:\Windows\SysWow64\sho9356.tmp

2012-04-20 01:17:37 0 ----a-w- C:\Windows\SysWow64\shoD589.tmp

2012-04-12 16:12:56 147248 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys

2012-04-12 16:12:54 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys

2012-04-12 16:12:54 130864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys

2012-04-04 16:33:18 955800 ----a-w- C:\Windows\System32\npDeployJava1.dll

2012-04-04 16:33:14 839056 ----a-w- C:\Windows\System32\deployJava1.dll

2012-04-04 13:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-30 11:09:53 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

============= FINISH: 7:22:52,36 ===============

Attach.rar

Share this post


Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Share this post


Link to post
Share on other sites

Malwarebytes log came out exactly as before, 0 infections anywhere, even after getting updated.

Combofix:

ComboFix 12-06-27.01 - Shaoni 27.06.2012 20:00:48.1.2 - x64

Microsoft Windows 7 Professional 6.1.7600.0.1252.47.1044.18.1791.819 [GMT 2:00]

Kjører fra: c:\users\Shaoni\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\system32\drivers\etc\hosts.txt

.

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2012-05-27 til 2012-06-27 )))))))))))))))))))))))))))))))))

.

.

2012-06-26 21:59 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{350F2ECF-F35C-42DF-BB11-DF58FD628ED1}\mpengine.dll

2012-06-23 20:07 . 2012-06-23 20:07 -------- d-----w- c:\users\Shaoni\AppData\Local\Macromedia

2012-06-22 14:39 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-22 14:39 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-22 14:39 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-22 14:39 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-22 14:38 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-22 14:38 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-22 14:38 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-22 14:38 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-22 14:38 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-20 01:35 . 2012-06-20 02:02 -------- d-----w- c:\users\Shaoni\AppData\Roaming\TS3Client

2012-06-17 14:03 . 2012-06-17 14:03 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-17 14:03 . 2012-06-17 14:03 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll

2012-06-16 19:10 . 2012-06-16 19:10 -------- d-----w- c:\users\Shaoni\AppData\Local\FlashDevelop

2012-06-16 18:48 . 2012-06-16 18:48 -------- d-----w- c:\program files (x86)\FlashDevelop

2012-06-16 01:21 . 2011-03-11 08:09 51024 ----a-w- c:\windows\system32\vcomp100.dll

2012-06-14 00:51 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-14 00:51 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-14 00:51 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-14 00:51 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll

2012-06-14 00:51 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-06-14 00:51 . 2012-05-04 10:08 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-06-14 00:51 . 2012-05-04 10:08 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-06-14 00:50 . 2012-05-15 01:32 3144192 ----a-w- c:\windows\system32\win32k.sys

2012-06-14 00:50 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-14 00:50 . 2012-04-07 12:18 3213824 ----a-w- c:\windows\system32\msi.dll

2012-06-14 00:50 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-06-14 00:50 . 2012-04-24 05:59 182272 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-14 00:50 . 2012-04-24 05:59 1460224 ----a-w- c:\windows\system32\crypt32.dll

2012-06-14 00:50 . 2012-04-24 05:59 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-14 00:50 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-14 00:50 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-14 00:50 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-06-13 01:14 . 2012-06-13 01:14 -------- d-----w- c:\program files\TeamSpeak 3 Client

2012-06-12 19:39 . 2012-06-12 19:44 -------- d-----w- c:\program files (x86)\Amnesia - The Dark Descent

2012-06-12 19:32 . 2012-06-12 19:32 -------- d-----w- c:\program files (x86)\Elaborate Bytes

2012-06-11 20:22 . 2012-06-11 20:22 -------- d-----w- c:\users\Shaoni\AppData\Local\SplitMediaLabs

2012-06-11 20:20 . 2012-06-11 20:20 -------- d-----w- c:\program files (x86)\SplitMediaLabs

2012-06-11 20:20 . 2012-06-11 20:20 -------- d-----w- c:\programdata\SplitMediaLabs

2012-06-11 20:18 . 2012-06-11 20:18 -------- d-----w- c:\users\Shaoni\AppData\Roaming\SplitMediaLabs

2012-06-11 17:06 . 2012-06-27 18:18 -------- d-----w- c:\users\Shaoni\AppData\Roaming\Skype

2012-06-11 17:05 . 2012-06-11 17:05 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-06-11 17:05 . 2012-06-11 17:05 -------- d-----r- c:\program files (x86)\Skype

2012-06-11 17:05 . 2012-06-11 17:06 -------- d-----w- c:\programdata\Skype

2012-06-10 21:33 . 2003-07-06 12:12 152576 ----a-w- c:\windows\system32\CNCS32.DLL

2012-06-10 20:51 . 2012-06-10 20:51 -------- d-----w- c:\program files (x86)\Game Maker 8 Pro Edition

2012-06-08 14:07 . 2012-06-08 14:08 -------- d-----w- c:\program files (x86)\Multimedia Fusion 2

2012-06-06 18:59 . 2012-06-06 18:59 -------- d-----w- c:\users\Shaoni\AppData\Roaming\SmartFTP

2012-06-06 18:55 . 2012-06-06 18:55 -------- d-----w- c:\program files\SmartFTP Client

2012-06-06 18:53 . 2012-06-06 18:53 -------- d-----w- c:\program files (x86)\SmartFTP Client 4.0 (x64) Setup Files

2012-05-29 11:44 . 2012-05-29 11:44 -------- d-----w- c:\users\Shaoni\AppData\Roaming\Toribash

2012-05-29 11:44 . 2012-05-29 11:44 -------- d-----w- C:\Games

2012-05-29 10:12 . 2012-06-27 18:17 -------- d-----w- c:\users\Shaoni\AppData\Local\TSVNCache

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-23 19:19 . 2012-05-14 18:35 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-23 19:19 . 2012-03-14 17:48 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-17 22:50 . 2012-05-17 22:50 71680 ----a-w- c:\windows\system32\frapsv64.dll

2012-05-17 22:50 . 2012-05-17 22:50 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll

2012-05-08 12:25 . 2012-05-08 12:25 235 ----a-w- c:\windows\SysWow64\nxEuUninstall.bat

2012-05-08 12:25 . 2012-05-08 12:25 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe

2012-04-24 05:21 . 2012-04-24 05:21 0 ----a-w- c:\windows\SysWow64\sho9356.tmp

2012-04-23 01:44 . 2012-04-23 01:44 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-04-23 01:44 . 2012-04-23 01:44 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-04-23 01:44 . 2012-04-23 01:44 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-04-23 01:44 . 2012-04-23 01:44 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-04-23 01:44 . 2012-04-23 01:44 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-04-23 01:44 . 2012-04-23 01:44 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-04-23 01:44 . 2012-04-23 01:44 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-04-23 01:44 . 2012-04-23 01:44 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-04-23 01:44 . 2012-04-23 01:44 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-04-23 01:44 . 2012-04-23 01:44 603648 ----a-w- c:\windows\system32\vbscript.dll

2012-04-23 01:44 . 2012-04-23 01:44 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-04-23 01:44 . 2012-04-23 01:44 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-04-23 01:44 . 2012-04-23 01:44 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-04-23 01:44 . 2012-04-23 01:44 448512 ----a-w- c:\windows\system32\html.iec

2012-04-23 01:44 . 2012-04-23 01:44 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-04-23 01:44 . 2012-04-23 01:44 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-04-23 01:44 . 2012-04-23 01:44 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-04-23 01:44 . 2012-04-23 01:44 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-04-23 01:44 . 2012-04-23 01:44 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-04-23 01:44 . 2012-04-23 01:44 222208 ----a-w- c:\windows\system32\msls31.dll

2012-04-23 01:44 . 2012-04-23 01:44 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-04-23 01:44 . 2012-04-23 01:44 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-04-23 01:44 . 2012-04-23 01:44 160256 ----a-w- c:\windows\system32\wextract.exe

2012-04-23 01:44 . 2012-04-23 01:44 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-04-23 01:44 . 2012-04-23 01:44 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-04-23 01:44 . 2012-04-23 01:44 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-04-23 01:44 . 2012-04-23 01:44 12288 ----a-w- c:\windows\system32\mshta.exe

2012-04-23 01:44 . 2012-04-23 01:44 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-04-23 01:44 . 2012-04-23 01:44 114176 ----a-w- c:\windows\system32\admparse.dll

2012-04-23 01:44 . 2012-04-23 01:44 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-04-23 01:44 . 2012-04-23 01:44 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-04-23 01:44 . 2012-04-23 01:44 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2012-04-20 01:17 . 2012-04-20 01:17 0 ----a-w- c:\windows\SysWow64\shoD589.tmp

2012-04-12 16:12 . 2012-04-12 16:12 147248 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

2012-04-12 16:12 . 2012-05-01 02:53 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2012-04-12 16:12 . 2012-05-01 02:52 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2012-04-04 16:33 . 2012-05-16 02:37 955800 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-04-04 16:33 . 2012-05-16 02:37 839056 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-04 13:56 . 2012-05-27 15:57 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-30 11:09 . 2012-05-11 21:49 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Shaoni\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Shaoni\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Shaoni\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]

"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-03-15 742264]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-03-24 1242448]

"WhatPulse"="c:\program files (x86)\WhatPulse\WhatPulse.exe" [2011-11-15 3990528]

"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2012-05-08 438272]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]

"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2010-02-11 710656]

"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]

"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]

"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]

"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-12-12 11265536]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"D-Link D-Link DWA-121"="c:\program files (x86)\D-Link\DWA-121 revA\AirNCFG.exe" [2010-09-26 1041728]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]

.

c:\users\Shaoni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Shaoni\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2011-12-19 2362720]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]

2009-12-07 18:36 75320 ----a-w- c:\windows\System32\DeviceNP.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ DPPassFilter scecli

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]

R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2009-10-21 40760]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-12-07 362040]

R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304]

R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]

R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 OxPPort;OxPPort;c:\windows\system32\DRIVERS\OxPPort.sys [2008-07-31 98304]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-23 1255736]

S0 SafeBoot;SafeBoot; [x]

S0 SbAlg;SbAlg; [x]

S0 SbFsLock;SbFsLock; [x]

S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys [2010-06-07 15872]

S1 RsvLock;RsvLock; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-11 203264]

S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 D_Link_DWA-121_WPS;D_Link_DWA-121_WPS Service;c:\program files (x86)\D-Link\DWA-121 revA\ANIWConnService.exe [2010-07-11 53248]

S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-01-12 36864]

S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-02 281192]

S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-12 297984]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-11 6790656]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-11 221184]

S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-02-02 704512]

S3 DRTL8192cu;D-Link DWA Wireless N USB Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [2010-08-19 748648]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-03 331880]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-10-19 39480]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-04-12 147248]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

--- Andre tjenester/drivere lastet i minnet ---

.

*NewlyCreated* - WS2IFSL

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

.

2012-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 19:19]

.

2012-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4186856315-2171103671-2923768269-1003Core.job

- c:\users\Shaoni\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-14 16:46]

.

2012-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4186856315-2171103671-2923768269-1003UA.job

- c:\users\Shaoni\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-14 16:46]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Shaoni\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Shaoni\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Shaoni\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Shaoni\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://isearch.avg.com/?cid={4239988E-650D-4FD8-B60F-C9B0105CF733}&mid=1d99233e8e1447d0a802d94961e4913a-c4dd7f8ad735c313a7791894eb41bf978829701a〈=en&ds=is015&pr=sa&d=2012-05-07 08:28&v=11.0.0.9&sap=hp

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //FWEvent.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

TCP: DhcpNameServer = 130.67.15.198 193.213.112.4 10.0.0.138

FF - ProfilePath - c:\users\Shaoni\AppData\Roaming\Mozilla\Firefox\Profiles\toq7b9ty.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com?cid=%7Bb47f3b72-cc88-4086-88bb-cbdcd9f117e0%7D&mid=1d99233e8e1447d0a802d94961e4913a-c4dd7f8ad735c313a7791894eb41bf978829701a&ds=is015&v=11.0.0.9〈=en&pr=sa&d=2012-05-07%2008%3A28%3A44

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb47f3b72-cc88-4086-88bb-cbdcd9f117e0%7D&mid=1d99233e8e1447d0a802d94961e4913a-c4dd7f8ad735c313a7791894eb41bf978829701a&ds=is015&v=11.0.0.9〈=en&pr=sa&d=2012-05-07%2008%3A28%3A44&sap=ku&q=

.

- - - - TOMME PEKERE FJERNET - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-{319E272A-B5DB-4939-99D0-1F1F0C55699E} - c:\program files (x86)\InstallShield Installation Information\{319E272A-B5DB-4939-99D0-1F1F0C55699E}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LÅSTE REGISTERNøKLER ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

c:\program files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe

c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe

c:\nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe

c:\users\Shaoni\Desktop\Isaac.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2012-06-27 20:41:22 - maskinen ble startet pÅ nytt

ComboFix-quarantined-files.txt 2012-06-27 18:41

.

Pre-Run: 170 700 963 840 byte ledig

Post-Run: 171 911 704 576 byte ledig

.

- - End Of File - - B1EF1E0813A08236ED0C946B1D931EAB

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Shaoni at 20:46:44 on 2012-06-27

Microsoft Windows 7 Professional 6.1.7600.0.1252.47.1044.18.1791.469 [GMT 2:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe

c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\D-Link\DWA-121 revA\ANIWConnService.exe

c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe

C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files (x86)\PDF Complete\pdfsvc.exe

C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe

C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\rundll32.exe

c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe

c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\WhatPulse\WhatPulse.exe

C:\Users\Shaoni\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Trillian\trillian.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe

C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE

C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe

C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\D-Link\DWA-121 revA\AirNCFG.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://isearch.avg.com/?cid={4239988E-650D-4FD8-B60F-C9B0105CF733}&mid=1d99233e8e1447d0a802d94961e4913a-c4dd7f8ad735c313a7791894eb41bf978829701a〈=en&ds=is015&pr=sa&d=2012-05-07 08:28:44&v=11.0.0.9&sap=hp

BHO: File Sanitizer for HP ProtectTools: {3134413b-49b4-425c-98a5-893c1f195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll

BHO: HP ProtectTools Security Manager Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll

BHO: PÅloggingshjelp for Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [WhatPulse] C:\Program Files (x86)\WhatPulse\WhatPulse.exe

uRun: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"

mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

mRun: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe

mRun: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe

mRun: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [D-Link D-Link DWA-121] C:\Program Files (x86)\D-Link\DWA-121 revA\AirNCFG.exe

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

StartupFolder: C:\Users\Shaoni\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Shaoni\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Shaoni\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Trillian.lnk - C:\Program Files (x86)\Trillian\trillian.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //FWEvent.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 130.67.15.198 193.213.112.4 10.0.0.138

TCP: Interfaces\{1A75FCCB-6B32-4F75-861D-D8E531A08CAC} : DhcpNameServer = 193.213.112.4 130.67.15.198 10.0.0.138

TCP: Interfaces\{AD4CC578-F195-4D05-B5E9-6FDA4FFE253E} : DhcpNameServer = 130.67.15.198 193.213.112.4 10.0.0.138

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Notify: DeviceNP - DeviceNP.dll

LSA: Notification Packages = DPPassFilter scecli

{3134413B-49B4-425C-98A5-893C1F195601}

{395610AE-C624-4f58-B89E-23733EA00F9A}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{d2ce3e00-f94a-4740-988e-03dc2f38c34f}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

{8dcb7100-df86-4384-8842-8fa844297b3f}

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"

mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

mRun-x64: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe

mRun-x64: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe

mRun-x64: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [D-Link D-Link DWA-121] C:\Program Files (x86)\D-Link\DWA-121 revA\AirNCFG.exe

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Shaoni\AppData\Roaming\Mozilla\Firefox\Profiles\toq7b9ty.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com?cid=%7Bb47f3b72-cc88-4086-88bb-cbdcd9f117e0%7D&mid=1d99233e8e1447d0a802d94961e4913a-c4dd7f8ad735c313a7791894eb41bf978829701a&ds=is015&v=11.0.0.9〈=en&pr=sa&d=2012-05-07%2008%3A28%3A44

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb47f3b72-cc88-4086-88bb-cbdcd9f117e0%7D&mid=1d99233e8e1447d0a802d94961e4913a-c4dd7f8ad735c313a7791894eb41bf978829701a&ds=is015&v=11.0.0.9〈=en&pr=sa&d=2012-05-07%2008%3A28%3A44&sap=ku&q=

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\BYOND\bin\npbyond.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npbyond.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Users\Shaoni\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SbAlg;SbAlg;C:\Windows\System32\drivers\SbAlg.sys [2010-2-2 51800]

R0 SbFsLock;SbFsLock;C:\Windows\System32\drivers\SbFsLock.sys [2010-2-2 13256]

R1 anodlwf;ANOD Network Security Filter driver;C:\Windows\system32\DRIVERS\anodlwfx.sys --> C:\Windows\system32\DRIVERS\anodlwfx.sys [?]

R1 RsvLock;RsvLock;C:\Windows\System32\drivers\rsvlock.sys [2010-2-2 40088]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 D_Link_DWA-121_WPS;D_Link_DWA-121_WPS Service;C:\Program Files (x86)\D-Link\DWA-121 revA\ANIWConnService.exe [2012-4-12 53248]

R2 HP ProtectTools Service;HP ProtectTools Service;C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-1-12 36864]

R2 HpFkCryptService;Drive Encryption Service;C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-2-2 281192]

R2 HPFSService;File Sanitizer for HP ProtectTools;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-12 297984]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-27 654408]

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-10-21 635416]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 DEBridge;DEBridge;C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-2-2 704512]

R3 DRTL8192cu;D-Link DWA Wireless N USB Adapter;C:\Windows\system32\DRIVERS\RTL8192cu.sys --> C:\Windows\system32\DRIVERS\RTL8192cu.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-14 250056]

S3 DAMDrv;DAMDrv;C:\Windows\system32\DRIVERS\DAMDrv64.sys --> C:\Windows\system32\DRIVERS\DAMDrv64.sys [?]

S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\SysWOW64\flcdlock.exe [2009-12-7 362040]

S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\system32\DRIVERS\mcvidrv_x64.sys --> C:\Windows\system32\DRIVERS\mcvidrv_x64.sys [?]

S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\system32\drivers\mcaudrv_x64.sys --> C:\Windows\system32\drivers\mcaudrv_x64.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-14 113120]

S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 OxPPort;OxPPort;C:\Windows\system32\DRIVERS\OxPPort.sys --> C:\Windows\system32\DRIVERS\OxPPort.sys [?]

S3 StorSvc;Oppbevaringstjeneste;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-06-27 17:58:42 98816 ----a-w- C:\Windows\sed.exe

2012-06-27 17:58:42 518144 ----a-w- C:\Windows\SWREG.exe

2012-06-27 17:58:42 256000 ----a-w- C:\Windows\PEV.exe

2012-06-27 17:58:42 208896 ----a-w- C:\Windows\MBR.exe

2012-06-26 21:59:12 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{350F2ECF-F35C-42DF-BB11-DF58FD628ED1}\mpengine.dll

2012-06-23 20:07:52 -------- d-----w- C:\Users\Shaoni\AppData\Local\Macromedia

2012-06-22 14:39:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-22 14:38:59 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-22 14:38:10 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-22 14:38:10 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-20 01:35:35 -------- d-----w- C:\Users\Shaoni\AppData\Roaming\TS3Client

2012-06-17 14:03:29 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-17 14:03:29 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll

2012-06-16 19:10:35 -------- d-----w- C:\Users\Shaoni\AppData\Local\FlashDevelop.old

2012-06-16 19:10:35 -------- d-----w- C:\Users\Shaoni\AppData\Local\FlashDevelop

2012-06-16 18:48:28 -------- d-----w- C:\Program Files (x86)\FlashDevelop

2012-06-16 01:21:29 51024 ----a-w- C:\Windows\System32\vcomp100.dll

2012-06-14 00:51:33 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-06-14 00:51:33 76288 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-06-14 00:51:33 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-06-14 00:51:25 208896 ----a-w- C:\Windows\System32\profsvc.dll

2012-06-14 00:51:14 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-06-14 00:51:14 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-06-14 00:51:13 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-06-14 00:50:56 3144192 ----a-w- C:\Windows\System32\win32k.sys

2012-06-14 00:50:45 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-06-14 00:50:36 3213824 ----a-w- C:\Windows\System32\msi.dll

2012-06-14 00:50:36 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2012-06-14 00:50:26 182272 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-06-14 00:50:26 1460224 ----a-w- C:\Windows\System32\crypt32.dll

2012-06-14 00:50:26 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-06-14 00:50:26 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-06-14 00:50:25 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-06-14 00:50:25 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-06-13 01:14:14 -------- d-----w- C:\Program Files\TeamSpeak 3 Client

2012-06-12 19:39:51 -------- d-----w- C:\Program Files (x86)\Amnesia - The Dark Descent

2012-06-12 19:32:34 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes

2012-06-11 20:22:56 -------- d-----w- C:\Users\Shaoni\AppData\Local\SplitMediaLabs

2012-06-11 20:20:44 -------- d-----w- C:\Program Files (x86)\SplitMediaLabs

2012-06-11 20:20:42 -------- d-----w- C:\ProgramData\SplitMediaLabs

2012-06-11 20:18:48 -------- d-----w- C:\Users\Shaoni\AppData\Roaming\SplitMediaLabs

2012-06-11 17:05:44 -------- d-----r- C:\Program Files (x86)\Skype

2012-06-10 21:33:46 152576 ----a-w- C:\Windows\System32\CNCS32.DLL

2012-06-10 20:51:14 -------- d-----w- C:\Program Files (x86)\Game Maker 8 Pro Edition

2012-06-08 14:07:55 -------- d-----w- C:\Program Files (x86)\Multimedia Fusion 2

2012-06-06 18:55:46 -------- d-----w- C:\Program Files\SmartFTP Client

2012-06-06 18:53:59 -------- d-----w- C:\Program Files (x86)\SmartFTP Client 4.0 (x64) Setup Files

2012-05-29 11:44:28 -------- d-----w- C:\Users\Shaoni\AppData\Roaming\Toribash

2012-05-29 11:44:02 -------- d-----w- C:\Games

2012-05-29 10:12:17 -------- d-----w- C:\Users\Shaoni\AppData\Local\TSVNCache

.

==================== Find3M ====================

.

2012-06-23 19:19:44 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-23 19:19:44 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:50:06 71680 ----a-w- C:\Windows\System32\frapsv64.dll

2012-05-17 22:50:04 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-05-08 12:25:59 235 ----a-w- C:\Windows\SysWow64\nxEuUninstall.bat

2012-05-08 12:25:57 446464 ----a-w- C:\Windows\NEXON_EU_DownloaderUpdater.exe

2012-04-24 05:21:57 0 ----a-w- C:\Windows\SysWow64\sho9356.tmp

2012-04-20 01:17:37 0 ----a-w- C:\Windows\SysWow64\shoD589.tmp

2012-04-12 16:12:56 147248 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys

2012-04-12 16:12:54 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys

2012-04-12 16:12:54 130864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys

2012-04-04 16:33:18 955800 ----a-w- C:\Windows\System32\npDeployJava1.dll

2012-04-04 16:33:14 839056 ----a-w- C:\Windows\System32\deployJava1.dll

2012-04-04 13:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-30 11:09:53 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

============= FINISH: 20:47:24,92 ===============

Share this post


Link to post
Share on other sites

Can you please post the MBAM log anyway...

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Share this post


Link to post
Share on other sites

System appears to be 100% clean. I guess TFC did the job. Should I bump this if I keep getting redirected or is there anything else I should try?

MBAM:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.27.08

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Shaoni :: SHAONI-HP [administrator]

Protection: Enabled

27.06.2012 19:47:30

mbam-log-2012-06-27 (19-47-30).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 205493

Time elapsed: 4 minute(s), 44 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

ESET:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=0f4afbef602b354fbb739a9af9a6adf1

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-06-28 12:26:50

# local_time=2012-06-28 02:26:50 (+0100, Vest-Europa (sommertid))

# country="Norway"

# lang=1033

# osver=6.1.7600 NT

# compatibility_mode=5893 16776573 100 94 135430 92513233 0 0

# compatibility_mode=8192 67108863 100 0 146 146 0 0

# scanned=241732

# found=0

# cleaned=0

# scan_time=3027

Security Check:

Results of screen317's Security Check version 0.99.42

Windows 7 x64 (UAC is enabled)

Out of date service pack!!

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware versión 1.61.0.1400

Java 6 Update 29

Java version out of Date!

Mozilla Firefox (13.0.1)

Google Chrome 19.0.1084.52

Google Chrome 19.0.1084.56

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

Share this post


Link to post
Share on other sites

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Java™ 6 Update 29

Restart your computer.

Get the latest version of Java

Reboot.

Get Windows 7 Service Pack 1 from Windows Update. Also get whatever other updates may be present.

Let me know what issues remain.

Share this post


Link to post
Share on other sites

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.