TechSpot

Lost control over some actions on Facebook

By Petter
Dec 6, 2011
  1. Good afternoon,

    I recently encountered a problem which I do not know how to solve. I've started sending out group invitations on facebook, and links to all the people on my friends list. This only happens when I am logged on facebook, and changing password and details did not help.

    Followed the "UPDATED 5-step Viruses/Spyware/Malware Preliminary Removal Instructions" guide.

    Greatful for any kind of help as I am at a loss of what to do.

    Logs from recomended programs below, starting with Malwarebytes Anti-Malware log:

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8325

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    07.12.2011 22:47:08
    mbam-log-2011-12-07 (22-47-08).txt

    Scan type: Quick scan
    Objects scanned: 169102
    Time elapsed: 2 minute(s), 34 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    ----------------------------------------------------------------------------------------------
    GMER log

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-07 22:33:13
    Windows 6.1.7600
    Running: htm1gqnx.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\78e400f23ea6
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\78e400f23ea6 (not active ControlSet)

    ---- Files - GMER 1.0.15 ----

    File C:\ProgramData\Microsoft\RAC\Temp\sqlCB4A.tmp 20480 bytes
    File C:\ProgramData\Microsoft\RAC\Temp\sqlCB8A.tmp 20480 bytes

    ---- EOF - GMER 1.0.15 ----
    ----------------------------------------------------------------------------------------------------
    DDS logs: both DDS.txt and Attach.txt. Starting with DDS.txt:

    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385
    Run by Petter at 22:58:40 on 2011-12-07
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.47.1044.18.3959.2288 [GMT 1:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    AV: McAfee Anti-Virus og Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus og Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
    C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\PLFSetI.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    C:\Program Files (x86)\Creative\Shared Files\CTSched.exe
    C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files\mcafee.com\agent\mcagent.exe
    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Creative\USB Headsets\Volume Panel\VolPanlu.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    C:\Program Files (x86)\Launch Manager\LMworker.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\wuauclt.exe
    C:\Users\Petter\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Petter\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Petter\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Petter\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Petter\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\Petter\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Petter\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Petter\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_ActiveX.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.no/
    uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&m=aspire_5741g&r=27360910j225l0434z145t6632k56r
    uSearch Page = hxxp://no.woofi.info
    mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&m=aspire_5741g&r=27360910j225l0434z145t6632k56r
    mStart Page = hxxp://no.woofi.info
    mSearch Page = hxxp://no.woofi.info
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110223232330.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Påloggingshjelp for Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre1.6.0_27\bin\jp2ssv.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    uRun: [CreativeTaskScheduler] "C:\Program Files (x86)\Creative\Shared Files\CTSched.exe" /logon
    uRun: [Google Update] "C:\Users\Petter\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Creative Software Update] "C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe" /Silent
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
    mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
    mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
    mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [VolPanel] "C:\Program Files (x86)\Creative\USB Headsets\Volume Panel\VolPanlu.exe" /r
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
    DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
    TCP: DhcpNameServer = 217.13.7.140 217.13.4.24
    TCP: Interfaces\{4DD4480A-DC6A-4215-A2CB-6F13BC50FB36} : DhcpNameServer = 217.13.7.140 217.13.4.24
    TCP: Interfaces\{CF1C6892-61D2-470E-BAFD-587A3F1E0AB0} : DhcpNameServer = 217.13.4.24 217.13.7.140
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
    {27B4851A-3207-45A2-B947-BE8AFE6163AB}
    {326E768D-4182-46FD-9C16-1449A49795F4}
    {53707962-6F74-2D53-2644-206D7942484F}
    {7DB2D5A0-7241-4E79-B68D-6309F01C5231}
    {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
    {9030D464-4C02-4ABF-8ECC-5164760863C6}
    {9FDDE16B-836F-4806-AB1F-1455CBEFF289}
    {B164E929-A1B6-4A06-B104-2CD0E90A88FF}
    {D4027C7F-154A-4066-A1AD-4243D8127440}
    {DBC80044-A445-435b-BC74-9C25C1C588A9}
    {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}
    {D4027C7F-154A-4066-A1AD-4243D8127440}
    {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
    TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
    mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
    mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
    mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
    mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun-x64: [(Standard)]
    mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\USB Headsets\Volume Panel\VolPanlu.exe" /r
    mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
    R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
    R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
    R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-7 86224]
    R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-12-7 110032]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-4-1 34392]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-12-7 44768]
    R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
    R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-4-21 312400]
    R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-6-16 866336]
    R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-4-21 13336]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-9-29 355440]
    R2 McMPFSvc;McAfee Personal Firewall-tjeneste;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-9-29 355440]
    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-9-29 355440]
    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-9-29 355440]
    R2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-4-21 200056]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-4-21 245352]
    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-4-21 149032]
    R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-3-9 250368]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-6 144640]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-12-7 1153368]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-4-21 2320920]
    R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-4-21 243232]
    R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Googles oppdateringstjeneste (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-30 135664]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
    S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
    S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
    S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-8-31 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-6-21 79360]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
    S3 gupdatem;Google-oppdatering-tjenesten (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-30 135664]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
    S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-4-17 305520]
    S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-6 50432]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    S3 skfiltv;skfiltv;C:\Windows\system32\drivers\skfiltv.sys --> C:\Windows\system32\drivers\skfiltv.sys [?]
    S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-9-29 355440]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2011-12-07 20:29:24 -------- d-----w- C:\Users\Petter\AppData\Roaming\Malwarebytes
    2011-12-07 20:29:08 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-12-07 20:29:04 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-12-07 20:29:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-12-07 18:34:26 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2011-12-07 18:34:25 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2011-12-07 18:33:10 41184 ----a-w- C:\Windows\avastSS.scr
    2011-12-07 18:32:53 -------- d-----w- C:\ProgramData\AVAST Software
    2011-12-07 18:32:53 -------- d-----w- C:\Program Files\AVAST Software
    2011-12-07 18:21:52 -------- d-----w- C:\Windows\pss
    2011-12-07 18:07:18 -------- d-----w- C:\Program Files\CCleaner
    2011-12-07 17:51:12 -------- d-----w- C:\Users\Petter\AppData\Roaming\Avira
    2011-12-07 17:50:32 97312 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2011-12-07 17:50:32 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
    2011-12-07 17:50:32 -------- d-----w- C:\ProgramData\Avira
    2011-12-07 17:50:32 -------- d-----w- C:\Program Files (x86)\Avira
    2011-12-07 17:49:50 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2011-12-07 17:49:50 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2011-12-07 11:17:38 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C47F5626-FCEA-4178-B68E-D7B2A13D1C2F}\offreg.dll
    2011-12-07 11:17:33 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C47F5626-FCEA-4178-B68E-D7B2A13D1C2F}\mpengine.dll
    2011-12-06 16:26:06 -------- d-----w- C:\Users\Petter\AppData\Local\{7E6DE56A-215C-4240-8E59-44BAF34BAC49}
    2011-12-06 16:25:54 -------- d-----w- C:\Users\Petter\AppData\Local\{D355B1AA-4BCD-4120-8ABC-AEE8626E850C}
    2011-12-04 17:11:54 -------- d-----w- C:\Users\Petter\AppData\Local\{775CA126-AD1C-48F1-B2EE-D1716B958C86}
    2011-12-04 17:11:40 -------- d-----w- C:\Users\Petter\AppData\Local\{340FAF17-3C3D-42AD-A135-E52B0E0B7481}
    2011-12-03 16:04:14 -------- d-----w- C:\Users\Petter\AppData\Local\{711CC8B6-6409-4E6C-9674-269126242630}
    2011-12-03 16:04:00 -------- d-----w- C:\Users\Petter\AppData\Local\{FB415FF5-70B8-477A-AC59-846E35FC2D41}
    2011-12-02 15:46:36 -------- d-----w- C:\Users\Petter\AppData\Local\{89072FC2-7E29-4457-B041-F18170078835}
    2011-12-01 16:22:36 -------- d-----w- C:\Users\Petter\AppData\Local\{D3BD85BB-36CF-4DC4-BDC2-8697D13B54EB}
    2011-12-01 16:22:24 -------- d-----w- C:\Users\Petter\AppData\Local\{B6769E69-E0D1-4AEA-B3E7-C49E245B0EDC}
    2011-11-30 10:13:59 -------- d-----w- C:\Users\Petter\AppData\Local\{002889DD-8E67-4556-B08F-202F4BE34243}
    2011-11-30 09:01:04 -------- d-----w- C:\Users\Petter\AppData\Local\{4D3BC7AA-F246-471A-B4AB-E18E7C5D33DA}
    2011-11-27 14:28:22 -------- d-----w- C:\Users\Petter\AppData\Local\{378288C5-6FC1-4173-B444-9B20804ADAC3}
    2011-11-27 14:27:58 -------- d-----w- C:\Users\Petter\AppData\Local\{B351F886-EE89-4CE7-9B3D-DB93F9FE5E82}
    2011-11-25 18:30:48 -------- d-----w- C:\Users\Petter\AppData\Local\{14598D13-5D6F-4260-A364-6D08BC8B997A}
    2011-11-25 18:30:27 -------- d-----w- C:\Users\Petter\AppData\Local\{3F3EA0A4-51E5-400C-BF39-24DD831DF13C}
    2011-11-25 16:54:17 -------- d-----w- C:\Users\Petter\AppData\Local\{55BAD94A-878F-4727-BF73-D07929AAAA76}
    2011-11-25 16:54:01 -------- d-----w- C:\Users\Petter\AppData\Local\{A7559B4F-F8D2-4326-8869-A9B22A90B309}
    2011-11-23 16:13:33 -------- d-----w- C:\Program Files\iPod
    2011-11-23 16:13:32 -------- d-----w- C:\Program Files\iTunes
    2011-11-23 16:13:32 -------- d-----w- C:\Program Files (x86)\iTunes
    2011-11-22 15:45:01 -------- d-----w- C:\Users\Petter\AppData\Local\{8DB85B79-52D8-4449-A678-2B5ECCF69C41}
    2011-11-22 15:44:47 -------- d-----w- C:\Users\Petter\AppData\Local\{32249DF9-4428-404C-B8D0-9DD91C0F6B39}
    2011-11-20 13:44:28 -------- d-----w- C:\Users\Petter\AppData\Local\{1E69A685-56BB-4380-8570-A352F95BEEC2}
    2011-11-20 13:44:10 -------- d-----w- C:\Users\Petter\AppData\Local\{AF79907B-9CA0-4F32-BC82-AD2780D93D4D}
    2011-11-19 18:45:12 -------- d-----w- C:\Users\Petter\AppData\Local\{EB4D841A-F259-4DED-A1C1-DBE1506DFF98}
    2011-11-19 18:44:47 -------- d-----w- C:\Users\Petter\AppData\Local\{3F0E7BE2-410B-4261-BAB0-3A9A236C8C7F}
    2011-11-18 15:46:42 -------- d-----w- C:\Users\Petter\AppData\Local\{CCCA91D6-5FBF-4A60-988B-DA5040EF18F4}
    2011-11-18 15:46:27 -------- d-----w- C:\Users\Petter\AppData\Local\{8B5C3C8E-0FDE-4F1C-83A1-1AEBE428DE3C}
    2011-11-16 22:02:01 -------- d-----w- C:\Users\Petter\AppData\Local\DDMSettings
    2011-11-16 21:55:03 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
    2011-11-16 21:54:29 -------- d-----w- C:\Program Files\DivX
    2011-11-16 21:54:16 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
    2011-11-16 21:50:55 -------- d-----w- C:\Program Files (x86)\DivX
    2011-11-16 21:49:57 -------- d-----w- C:\ProgramData\DivX
    2011-11-14 16:02:56 -------- d-----w- C:\Users\Petter\AppData\Local\{C6A8D10A-5D11-44A4-96CC-26EE8ECB1BC5}
    2011-11-14 16:02:45 -------- d-----w- C:\Users\Petter\AppData\Local\{872A447D-8714-44E9-8571-349270072CED}
    2011-11-13 13:14:24 -------- d-----w- C:\Users\Petter\AppData\Local\{16FA5BD3-A01C-4673-AA22-B11FE18D63FE}
    2011-11-13 13:14:11 -------- d-----w- C:\Users\Petter\AppData\Local\{D13E856B-8BB6-492C-B8A7-5F5241D27DBB}
    2011-11-13 11:42:34 -------- d-----w- C:\Users\Petter\AppData\Local\{607FDB82-1FF5-4ACD-9883-AE2E7EDBC8F0}
    2011-11-13 11:42:20 -------- d-----w- C:\Users\Petter\AppData\Local\{0B7798BE-9CB5-4BEF-BAA7-F986F6713117}
    2011-11-12 21:20:52 -------- d-----w- C:\Users\Petter\AppData\Local\{244481B4-EEE9-4D7D-8CC1-0D0BE9439472}
    2011-11-12 21:20:36 -------- d-----w- C:\Users\Petter\AppData\Local\{5F9102C1-5C12-4E92-8732-E4FB2D33CBB1}
    2011-11-11 16:45:42 -------- d-----w- C:\Users\Petter\AppData\Local\{2CA025CC-FC25-4C42-830B-94F1428E6819}
    2011-11-11 16:45:28 -------- d-----w- C:\Users\Petter\AppData\Local\{9A94797F-CF44-495D-A825-1CB3E522A518}
    2011-11-10 19:39:06 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
    2011-11-10 19:39:06 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
    2011-11-10 19:39:04 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-11-10 19:39:02 3141120 ----a-w- C:\Windows\System32\win32k.sys
    2011-11-08 16:58:48 -------- d-----w- C:\Users\Petter\AppData\Local\{08636789-4459-4800-8FE7-70740A20ECB7}
    2011-11-08 16:58:34 -------- d-----w- C:\Users\Petter\AppData\Local\{B505B293-A7C1-49F6-86C3-81B62C53CE10}
    .
    ==================== Find3M ====================
    .
    2011-12-07 10:41:18 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-10-20 23:26:22 94208 ----a-w- C:\Windows\SysWow64\dpl100.dll
    2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-09-29 14:12:11 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    ============= FINISH: 23:03:19,33 ===============
     
  2. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================================

    Attach.txt part of DDS is missing.

    You're running three AV programs, Avast, Avira and McAfee.
    TWO of them have to go.
    If McAfee is one of them use this tool to uninstall it: http://majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html
     
  3. Petter

    Petter TS Rookie Topic Starter

    ok

    Thank you for the quick response.
    I have now removed both Avira and McAfee, and will post the attach file below. Do you want me to do the 5steps again now that Avira and McAfee are gone?

    --------------------------------------------------------
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 29.09.2010 19:50:31
    System Uptime: 07.12.2011 21:21:45 (2 hours ago)
    .
    Motherboard: Acer | | Aspire 5741G
    Processor: Intel(R) Core(TM) i5 CPU M 450 @ 2.40GHz | CPU | 2400/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 452 GiB total, 368,33 GiB free.
    D: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP119: 30.11.2011 14:09:13 - Windows Update
    RP120: 03.12.2011 17:05:32 - Windows Update
    RP121: 07.12.2011 11:37:10 - Installed Java(TM) 6 Update 29
    RP122: 07.12.2011 11:41:07 - Installed Java(TM) 6 Update 27
    RP123: 07.12.2011 11:44:36 - Removed Java(TM) 6 Update 29
    RP124: 07.12.2011 11:45:19 - Installed Java(TM) 6 Update 29
    RP125: 07.12.2011 12:17:21 - Windows Update
    RP126: 07.12.2011 19:12:14 - Removed PunkBuster for Battlefield 1942
    RP127: 07.12.2011 19:13:47 - Removed Microsoft Office Home and Student 2007
    RP128: 07.12.2011 19:19:34 - Removed Java(TM) 6 Update 29
    RP129: 07.12.2011 19:32:16 - avast! Free Antivirus Setup
    .
    ==== Installed Programs ======================
    .
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    Acer Backup Manager
    Acer Crystal Eye Webcam
    Acer ePower Management
    Acer eRecovery Management
    Acer Registration
    Acer ScreenSaver
    Acer Updater
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.4.4 MUI
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Software Update
    Ask Toolbar
    Atheros BT update 64
    avast! Free Antivirus
    Avira Free Antivirus
    Backup Manager Basic
    Creative ALchemy
    Creative Audio Control Panel
    Creative Software AutoUpdate
    Creative System Information
    Creative USB Headsets
    CyberLink PowerDVD 9
    D3DX10
    DivX Setup
    eSobi v2
    Football Manager 2012
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Host OpenAL
    HP Deskjet 1050 J410 series Hjelp
    HP Update
    Identity Card
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Java Auto Updater
    Java(TM) 6 Update 27
    Junk Mail filter update
    Launch Manager
    Malwarebytes' Anti-Malware version 1.51.2.1300
    McAfee Internet Security Suite
    McAfee Security Scan Plus
    Mesh Runtime
    Messenger Assistent
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (Norwegian (Bokmål)) 2007
    Microsoft Office Excel 2007 Help Oppdatering (KB963678)
    Microsoft Office Excel MUI (Norwegian (Bokmål)) 2007
    Microsoft Office Groove MUI (Norwegian (Bokmål)) 2007
    Microsoft Office InfoPath MUI (Norwegian (Bokmål)) 2007
    Microsoft Office Language Pack 2007 - Norwegian/norsk
    Microsoft Office O MUI (Norwegian (Bokmål)) 2007
    Microsoft Office OneNote MUI (Norwegian (Bokmål)) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (Norwegian (Bokmål)) 2007
    Microsoft Office Powerpoint 2007 Help Oppdatering (KB963669)
    Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (German) 2007
    Microsoft Office Proof (Norwegian (Bokmål)) 2007
    Microsoft Office Proof (Norwegian (Nynorsk)) 2007
    Microsoft Office Proofing (Norwegian (Bokmål)) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (Norwegian (Bokmål)) 2007
    Microsoft Office Shared MUI (Norwegian (Bokmål)) 2007
    Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    Microsoft Office SharePoint Designer MUI (Norwegian (Bokmål)) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word 2007 Help Oppdatering (KB963665)
    Microsoft Office Word MUI (Norwegian (Bokmål)) 2007
    Microsoft Office X MUI (Norwegian (Bokmål)) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MSVCRT
    MSVCRT_amd64
    MyWinLocker
    MyWinLocker Suite
    Norton Online Backup
    NTI Backup Now 5
    NTI Backup Now Standard
    NTI Media Maker 8
    NVIDIA PhysX
    NVIDIA Updatus
    PokerStars
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Shredder
    SopCast 3.2.9
    Spybot - Search & Destroy
    Steam
    TeamSpeak 3 Client
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    VC80CRTRedist - 8.0.50727.6195
    Ventrilo Client
    VLC media player 1.1.5
    Welcome Center
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Fotogalleri
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR archiver
    World of Warcraft
    .
    ==== End Of File ===========================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Thanks :)

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =========================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. Petter

    Petter TS Rookie Topic Starter

    ok

    Thank you again for the fast answer, I will post the logs I got below. Starting with the aswMBR:


    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-09 16:57:24
    -----------------------------
    16:57:24.805 OS Version: Windows x64 6.1.7600
    16:57:24.805 Number of processors: 4 586 0x2505
    16:57:24.806 ComputerName: ACEACE UserName: Petter
    16:57:26.797 Initialize success
    16:57:26.864 AVAST engine defs: 11120800
    17:00:22.574 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    17:00:22.577 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
    17:00:22.605 Disk 0 MBR read successfully
    17:00:22.607 Disk 0 MBR scan
    17:00:22.611 Disk 0 Windows 7 default MBR code
    17:00:22.614 Service scanning
    17:00:24.165 Modules scanning
    17:00:24.169 Disk 0 trace - called modules:
    17:00:24.204 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    17:00:24.209 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800521c060]
    17:00:24.212 3 CLASSPNP.SYS[fffff88001b5f43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004fd8050]
    17:00:25.393 AVAST engine scan C:\Windows
    17:00:28.516 AVAST engine scan C:\Windows\system32
    17:01:26.008 AVAST engine scan C:\Windows\system32\drivers
    17:01:34.259 AVAST engine scan C:\Users\Petter
    17:04:03.682 AVAST engine scan C:\ProgramData
    17:04:54.075 Scan finished successfully
    17:05:27.616 Disk 0 MBR has been saved successfully to "C:\Users\Petter\Desktop\MBR.dat"
    17:05:27.620 The log file has been saved successfully to "C:\Users\Petter\Desktop\aswMBR.txt"
    -----------------------------------------------------------------------------------------

    ComboFix:

    ComboFix 11-12-08.01 - Petter 09.12.2011 17:09:40.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.47.1044.18.3959.2151 [GMT 1:00]
    Kjører fra: c:\users\Petter\Downloads\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\FullRemove.exe
    .
    .
    ((((((((((((((((((((((((((( Filer Opprettet Fra 2011-11-09 til 2011-12-09 )))))))))))))))))))))))))))))))))
    .
    .
    2011-12-09 16:15 . 2011-12-09 16:15 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-12-09 15:42 . 2011-12-09 15:42 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8B8D674C-00B5-4E62-945D-D0AFC7977857}\offreg.dll
    2011-12-09 15:42 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8B8D674C-00B5-4E62-945D-D0AFC7977857}\mpengine.dll
    2011-12-07 20:29 . 2011-12-07 20:29 -------- d-----w- c:\users\Petter\AppData\Roaming\Malwarebytes
    2011-12-07 20:29 . 2011-12-07 20:29 -------- d-----w- c:\programdata\Malwarebytes
    2011-12-07 20:29 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-07 20:29 . 2011-12-07 21:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-12-07 18:34 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-12-07 18:34 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-12-07 18:34 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-12-07 18:34 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-12-07 18:34 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-12-07 18:34 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
    2011-12-07 18:34 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-12-07 18:33 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
    2011-12-07 18:33 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2011-12-07 18:32 . 2011-12-07 18:32 -------- d-----w- c:\programdata\AVAST Software
    2011-12-07 18:32 . 2011-12-07 18:32 -------- d-----w- c:\program files\AVAST Software
    2011-12-07 18:07 . 2011-12-07 18:07 -------- d-----w- c:\program files\CCleaner
    2011-12-07 17:49 . 2011-12-07 18:20 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-12-07 17:49 . 2011-12-07 17:49 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2011-11-23 16:13 . 2011-11-23 16:13 -------- d-----w- c:\program files\iPod
    2011-11-23 16:13 . 2011-11-23 16:14 -------- d-----w- c:\program files\iTunes
    2011-11-23 16:13 . 2011-11-23 16:14 -------- d-----w- c:\program files (x86)\iTunes
    2011-11-16 22:02 . 2011-11-16 22:02 -------- d-----w- c:\users\Petter\AppData\Local\DDMSettings
    2011-11-16 21:56 . 2011-11-17 16:44 -------- d-----w- c:\users\Petter\AppData\Roaming\DivX
    2011-11-16 21:55 . 2011-11-16 21:55 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
    2011-11-16 21:54 . 2011-11-16 21:54 -------- d-----w- c:\program files\DivX
    2011-11-16 21:54 . 2011-11-16 21:54 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
    2011-11-16 21:50 . 2011-11-16 21:56 -------- d-----w- c:\program files (x86)\DivX
    2011-11-16 21:49 . 2011-11-16 21:56 -------- d-----w- c:\programdata\DivX
    2011-11-10 19:39 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
    2011-11-10 19:39 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
    2011-11-10 19:39 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-10 19:39 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-07 10:41 . 2010-11-09 18:21 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-10-20 23:26 . 2011-10-20 23:26 94208 ----a-w- c:\windows\SysWow64\dpl100.dll
    2011-10-01 03:21 . 2011-10-13 21:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-10-01 02:59 . 2011-10-13 21:16 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2011-09-29 14:12 . 2011-07-03 12:47 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    .
    (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-07-07 1491920]
    .
    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2011-07-07 15:53 1491920 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-07-07 1491920]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2010-04-17 05:55 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CreativeTaskScheduler"="c:\program files (x86)\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]
    "Creative Software Update"="c:\program files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe" [2007-01-04 481200]
    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696]
    "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-04-17 337264]
    "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
    "EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
    "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
    "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
    "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-04-08 908368]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "VolPanel"="c:\program files (x86)\Creative\USB Headsets\Volume Panel\VolPanlu.exe" [2008-08-27 233588]
    "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-07-07 399312]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-12 421736]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux4"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Googles oppdateringstjeneste (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-30 135664]
    R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
    R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
    R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
    R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-08-31 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-06-21 79360]
    R3 gupdatem;Google-oppdatering-tjenesten (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-30 135664]
    R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-04-17 305520]
    R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
    R3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [x]
    R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
    S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
    S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-04-01 34392]
    S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-04-08 312400]
    S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-03-17 866336]
    S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
    S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
    S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    --- Andre tjenester/drivere lastet i minnet ---
    .
    *NewlyCreated* - ASWMBR
    *Deregistered* - aswMBR
    .
    Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
    .
    2011-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-30 20:37]
    .
    2011-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-30 20:37]
    .
    2011-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2407720693-337915153-2194388618-1002Core.job
    - c:\users\Petter\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-10 22:19]
    .
    2011-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2407720693-337915153-2194388618-1002UA.job
    - c:\users\Petter\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-10 22:19]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2010-04-17 05:58 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-29 9913376]
    "mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-04-17 349552]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-07 17412200]
    "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-04-01 558168]
    "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-04-01 349272]
    "PLFSetI"="c:\windows\PLFSetI.exe" [2010-01-13 206208]
    "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-03-17 860704]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Tilleggsskanning -------
    .
    uStart Page = hxxp://www.google.no/
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://no.woofi.info
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 217.13.7.140 217.13.4.24
    DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    .
    - - - - TOMME PEKERE FJERNET - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-PokerStars - c:\program files (x86)\PokerStars\PokerStarsUninstall.exe
    AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
    .
    .
    .
    --------------------- LÅSTE REGISTERNØKLER ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Tidspunkt ferdig: 2011-12-09 17:18:00
    ComboFix-quarantined-files.txt 2011-12-09 16:17
    .
    Pre-Run: 396*826*525*696 byte ledig
    Post-Run: 396*330*979*328 byte ledig
    .
    - - End Of File - - 206DFA44C9E8110CD946ACE198E075AF
     
  6. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Uninstall Ask Toolbar, typical foistware.

    Other than that all looks clean.

    I suggest you start new topic in Windows forum.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...