TechSpot

Malwarebytes keeps blocking outgoing and incoming connections

Solved
By OcularDismay
Nov 3, 2012
  1. Malwarebytes keeps IP blocking programs like skype, utorrent, avastsvc and tor. It just happens randomly, and they tend to change from outgoing to incoming. It's been going on for a month or two. I've scanned my computer with tdsskiller, OTL, Avast, Malwarebytes, and Combofix, and everything is clean. However, I still get those popups regularly. Does this mean my system is actually infected or what?

    Also, I should add that it started after getting a pretty serious virus from an unknown source, called win32 malware gen. I stopped it before I did any harm, and I still have all my information and accounts intact.
     
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
    Please review the 5-Step removal instructions and post the logs back here for my review.

    Also, include this scan:

    Download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
     
  3. OcularDismay

    OcularDismay TS Rookie Topic Starter

    Malwarebytes Anti-Malware (PRO) 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.02.11

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Asgeir :: ASGEIR-PC [administrator]

    Protection: Enabled

    03.11.2012 19:37:18
    mbam-log-2012-11-03 (19-37-18).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 228290
    Time elapsed: 54 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    GMEM didn't find any modifications, so no log there.
     
  4. OcularDismay

    OcularDismay TS Rookie Topic Starter

    DDS (Ver_2012-10-19.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
    Run by Asgeir at 20:08:37 on 2012-11-03
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.47.1044.18.6128.3579 [GMT 1:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\WTouch\WTouchService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Program Files\HitmanPro\hmpsched.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Program Files\WTouch\WTouchUser.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\Pen_Tablet.exe
    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
    C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
    C:\Windows\system32\WTablet\Pen_TabletUser.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\Pen_Tablet.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\SysWOW64\ctfmon.exe
    C:\Windows\notepad.exe
    C:\Users\Asgeir\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Asgeir\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Asgeir\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Asgeir\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Asgeir\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Asgeir\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Asgeir\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Asgeir\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Users\Asgeir\AppData\Roaming\Spotify\Spotify.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://ham.asksearch.com/?cfg=2-396-0-...
    mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0414&m=ixtreme_m5140&r=17360211y006pe485v125y46k2240o
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Påloggingshjelp for Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab
    TCP: Interfaces\{AC82199A-BDAC-42A9-9E7C-66AA33C7E3A3} : DHCPNameServer = 82.194.192.37 82.194.192.40
    TCP: Interfaces\{AC82199A-BDAC-42A9-9E7C-66AA33C7E3A3}\14377656E6564747 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{AC82199A-BDAC-42A9-9E7C-66AA33C7E3A3}\149627C496E6B65393330303 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{AC82199A-BDAC-42A9-9E7C-66AA33C7E3A3}\8445340205F627471626C6560284F6473707F647 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{AC82199A-BDAC-42A9-9E7C-66AA33C7E3A3}\875627E65647 : DHCPNameServer = 192.168.1.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\MP3 Skype Recorder\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    x64-mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0414&m=ixtreme_m5140&r=17360211y006pe485v125y46k2240o
    x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Asgeir\AppData\Roaming\Mozilla\Firefox\Profiles\39k9oc6z.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://ham.asksearch.com/?cfg=2-396-0-...
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
    FF - component: C:\Users\Asgeir\AppData\Roaming\Mozilla\Firefox\Profiles\39k9oc6z.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
    FF - component: C:\Users\Asgeir\AppData\Roaming\Mozilla\Firefox\Profiles\39k9oc6z.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
    FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    FF - Ext: avast! WebRep: wrc@avast.com - C:\Program Files\AVAST Software\Avast\WebRep\FF
    .
    ============= SERVICES / DRIVERS ===============
    .
    P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-8-29 8704]
    R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2012-9-29 291624]
    R0 MxEFUF;Matrox Extio Upper Function Filter;C:\Windows\System32\drivers\MxEFUF64.sys [2011-10-30 143688]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-2-19 55856]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-4-22 984144]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-4-22 370288]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-5-14 254528]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-4-22 25232]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-4-22 71600]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-2 44808]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-13 399432]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-9-14 1258856]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 TabletServicePen;TabletServicePen;C:\Windows\System32\Pen_Tablet.exe [2011-2-23 5556520]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-8 2028864]
    R2 Updater Service;Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-6-8 243232]
    R2 WTouchService;WTouch Service;C:\Program Files\WTouch\WTouchService.exe [2011-2-23 127784]
    R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\System32\drivers\vrtaucbl.sys [2012-4-26 101376]
    R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2012-1-11 34304]
    R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2012-2-22 28160]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-9-14 1874016]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-8 346144]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-2-10 11856]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s --> C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [?]
    S2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2012-7-28 108904]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-13 676936]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 250808]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-9 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
    S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-7-27 25928]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]
    S3 V0700Vid;Creative Live! Cam Chat HD Driver;C:\Windows\System32\drivers\V0700Vid.sys [2011-9-6 393920]
    S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2011-2-23 18216]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-21 1255736]
    S4 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
    S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
    S4 Greg_Service;GRegService;C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-8-28 1150496]
    S4 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-2-21 2253688]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-11-03 19:06:24--------d-sh--w-C:\$RECYCLE.BIN
    2012-11-03 17:12:15--------d-----w-C:\ComboFix
    2012-11-03 13:23:2469000----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{80ED7057-6D43-49EA-AC6F-B2D289B7C260}\offreg.dll
    2012-11-02 14:40:519291768----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{80ED7057-6D43-49EA-AC6F-B2D289B7C260}\mpengine.dll
    2012-10-31 21:41:40--------d-----w-C:\Program Files (x86)\PopCap Games
    2012-10-31 21:31:01--------d-----w-C:\ProgramData\PopCap Games
    2012-10-27 12:15:35--------d-----w-C:\gPotato.com
    2012-10-26 17:28:2930312----a-w-C:\Windows\System32\drivers\LPCFilter.sys
    2012-10-26 17:27:242557800----a-w-C:\Windows\System32\nvsvcr.dll
    2012-10-14 20:54:31--------d-----w-C:\Users\Asgeir\AppData\Local\Darksiders2
    2012-10-11 18:12:17821736----a-w-C:\Windows\SysWow64\npDeployJava1.dll
    2012-10-11 18:12:0895208----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-10-10 13:22:59172544----a-w-C:\Windows\SysWow64\wintrust.dll
    2012-10-10 13:22:542048----a-w-C:\Windows\SysWow64\tzres.dll
    2012-10-10 13:22:542048----a-w-C:\Windows\System32\tzres.dll
    2012-10-10 13:22:49714752----a-w-C:\Windows\System32\kerberos.dll
    2012-10-10 13:22:49541184----a-w-C:\Windows\SysWow64\kerberos.dll
    2012-10-10 13:22:411462784----a-w-C:\Windows\System32\crypt32.dll
    2012-10-10 13:22:40182272----a-w-C:\Windows\System32\cryptsvc.dll
    2012-10-10 13:22:40140288----a-w-C:\Windows\System32\cryptnet.dll
    2012-10-10 13:22:40139264----a-w-C:\Windows\SysWow64\cryptsvc.dll
    2012-10-10 13:22:401157632----a-w-C:\Windows\SysWow64\crypt32.dll
    2012-10-10 13:22:39103936----a-w-C:\Windows\SysWow64\cryptnet.dll
    .
    ==================== Find3M ====================
    .
    2012-10-31 23:09:34280904----a-w-C:\Windows\SysWow64\PnkBstrB.xtr
    2012-10-31 23:09:34280904----a-w-C:\Windows\SysWow64\PnkBstrB.exe
    2012-10-30 22:51:55984144----a-w-C:\Windows\System32\drivers\aswSnx.sys
    2012-10-30 22:51:5571600----a-w-C:\Windows\System32\drivers\aswMonFlt.sys
    2012-10-30 22:51:0741224----a-w-C:\Windows\avastSS.scr
    2012-10-20 00:35:556222696----a-w-C:\Windows\System32\nvcpl.dll
    2012-10-20 00:35:523310440----a-w-C:\Windows\System32\nvsvc64.dll
    2012-10-20 00:35:09890216----a-w-C:\Windows\System32\nvvsvc.exe
    2012-10-20 00:35:0963336----a-w-C:\Windows\System32\nvshext.dll
    2012-10-20 00:35:09118120----a-w-C:\Windows\System32\nvmctray.dll
    2012-10-15 16:59:2854072----a-w-C:\Windows\System32\drivers\aswRdr2.sys
    2012-10-11 18:11:56746984----a-w-C:\Windows\SysWow64\deployJava1.dll
    2012-10-08 23:58:1873656----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-08 23:58:18696760----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-09-29 17:54:2625928----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-08-31 18:02:201656688----a-w-C:\Windows\System32\drivers\ntfs.sys
    2012-08-30 19:14:0060776----a-w-C:\Windows\System32\OpenCL.dll
    2012-08-30 19:14:0052584----a-w-C:\Windows\SysWow64\OpenCL.dll
    2012-08-30 18:11:295505904----a-w-C:\Windows\System32\ntoskrnl.exe
    2012-08-30 17:18:333958128----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
    2012-08-30 17:18:333902832----a-w-C:\Windows\SysWow64\ntoskrnl.exe
    2012-08-30 08:40:14429416----a-w-C:\Windows\SysWow64\nvStreaming.exe
    2012-08-24 18:05:28220160----a-w-C:\Windows\System32\wintrust.dll
    2012-08-24 10:31:322312704----a-w-C:\Windows\System32\jscript9.dll
    2012-08-24 10:21:181392128----a-w-C:\Windows\System32\wininet.dll
    2012-08-24 10:20:111494528----a-w-C:\Windows\System32\inetcpl.cpl
    2012-08-24 10:14:45173056----a-w-C:\Windows\System32\ieUnatt.exe
    2012-08-24 10:13:29599040----a-w-C:\Windows\System32\vbscript.dll
    2012-08-24 10:09:422382848----a-w-C:\Windows\System32\mshtml.tlb
    2012-08-24 06:59:171800704----a-w-C:\Windows\SysWow64\jscript9.dll
    2012-08-24 06:51:271129472----a-w-C:\Windows\SysWow64\wininet.dll
    2012-08-24 06:51:021427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47:26142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47:12420864----a-w-C:\Windows\SysWow64\vbscript.dll
    2012-08-24 06:43:582382848----a-w-C:\Windows\SysWow64\mshtml.tlb
    2012-08-18 15:43:05362496----a-w-C:\Windows\System32\wow64win.dll
    2012-08-18 15:43:05243200----a-w-C:\Windows\System32\wow64.dll
    2012-08-18 15:43:0513312----a-w-C:\Windows\System32\wow64cpu.dll
    2012-08-18 15:42:31215040----a-w-C:\Windows\System32\winsrv.dll
    2012-08-18 15:40:2616384----a-w-C:\Windows\System32\ntvdm64.dll
    2012-08-18 15:37:49425984----a-w-C:\Windows\System32\KernelBase.dll
    2012-08-18 15:34:13338432----a-w-C:\Windows\System32\conhost.exe
    2012-08-18 11:22:5514336----a-w-C:\Windows\SysWow64\ntvdm64.dll
    2012-08-18 11:19:4544032----a-w-C:\Windows\apppatch\acwow64.dll
    2012-08-18 11:19:2225600----a-w-C:\Windows\SysWow64\setup16.exe
    2012-08-18 11:17:565120----a-w-C:\Windows\SysWow64\wow32.dll
    2012-08-18 11:17:56274944----a-w-C:\Windows\SysWow64\KernelBase.dll
    2012-08-18 09:12:097680----a-w-C:\Windows\SysWow64\instnm.exe
    2012-08-18 09:12:092048----a-w-C:\Windows\SysWow64\user.exe
    2012-08-18 09:07:026144---ha-w-C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-08-18 09:07:024608---ha-w-C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-18 09:07:023584---ha-w-C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-18 09:07:023072---ha-w-C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-08-09 21:11:15280976----a-w-C:\Windows\SysWow64\PnkBstrB.ex0
    .
    ============= FINISH: 20:08:51,29 ===============









    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-10-19.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 19.02.2011 17:46:11
    System Uptime: 03.11.2012 13:54:58 (7 hours ago)
    .
    Motherboard: Packard Bell | | ixtreme M5140
    Processor: AMD Phenom(tm) II X6 1035T Processor | CPU 1 | 1378/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 690 GiB total, 374,981 GiB free.
    D: is FIXED (NTFS) - 691 GiB total, 640,074 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    K: is CDROM ()
    L: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP509: 03.11.2012 18:12:54 - ComboFix created restore point
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Photoshop Elements 8.0
    Adobe Reader X (10.1.1) - Norsk
    Advertising Center
    Allods Online 3.0.04.39
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Catalyst Install Manager
    µTorrent
    Audacity 1.2.6
    avast! Free Antivirus
    Bamboo
    Battlefield 3™
    Bejeweled 2 Deluxe
    BioShock 2
    Black & White® 2
    Bonjour
    CCleaner
    Comical 0.8
    Creative Live! Cam Chat HD (VF0700) (1.00.06.00)
    CyberLink MediaShow
    D3DX10
    DAEMON Tools Lite
    Darksiders II
    Deer Hunter - The 2005 Season
    Diablo II
    Diablo III
    DiRT 2
    DivX Setup
    Dota 2
    Dragon Age: Origins
    DriverMax 6
    Dual-Core Optimizer
    ESN Sonar
    Façade
    Fraps (remove only)
    GameSpy Comrade
    Google Chrome
    Grand Theft Auto IV
    Grand Theft Auto: Episodes from Liberty City
    Hammerfight
    Heroes of Might & Magic V: Hammers of Fate
    Heroes of Might and Magic V
    Heroes of Might and Magic V - Tribes of the East
    Hi-Rez Studios Authenticate and Update Service
    HitmanPro 3.6
    Hotkey Utility
    Identity Card
    ImagXpress
    iTunes
    Java 7 Update 7
    Java Auto Updater
    Junk Mail filter update
    Katawa Shoujo
    League of Legends
    LogMeIn Hamachi
    Malwarebytes Anti-Malware version 1.65.1.1000
    ManyCam 3.0.79 (remove only)
    Mesh Runtime
    Messenger Assistent
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Client Profile NOR Language Pack
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Extended NOR Language Pack
    Microsoft Application Error Reporting
    Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2010
    Microsoft Office Home and Business 2010 - English
    Microsoft Office Klikk og bruk 2010
    Microsoft Office Starter 2010 - norsk
    Microsoft PowerPoint Viewer
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft WSE 3.0 Runtime
    Microsoft XNA Framework Redistributable 3.1
    Microsoft XNA Framework Redistributable 4.0
    Mount & Blade: With Fire and Sword
    Mount&Blade
    Mozilla Firefox (3.6.13)
    Mozilla Thunderbird (3.1.7)
    MP3 Skype Recorder
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML4 Parser
    Nero 9 Essentials
    Nero ControlCenter
    Nero DiscSpeed
    Nero DiscSpeed Help
    Nero DriveSpeed
    Nero DriveSpeed Help
    Nero Express Help
    Nero InfoTool
    Nero InfoTool Help
    Nero Installer
    Nero Online Upgrade
    Nero StartSmart
    Nero StartSmart Help
    Nero StartSmart OEM
    NeroExpress
    neroxml
    Nitronic Rush (2012-03-03) version 20120303.0
    NVIDIA 3D Vision Controller Driver
    NVIDIA Driver til 3D Vision-kontroller 306.23
    NVIDIA Grafikkdriver 306.23
    NVIDIA Install Application
    NVIDIA kontrollpanel 310.33
    NVIDIA oppdateringer 1.10.8
    NVIDIA PhysX
    NVIDIA PhysX systemprogramvare 9.12.0604
    NVIDIA Update Components
    Oblivion
    OpenAL
    Orcs Must Die!
    Origin
    Packard Bell Games
    Packard Bell InfoCentre
    Packard Bell Photo Frame 4.2.3.10
    Packard Bell Recovery Management
    Packard Bell Registration
    Packard Bell ScreenSaver
    Packard Bell Software Suite SE
    Packard Bell Updater
    Pando Media Booster
    PDF-Viewer
    Plants vs. Zombies - Game of the Year
    PunkBuster Services
    Realtek High Definition Audio Driver
    Rosetta Stone Version 3
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Sequence
    Sid Meier's Civilization V
    Skype™ 5.10
    Splinter Cell Pandora Tomorrow
    Spotify
    StarCraft II
    Steam
    TeamViewer 6
    The Binding Of Isaac
    Thief - Deadly Shadows
    Tiny and Big - Grandpa's Leftovers (remove only)
    Tom Clancy's Rainbow Six Vegas
    Tom Clancy's Rainbow Six Vegas 2
    Tribes: Ascend
    TuneUp Utilities 2011
    TuneUp Utilities Language Pack (en-US)
    Ubisoft Game Launcher
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    VC80CRTRedist - 8.0.50727.6195
    Virtual Audio Cable 4.12
    VLC media player 1.1.7
    Warhammer 40,000 Space Marine
    WebTablet IE Plugin
    WebTablet Netscape Plugin
    Welcome Center
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Fotogalleri
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    WinRAR 4.00 (64-bit)
    XSplit
    .
    ==== End Of File ===========================
     
  5. OcularDismay

    OcularDismay TS Rookie Topic Starter

    # AdwCleaner v2.006 - Logfile created 11/03/2012 at 20:20:33
    # Updated 30/10/2012 by Xplode
    # Operating system : Windows 7 Home Premium (64 bits)
    # User : Asgeir - ASGEIR-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Asgeir\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\Users\Asgeir\AppData\Roaming\Mozilla\Firefox\Profiles\39k9oc6z.default\searchplugins\Askcom.xml
    File Deleted : C:\Users\Asgeir\AppData\Roaming\Mozilla\Firefox\Profiles\39k9oc6z.default\searchplugins\daemon-search.xml
    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\ProgramData\boost_interprocess
    Folder Deleted : C:\ProgramData\Partner
    Folder Deleted : C:\ProgramData\Trymedia
    Folder Deleted : C:\Users\Asgeir\AppData\Local\APN
    Folder Deleted : C:\Users\Asgeir\AppData\LocalLow\boost_interprocess
    Folder Deleted : C:\Users\Asgeir\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Asgeir\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Asgeir\AppData\Roaming\Mozilla\Firefox\Profiles\39k9oc6z.default\Conduit
    Folder Deleted : C:\Users\Asgeir\AppData\Roaming\Mozilla\Firefox\Profiles\39k9oc6z.default\ConduitEngine
    Folder Deleted : C:\Users\Asgeir\AppData\Roaming\Mozilla\Firefox\Profiles\39k9oc6z.default\CT2786678
    Folder Deleted : C:\Users\Asgeir\AppData\Roaming\Mozilla\Firefox\Profiles\39k9oc6z.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    Folder Deleted : C:\Users\Asgeir\AppData\Roaming\Mozilla\Firefox\Profiles\39k9oc6z.default\extensions\engine@conduit.com

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
    Key Deleted : HKLM\Software\Conduit
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    [OK] Registry is clean.

    -\\ Mozilla Firefox v3.6.13 (nb-NO)

    Profile name : default
    File : C:\Users\Asgeir\AppData\Roaming\Mozilla\Firefox\Profiles\39k9oc6z.default\prefs.js

    Deleted : user_pref("CT2786678..clientLogIsEnabled", true);
    Deleted : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
    Deleted : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
    Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    Deleted : user_pref("CT2786678.AppTrackingLastCheckTime", "Wed Jun 27 2012 18:37:56 GMT+0200");
    Deleted : user_pref("CT2786678.CTID", "CT2786678");
    Deleted : user_pref("CT2786678.CurrentServerDate", "20-11-2011");
    Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");
    Deleted : user_pref("CT2786678.DialogsGetterLastCheckTime", "Wed Jun 27 2012 18:37:56 GMT+0200");
    Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");
    Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Wed Jun 27 2012 18:37:27 GMT+0200");
    Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 356);
    Deleted : user_pref("CT2786678.FeedPollDate2429156812186649977", "Wed Jun 27 2012 18:37:29 GMT+0200");
    Deleted : user_pref("CT2786678.FeedPollDate2429156813040823546", "Wed Jun 27 2012 18:37:28 GMT+0200");
    Deleted : user_pref("CT2786678.FeedPollDate2429156813130095866", "Wed Jun 27 2012 18:37:28 GMT+0200");
    Deleted : user_pref("CT2786678.FeedPollDate2429156813224203613", "Wed Jun 27 2012 18:37:28 GMT+0200");
    Deleted : user_pref("CT2786678.FeedPollDate2429156813230837251", "Wed Jun 27 2012 18:37:28 GMT+0200");
    Deleted : user_pref("CT2786678.FeedPollDate2429156813454291735", "Wed Jun 27 2012 18:37:28 GMT+0200");
    Deleted : user_pref("CT2786678.FeedPollDate2429156813729834876", "Wed Jun 27 2012 18:37:28 GMT+0200");
    Deleted : user_pref("CT2786678.FeedPollDate2429156813860870021", "Wed Jun 27 2012 18:37:29 GMT+0200");
    Deleted : user_pref("CT2786678.FeedPollDate2429156814264681793", "Wed Jun 27 2012 18:37:28 GMT+0200");
    Deleted : user_pref("CT2786678.FeedPollDate2429156814863075366", "Wed Jun 27 2012 18:37:28 GMT+0200");
    Deleted : user_pref("CT2786678.FeedPollDate2429156815257761081", "Wed Jun 27 2012 18:37:28 GMT+0200");
    Deleted : user_pref("CT2786678.FeedTTL2429156813040823546", 15);
    Deleted : user_pref("CT2786678.FeedTTL2429156813130095866", 10);
    Deleted : user_pref("CT2786678.FeedTTL2429156813454291735", 5);
    Deleted : user_pref("CT2786678.FeedTTL2429156814264681793", 5);
    Deleted : user_pref("CT2786678.FirstServerDate", "2-7-2011");
    Deleted : user_pref("CT2786678.FirstTime", true);
    Deleted : user_pref("CT2786678.FirstTimeFF3", true);
    Deleted : user_pref("CT2786678.FixPageNotFoundErrors", false);
    Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
    Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);
    Deleted : user_pref("CT2786678.Initialize", true);
    Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);
    Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
    Deleted : user_pref("CT2786678.InstallationType", "UnknownIntegration");
    Deleted : user_pref("CT2786678.InstalledDate", "Sat Jul 02 2011 18:00:05 GMT+0200");
    Deleted : user_pref("CT2786678.IsGrouping", false);
    Deleted : user_pref("CT2786678.IsMulticommunity", false);
    Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);
    Deleted : user_pref("CT2786678.IsOpenUninstallPage", false);
    Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Wed Jun 27 2012 18:37:56 GMT+0200");
    Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
    Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
    Deleted : user_pref("CT2786678.LastLogin_3.3.3.2", "Wed Jun 27 2012 18:37:56 GMT+0200");
    Deleted : user_pref("CT2786678.LatestVersion", "3.8.0.8");
    Deleted : user_pref("CT2786678.Locale", "en");
    Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");
    Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
    Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");
    Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
    Deleted : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278[...]
    Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);
    Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
    Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Wed Jun 27 2012 18:37:27 GMT+0200");
    Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
    Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
    Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Wed Jun 27 2012 18:37:56 GMT+0200");
    Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Wed Jun 27 2012 18:37:27 GMT+0200");
    Deleted : user_pref("CT2786678.SettingsLastUpdate", "1314985690");
    Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
    Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Wed Jun 27 2012 18:37:27 GMT+0200");
    Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1312887586");
    Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
    Deleted : user_pref("CT2786678.UserID", "UN91462696839369538");
    Deleted : user_pref("CT2786678.WeatherNetwork", "");
    Deleted : user_pref("CT2786678.WeatherPollDate", "Wed Jun 27 2012 18:37:29 GMT+0200");
    Deleted : user_pref("CT2786678.WeatherUnit", "C");
    Deleted : user_pref("CT2786678.alertChannelId", "1178763");
    Deleted : user_pref("CT2786678.backendstorage.cbfirsttime", "53756E204E6F7620323020323031312031363A31333A33352[...]
    Deleted : user_pref("CT2786678.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
    Deleted : user_pref("CT2786678.backendstorage.url_history", "6A6176617363726970743A3B");
    Deleted : user_pref("CT2786678.backendstorage.url_history_time", "31333135333235373531353835");
    Deleted : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
    Deleted : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Wed Jun 27 2012 18:37:56 GMT+0200");
    Deleted : user_pref("CT2786678.isAppTrackingManagerOn", true);
    Deleted : user_pref("CT2786678.myStuffEnabled", true);
    Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
    Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
    Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
    Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
    Deleted : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,1000234,129295698017012804[...]
    Deleted : user_pref("CT2786678.testingCtid", "");
    Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Wed Jun 27 2012 18:37:56 GMT+0200");
    Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Sat Jul 02 2011 18:00:05 GMT+0200");
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/NO", "\"0\"[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/NO", "\"0\"")[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", [...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678",[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2786678&octid=[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"1d8[...]
    Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2786678");
    Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
    Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "utorrentbar");
    Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
    Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
    Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2786678");
    Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
    Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "utorrentbar");
    Deleted : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2786678");
    Deleted : user_pref("CommunityToolbar.ToolbarsList2", "ConduitEngine,CT2786678");
    Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Jul 02 2011 18:00:06 GMT+02[...]
    Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
    Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jun 27 2012 18:37:35 GMT+0200");
    Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
    Deleted : user_pref("CommunityToolbar.alert.locale", "");
    Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 0);
    Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jun 27 2012 18:37:27 GMT+0200");
    Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "");
    Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
    Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
    Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
    Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
    Deleted : user_pref("CommunityToolbar.alert.userId", "aab7a830-cb60-4c16-883b-dc214f8563ae");
    Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Jun 27 2012 18:37:28 GMT+0200");
    Deleted : user_pref("CommunityToolbar.globalUserId", "db4d8afa-26dc-4d26-adb5-5092487e809c");
    Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
    Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
    Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Wed Jun 27 2012 18:37:56 GMT+0200");
    Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
    Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Wed Jun 27 2012 18:37:56 GMT+0200");
    Deleted : user_pref("ConduitEngine.FirstServerDate", "07/02/2011 19");
    Deleted : user_pref("ConduitEngine.FirstTime", true);
    Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
    Deleted : user_pref("ConduitEngine.FixPageNotFoundErrors", false);
    Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
    Deleted : user_pref("ConduitEngine.HideEngineAfterRestart", true);
    Deleted : user_pref("ConduitEngine.Initialize", true);
    Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
    Deleted : user_pref("ConduitEngine.InstallationType", "UnknownIntegration");
    Deleted : user_pref("ConduitEngine.InstalledDate", "Sat Jul 02 2011 18:00:05 GMT+0200");
    Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
    Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
    Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", false);
    Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Jun 27 2012 18:37:56 GMT+0200");
    Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Wed Jun 27 2012 18:37:56 GMT+0200");
    Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);
    Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
    Deleted : user_pref("ConduitEngine.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]
    Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Wed Jun 27 2012 18:37:56 GMT+0200");
    Deleted : user_pref("ConduitEngine.UserID", "UN81634311180061705");
    Deleted : user_pref("ConduitEngine.engineLocale", "nb-NO");
    Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Jun 27 2012 18:37:56 GMT+0200");
    Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Wed Jun 27 2012 18:37:56 GMT+0200");
    Deleted : user_pref("ConduitEngine.initDone", true);
    Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
    Deleted : user_pref("browser.search.order.1", "Ask.com");
    Deleted : user_pref("browser.search.selectedEngine", "Ask.com");

    -\\ Google Chrome v22.0.1229.94

    File : C:\Users\Asgeir\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S2].txt - [16131 octets] - [03/11/2012 20:20:33]

    ########## EOF - C:\AdwCleaner[S2].txt - [16192 octets] ##########
     
  6. OcularDismay

    OcularDismay TS Rookie Topic Starter

    Please let me know if you need require any other logs or scans.

    Thank you in advance
     
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
     
  8. OcularDismay

    OcularDismay TS Rookie Topic Starter

    ComboFix 12-11-03.02 - Asgeir 06.11.2012 15:06:44.3.6 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.47.1044.18.6128.4499 [GMT 1:00]
    Kjører fra: c:\users\Asgeir\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Forrige skanning -------
    .
    c:\windows\security\Database\tmp.edb
    .
    .
    ((((((((((((((((((((((((((( Filer Opprettet Fra 2012-10-06 til 2012-11-06 )))))))))))))))))))))))))))))))))
    .
    .
    2012-11-06 14:14 . 2012-11-06 14:14--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
    2012-11-06 14:14 . 2012-11-06 14:14--------d-----w-c:\users\Public\AppData\Local\temp
    2012-11-06 14:14 . 2012-11-06 14:14--------d-----w-c:\users\Default\AppData\Local\temp
    2012-11-06 13:57 . 2012-10-12 07:199291768----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{B8D3BFCF-017F-4B1E-A03D-1BF6BB3BF754}\mpengine.dll
    2012-11-04 16:09 . 2012-11-04 21:58--------d-----w-c:\users\Asgeir\AppData\Roaming\wargaming.net
    2012-11-03 21:07 . 2012-11-03 21:07--------d-----w-c:\programdata\Wild Tangent
    2012-10-31 21:41 . 2012-10-31 21:59--------d-----w-c:\program files (x86)\PopCap Games
    2012-10-31 21:31 . 2012-10-31 21:59--------d-----w-c:\programdata\PopCap Games
    2012-10-27 12:15 . 2012-10-27 12:15--------d-----w-C:\gPotato.com
    2012-10-26 17:28 . 2012-03-06 23:5930312----a-w-c:\windows\system32\drivers\LPCFilter.sys
    2012-10-26 17:27 . 2012-10-20 00:352557800----a-w-c:\windows\system32\nvsvcr.dll
    2012-10-14 20:54 . 2012-10-14 21:47--------d-----w-c:\users\Asgeir\AppData\Local\Darksiders2
    2012-10-11 18:12 . 2012-10-11 18:12--------d-----w-c:\program files (x86)\Common Files\Java
    2012-10-11 18:12 . 2012-10-11 18:11821736----a-w-c:\windows\SysWow64\npDeployJava1.dll
    2012-10-11 18:12 . 2012-10-11 18:1295208----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-10-10 13:22 . 2012-08-24 17:10172544----a-w-c:\windows\SysWow64\wintrust.dll
    2012-10-10 13:22 . 2012-09-14 19:232048----a-w-c:\windows\system32\tzres.dll
    2012-10-10 13:22 . 2012-09-14 18:302048----a-w-c:\windows\SysWow64\tzres.dll
    2012-10-10 13:22 . 2012-08-11 00:53714752----a-w-c:\windows\system32\kerberos.dll
    2012-10-10 13:22 . 2012-08-10 23:54541184----a-w-c:\windows\SysWow64\kerberos.dll
    2012-10-10 13:22 . 2012-06-02 05:251462784----a-w-c:\windows\system32\crypt32.dll
    2012-10-10 13:22 . 2012-06-02 05:25182272----a-w-c:\windows\system32\cryptsvc.dll
    2012-10-10 13:22 . 2012-06-02 05:25140288----a-w-c:\windows\system32\cryptnet.dll
    2012-10-10 13:22 . 2012-06-02 04:45139264----a-w-c:\windows\SysWow64\cryptsvc.dll
    2012-10-10 13:22 . 2012-06-02 04:451157632----a-w-c:\windows\SysWow64\crypt32.dll
    2012-10-10 13:22 . 2012-06-02 04:45103936----a-w-c:\windows\SysWow64\cryptnet.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-31 23:09 . 2011-06-21 18:00280904----a-w-c:\windows\SysWow64\PnkBstrB.xtr
    2012-10-31 23:09 . 2011-03-13 13:58280904----a-w-c:\windows\SysWow64\PnkBstrB.exe
    2012-10-30 22:51 . 2011-04-22 13:5759728----a-w-c:\windows\system32\drivers\aswTdi.sys
    2012-10-30 22:51 . 2011-04-22 13:58370288----a-w-c:\windows\system32\drivers\aswSP.sys
    2012-10-30 22:51 . 2011-04-22 13:57984144----a-w-c:\windows\system32\drivers\aswSnx.sys
    2012-10-30 22:51 . 2011-04-22 13:5771600----a-w-c:\windows\system32\drivers\aswMonFlt.sys
    2012-10-30 22:51 . 2011-04-22 13:5825232----a-w-c:\windows\system32\drivers\aswFsBlk.sys
    2012-10-30 22:51 . 2011-04-22 13:5741224----a-w-c:\windows\avastSS.scr
    2012-10-30 22:50 . 2011-04-22 13:57227648----a-w-c:\windows\SysWow64\aswBoot.exe
    2012-10-30 22:50 . 2011-04-22 13:57285328----a-w-c:\windows\system32\aswBoot.exe
    2012-10-20 05:13 . 2012-09-13 23:531805672----a-w-c:\windows\system32\nvdispco64.dll
    2012-10-20 05:13 . 2012-09-13 23:5315115376----a-w-c:\windows\SysWow64\nvd3dum.dll
    2012-10-20 05:13 . 2012-09-13 23:531504104----a-w-c:\windows\system32\nvdispgenco64.dll
    2012-10-20 05:13 . 2012-09-13 23:5314944432----a-w-c:\windows\system32\nvwgf2umx.dll
    2012-10-20 05:13 . 2012-09-13 23:532811968----a-w-c:\windows\system32\nvapi64.dll
    2012-10-20 05:13 . 2012-09-13 23:532492632----a-w-c:\windows\SysWow64\nvapi.dll
    2012-10-20 00:35 . 2012-09-13 23:546222696----a-w-c:\windows\system32\nvcpl.dll
    2012-10-20 00:35 . 2012-09-13 23:543310440----a-w-c:\windows\system32\nvsvc64.dll
    2012-10-20 00:35 . 2012-09-13 23:54890216----a-w-c:\windows\system32\nvvsvc.exe
    2012-10-20 00:35 . 2012-09-13 23:5463336----a-w-c:\windows\system32\nvshext.dll
    2012-10-20 00:35 . 2012-09-13 23:54118120----a-w-c:\windows\system32\nvmctray.dll
    2012-10-15 16:59 . 2012-04-30 15:5154072----a-w-c:\windows\system32\drivers\aswRdr2.sys
    2012-10-11 18:11 . 2011-02-21 10:44746984----a-w-c:\windows\SysWow64\deployJava1.dll
    2012-10-11 01:02 . 2011-02-21 07:5265309168----a-w-c:\windows\system32\MRT.exe
    2012-10-08 23:58 . 2012-04-05 14:25696760----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-08 23:58 . 2011-05-19 12:1973656----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-29 17:54 . 2012-07-27 15:4625928----a-w-c:\windows\system32\drivers\mbam.sys
    2012-08-30 19:14 . 2012-09-13 23:5460776----a-w-c:\windows\system32\OpenCL.dll
    2012-08-30 19:14 . 2012-09-13 23:5452584----a-w-c:\windows\SysWow64\OpenCL.dll
    2012-08-30 08:40 . 2012-08-30 08:40429416----a-w-c:\windows\SysWow64\nvStreaming.exe
    2012-08-24 11:15 . 2012-09-23 01:0017810944----a-w-c:\windows\system32\mshtml.dll
    2012-08-24 10:39 . 2012-09-23 01:0010925568----a-w-c:\windows\system32\ieframe.dll
    2012-08-24 10:31 . 2012-09-23 01:002312704----a-w-c:\windows\system32\jscript9.dll
    2012-08-24 10:22 . 2012-09-23 01:001346048----a-w-c:\windows\system32\urlmon.dll
    2012-08-24 10:21 . 2012-09-23 01:001392128----a-w-c:\windows\system32\wininet.dll
    2012-08-24 10:20 . 2012-09-23 01:001494528----a-w-c:\windows\system32\inetcpl.cpl
    2012-08-24 10:18 . 2012-09-23 01:01237056----a-w-c:\windows\system32\url.dll
    2012-08-24 10:17 . 2012-09-23 01:0085504----a-w-c:\windows\system32\jsproxy.dll
    2012-08-24 10:14 . 2012-09-23 01:01173056----a-w-c:\windows\system32\ieUnatt.exe
    2012-08-24 10:14 . 2012-09-23 01:00816640----a-w-c:\windows\system32\jscript.dll
    2012-08-24 10:13 . 2012-09-23 01:00599040----a-w-c:\windows\system32\vbscript.dll
    2012-08-24 10:12 . 2012-09-23 01:002144768----a-w-c:\windows\system32\iertutil.dll
    2012-08-24 10:11 . 2012-09-23 01:00729088----a-w-c:\windows\system32\msfeeds.dll
    2012-08-24 10:10 . 2012-09-23 01:0196768----a-w-c:\windows\system32\mshtmled.dll
    2012-08-24 10:09 . 2012-09-23 01:012382848----a-w-c:\windows\system32\mshtml.tlb
    2012-08-24 10:04 . 2012-09-23 01:01248320----a-w-c:\windows\system32\ieui.dll
    2012-08-24 06:59 . 2012-09-23 01:001800704----a-w-c:\windows\SysWow64\jscript9.dll
    2012-08-24 06:51 . 2012-09-23 01:001129472----a-w-c:\windows\SysWow64\wininet.dll
    2012-08-24 06:51 . 2012-09-23 01:001427968----a-w-c:\windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47 . 2012-09-23 01:01142848----a-w-c:\windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47 . 2012-09-23 01:01420864----a-w-c:\windows\SysWow64\vbscript.dll
    2012-08-24 06:43 . 2012-09-23 01:012382848----a-w-c:\windows\SysWow64\mshtml.tlb
    2012-08-18 11:19 . 2012-10-10 13:2344032----a-w-c:\windows\apppatch\acwow64.dll
    2012-08-09 21:11 . 2011-03-13 13:58280976----a-w-c:\windows\SysWow64\PnkBstrB.ex0
    .
    .
    (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Spotify Web Helper"="c:\users\Asgeir\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-27 1199576]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
    "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    "c:\windows\SysWOW64\V0700Ext.ax"=c:\windows\system32\RegSvr32.exe /s c:\windows\SysWOW64\V0700Ext.ax
    "V0700Mon.exe"=c:\windows\V0700Mon.exe
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
    "Packard Bell Photo Frame"=c:\program files (x86)\Packard Bell Photo Frame\ButtonMonitor.exe -A
    "HFALoader"=c:\program files\Hamster Soft\Free Zip Archiver\Hamster.Archiver.UI.exe -loader
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
    R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2012-10-26 108904]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
    R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
    R3 V0700Vid;Creative Live! Cam Chat HD Driver;c:\windows\system32\DRIVERS\V0700Vid.sys [2011-09-06 393920]
    R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-08-27 18216]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-21 1255736]
    R3 X6va005;X6va005;c:\users\Asgeir\AppData\Local\Temp\00541FA.tmp [x]
    R4 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
    R4 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-08-28 1150496]
    R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [2011-12-29 291624]
    S0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\DRIVERS\MxEFUF64.sys [2010-11-04 143688]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-14 254528]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-24 5556520]
    S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-08 2028864]
    S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]
    S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-24 127784]
    S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2012-04-26 101376]
    S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304]
    S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2012-07-05 1874016]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-02-10 11856]
    .
    .
    Innholdet I mappen 'Scheduled Tasks' (planlagte oppgaver)
    .
    2012-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 23:58]
    .
    2012-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4155977539-3866038618-1452371025-1000Core.job
    - c:\users\Asgeir\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-26 21:15]
    .
    2012-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4155977539-3866038618-1452371025-1000UA.job
    - c:\users\Asgeir\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-26 21:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-10-30 22:50133400----a-w-c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-04-24 12480616]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    ------- Tilleggsskanning -------
    .
    uStart Page = hxxp://ham.asksearch.com/?cfg=2-396-0-...
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0414&m=ixtreme_m5140&r=17360211y006pe485v125y46k2240o
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    FF - ProfilePath - c:\users\Asgeir\AppData\Roaming\Mozilla\Firefox\Profiles\39k9oc6z.default\
    FF - prefs.js: browser.startup.homepage - hxxp://ham.asksearch.com/?cfg=2-396-0-...
    .
    - - - - TOMME PEKERE FJERNET - - - -
    .
    Toolbar-Locked - (no file)
    WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
    "ImagePath"="\??\c:\users\Asgeir\AppData\Local\Temp\00541FA.tmp"
    .
    --------------------- LÅSTE REGISTERNØKLER ---------------------
    .
    [HKEY_USERS\S-1-5-21-4155977539-3866038618-1452371025-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:22,0b,11,e6,a1,69,a0,7a,d5,2b,06,fe,91,a8,01,53,0e,a7,f6,40,46,54,ef,
    06,91,8f,61,f6,b9,d2,b5,ff,19,4a,0a,1d,6f,ff,30,b4,fb,25,91,71,1b,09,5c,db,\
    "??"=hex:ec,7f,62,96,57,2c,d6,08,cc,a5,1f,55,b4,c4,7c,48
    .
    [HKEY_USERS\S-1-5-21-4155977539-3866038618-1452371025-1000\Software\SecuROM\License information*]
    "datasecu"=hex:d4,71,c9,04,b1,95,e1,fa,53,cb,df,b7,b2,b2,99,39,8d,e8,85,d8,56,
    65,44,90,32,91,17,3b,af,a6,59,74,d3,c4,68,53,e4,28,5f,e5,32,27,2a,be,dd,78,\
    "rkeysecu"=hex:d8,ec,a5,ca,e2,b6,d4,dc,0c,55,e3,2b,e8,a1,9c,69
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Tidspunkt ferdig: 2012-11-06 15:15:50
    ComboFix-quarantined-files.txt 2012-11-06 14:15
    ComboFix2.txt 2012-08-03 10:51
    .
    Pre-Run: 400 852 111 360 byte ledig
    Post-Run: 400 797 384 704 byte ledig
    .
    - - End Of File - - 560385A83FBF99A319E345DE234A20B7









    I just realized some things are in Norwegian, sorry. I don't think I can change the language, but let me know if you need to know what some of the words mean. I'll include some just in case

    Låste registernøkler = locked register keys
    (# of bytes) ledig = # of bytes free/available
    Tomme pekere fjernet = empty pointers (might mean links or shortcuts in this context) removed
     
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Excellent!

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe
      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.
    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.
    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
     
  10. OcularDismay

    OcularDismay TS Rookie Topic Starter

    C:\Users\Asgeir\Downloads\Assassins.Creed.II\sr-acii.isoa variant of Win32/Packed.VMProtect.AAA trojandeleted - quarantined

    This is what I found with ESET, and thank God I did. I think I'll just use the game CDs from now on instead of being lazy. Anyways, I'm going to do the Combofix one now, just in case.
     
  11. OcularDismay

    OcularDismay TS Rookie Topic Starter

    ComboFix 12-11-03.02 - Asgeir 06.11.2012 23:50:49.4.6 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.47.1044.18.6128.3510 [GMT 1:00]
    Kjører fra: c:\users\Asgeir\Desktop\ComboFix.exe
    Command switches brukt :: c:\users\Asgeir\Desktop\CFScript.txt.txt
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((( Filer Opprettet Fra 2012-10-06 til 2012-11-06 )))))))))))))))))))))))))))))))))
    .
    .
    2012-11-06 22:57 . 2012-11-06 22:57--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
    2012-11-06 22:57 . 2012-11-06 22:57--------d-----w-c:\users\Public\AppData\Local\temp
    2012-11-06 22:57 . 2012-11-06 22:57--------d-----w-c:\users\Default\AppData\Local\temp
    2012-11-06 19:44 . 2012-11-06 19:44--------d-----w-c:\program files (x86)\ESET
    2012-11-06 13:57 . 2012-10-12 07:199291768----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{B8D3BFCF-017F-4B1E-A03D-1BF6BB3BF754}\mpengine.dll
    2012-11-04 16:09 . 2012-11-04 21:58--------d-----w-c:\users\Asgeir\AppData\Roaming\wargaming.net
    2012-11-03 21:07 . 2012-11-03 21:07--------d-----w-c:\programdata\Wild Tangent
    2012-10-31 21:41 . 2012-10-31 21:59--------d-----w-c:\program files (x86)\PopCap Games
    2012-10-31 21:31 . 2012-10-31 21:59--------d-----w-c:\programdata\PopCap Games
    2012-10-27 12:15 . 2012-10-27 12:15--------d-----w-C:\gPotato.com
    2012-10-26 17:28 . 2012-03-06 23:5930312----a-w-c:\windows\system32\drivers\LPCFilter.sys
    2012-10-26 17:27 . 2012-10-20 00:352557800----a-w-c:\windows\system32\nvsvcr.dll
    2012-10-14 20:54 . 2012-10-14 21:47--------d-----w-c:\users\Asgeir\AppData\Local\Darksiders2
    2012-10-11 18:12 . 2012-10-11 18:12--------d-----w-c:\program files (x86)\Common Files\Java
    2012-10-11 18:12 . 2012-10-11 18:11821736----a-w-c:\windows\SysWow64\npDeployJava1.dll
    2012-10-11 18:12 . 2012-10-11 18:1295208----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-10-10 13:22 . 2012-08-24 17:10172544----a-w-c:\windows\SysWow64\wintrust.dll
    2012-10-10 13:22 . 2012-09-14 19:232048----a-w-c:\windows\system32\tzres.dll
    2012-10-10 13:22 . 2012-09-14 18:302048----a-w-c:\windows\SysWow64\tzres.dll
    2012-10-10 13:22 . 2012-08-11 00:53714752----a-w-c:\windows\system32\kerberos.dll
    2012-10-10 13:22 . 2012-08-10 23:54541184----a-w-c:\windows\SysWow64\kerberos.dll
    2012-10-10 13:22 . 2012-06-02 05:251462784----a-w-c:\windows\system32\crypt32.dll
    2012-10-10 13:22 . 2012-06-02 05:25182272----a-w-c:\windows\system32\cryptsvc.dll
    2012-10-10 13:22 . 2012-06-02 05:25140288----a-w-c:\windows\system32\cryptnet.dll
    2012-10-10 13:22 . 2012-06-02 04:45139264----a-w-c:\windows\SysWow64\cryptsvc.dll
    2012-10-10 13:22 . 2012-06-02 04:451157632----a-w-c:\windows\SysWow64\crypt32.dll
    2012-10-10 13:22 . 2012-06-02 04:45103936----a-w-c:\windows\SysWow64\cryptnet.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-31 23:09 . 2011-06-21 18:00280904----a-w-c:\windows\SysWow64\PnkBstrB.xtr
    2012-10-31 23:09 . 2011-03-13 13:58280904----a-w-c:\windows\SysWow64\PnkBstrB.exe
    2012-10-30 22:51 . 2011-04-22 13:5759728----a-w-c:\windows\system32\drivers\aswTdi.sys
    2012-10-30 22:51 . 2011-04-22 13:58370288----a-w-c:\windows\system32\drivers\aswSP.sys
    2012-10-30 22:51 . 2011-04-22 13:57984144----a-w-c:\windows\system32\drivers\aswSnx.sys
    2012-10-30 22:51 . 2011-04-22 13:5771600----a-w-c:\windows\system32\drivers\aswMonFlt.sys
    2012-10-30 22:51 . 2011-04-22 13:5825232----a-w-c:\windows\system32\drivers\aswFsBlk.sys
    2012-10-30 22:51 . 2011-04-22 13:5741224----a-w-c:\windows\avastSS.scr
    2012-10-30 22:50 . 2011-04-22 13:57227648----a-w-c:\windows\SysWow64\aswBoot.exe
    2012-10-30 22:50 . 2011-04-22 13:57285328----a-w-c:\windows\system32\aswBoot.exe
    2012-10-20 05:13 . 2012-09-13 23:531805672----a-w-c:\windows\system32\nvdispco64.dll
    2012-10-20 05:13 . 2012-09-13 23:5315115376----a-w-c:\windows\SysWow64\nvd3dum.dll
    2012-10-20 05:13 . 2012-09-13 23:531504104----a-w-c:\windows\system32\nvdispgenco64.dll
    2012-10-20 05:13 . 2012-09-13 23:5314944432----a-w-c:\windows\system32\nvwgf2umx.dll
    2012-10-20 05:13 . 2012-09-13 23:532811968----a-w-c:\windows\system32\nvapi64.dll
    2012-10-20 05:13 . 2012-09-13 23:532492632----a-w-c:\windows\SysWow64\nvapi.dll
    2012-10-20 00:35 . 2012-09-13 23:546222696----a-w-c:\windows\system32\nvcpl.dll
    2012-10-20 00:35 . 2012-09-13 23:543310440----a-w-c:\windows\system32\nvsvc64.dll
    2012-10-20 00:35 . 2012-09-13 23:54890216----a-w-c:\windows\system32\nvvsvc.exe
    2012-10-20 00:35 . 2012-09-13 23:5463336----a-w-c:\windows\system32\nvshext.dll
    2012-10-20 00:35 . 2012-09-13 23:54118120----a-w-c:\windows\system32\nvmctray.dll
    2012-10-15 16:59 . 2012-04-30 15:5154072----a-w-c:\windows\system32\drivers\aswRdr2.sys
    2012-10-11 18:11 . 2011-02-21 10:44746984----a-w-c:\windows\SysWow64\deployJava1.dll
    2012-10-11 01:02 . 2011-02-21 07:5265309168----a-w-c:\windows\system32\MRT.exe
    2012-10-08 23:58 . 2012-04-05 14:25696760----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-08 23:58 . 2011-05-19 12:1973656----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-29 17:54 . 2012-07-27 15:4625928----a-w-c:\windows\system32\drivers\mbam.sys
    2012-08-30 19:14 . 2012-09-13 23:5460776----a-w-c:\windows\system32\OpenCL.dll
    2012-08-30 19:14 . 2012-09-13 23:5452584----a-w-c:\windows\SysWow64\OpenCL.dll
    2012-08-30 08:40 . 2012-08-30 08:40429416----a-w-c:\windows\SysWow64\nvStreaming.exe
    2012-08-24 11:15 . 2012-09-23 01:0017810944----a-w-c:\windows\system32\mshtml.dll
    2012-08-24 10:39 . 2012-09-23 01:0010925568----a-w-c:\windows\system32\ieframe.dll
    2012-08-24 10:31 . 2012-09-23 01:002312704----a-w-c:\windows\system32\jscript9.dll
    2012-08-24 10:22 . 2012-09-23 01:001346048----a-w-c:\windows\system32\urlmon.dll
    2012-08-24 10:21 . 2012-09-23 01:001392128----a-w-c:\windows\system32\wininet.dll
    2012-08-24 10:20 . 2012-09-23 01:001494528----a-w-c:\windows\system32\inetcpl.cpl
    2012-08-24 10:18 . 2012-09-23 01:01237056----a-w-c:\windows\system32\url.dll
    2012-08-24 10:17 . 2012-09-23 01:0085504----a-w-c:\windows\system32\jsproxy.dll
    2012-08-24 10:14 . 2012-09-23 01:01173056----a-w-c:\windows\system32\ieUnatt.exe
    2012-08-24 10:14 . 2012-09-23 01:00816640----a-w-c:\windows\system32\jscript.dll
    2012-08-24 10:13 . 2012-09-23 01:00599040----a-w-c:\windows\system32\vbscript.dll
    2012-08-24 10:12 . 2012-09-23 01:002144768----a-w-c:\windows\system32\iertutil.dll
    2012-08-24 10:11 . 2012-09-23 01:00729088----a-w-c:\windows\system32\msfeeds.dll
    2012-08-24 10:10 . 2012-09-23 01:0196768----a-w-c:\windows\system32\mshtmled.dll
    2012-08-24 10:09 . 2012-09-23 01:012382848----a-w-c:\windows\system32\mshtml.tlb
    2012-08-24 10:04 . 2012-09-23 01:01248320----a-w-c:\windows\system32\ieui.dll
    2012-08-24 06:59 . 2012-09-23 01:001800704----a-w-c:\windows\SysWow64\jscript9.dll
    2012-08-24 06:51 . 2012-09-23 01:001129472----a-w-c:\windows\SysWow64\wininet.dll
    2012-08-24 06:51 . 2012-09-23 01:001427968----a-w-c:\windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47 . 2012-09-23 01:01142848----a-w-c:\windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47 . 2012-09-23 01:01420864----a-w-c:\windows\SysWow64\vbscript.dll
    2012-08-24 06:43 . 2012-09-23 01:012382848----a-w-c:\windows\SysWow64\mshtml.tlb
    2012-08-18 11:19 . 2012-10-10 13:2344032----a-w-c:\windows\apppatch\acwow64.dll
    2012-08-09 21:11 . 2011-03-13 13:58280976----a-w-c:\windows\SysWow64\PnkBstrB.ex0
    .
    .
    (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Spotify Web Helper"="c:\users\Asgeir\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-27 1199576]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
    "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    "c:\windows\SysWOW64\V0700Ext.ax"=c:\windows\system32\RegSvr32.exe /s c:\windows\SysWOW64\V0700Ext.ax
    "V0700Mon.exe"=c:\windows\V0700Mon.exe
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
    "Packard Bell Photo Frame"=c:\program files (x86)\Packard Bell Photo Frame\ButtonMonitor.exe -A
    "HFALoader"=c:\program files\Hamster Soft\Free Zip Archiver\Hamster.Archiver.UI.exe -loader
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
    R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2012-10-26 108904]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
    R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
    R3 V0700Vid;Creative Live! Cam Chat HD Driver;c:\windows\system32\DRIVERS\V0700Vid.sys [2011-09-06 393920]
    R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-08-27 18216]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-21 1255736]
    R3 X6va005;X6va005;c:\users\Asgeir\AppData\Local\Temp\00541FA.tmp [x]
    R4 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
    R4 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-08-28 1150496]
    R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [2011-12-29 291624]
    S0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\DRIVERS\MxEFUF64.sys [2010-11-04 143688]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-14 254528]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-24 5556520]
    S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-08 2028864]
    S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]
    S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-24 127784]
    S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2012-04-26 101376]
    S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
    S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2012-07-05 1874016]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-02-10 11856]
    .
    .
    Innholdet I mappen 'Scheduled Tasks' (planlagte oppgaver)
    .
    2012-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 23:58]
    .
    2012-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4155977539-3866038618-1452371025-1000Core.job
    - c:\users\Asgeir\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-26 21:15]
    .
    2012-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4155977539-3866038618-1452371025-1000UA.job
    - c:\users\Asgeir\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-26 21:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-10-30 22:50133400----a-w-c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-04-24 12480616]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    ------- Tilleggsskanning -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0414&m=ixtreme_m5140&r=17360211y006pe485v125y46k2240o
    mLocal Page = c:\windows\SysWOW64\blank.htm
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    FF - ProfilePath - c:\users\Asgeir\AppData\Roaming\Mozilla\Firefox\Profiles\39k9oc6z.default\
    FF - prefs.js: browser.startup.homepage - hxxp://ham.asksearch.com/?cfg=2-396-0-...
    .
    - - - - TOMME PEKERE FJERNET - - - -
    .
    Toolbar-Locked - (no file)
    WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
    "ImagePath"="\??\c:\users\Asgeir\AppData\Local\Temp\00541FA.tmp"
    .
    --------------------- LÅSTE REGISTERNØKLER ---------------------
    .
    [HKEY_USERS\S-1-5-21-4155977539-3866038618-1452371025-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:22,0b,11,e6,a1,69,a0,7a,d5,2b,06,fe,91,a8,01,53,0e,a7,f6,40,46,54,ef,
    06,91,8f,61,f6,b9,d2,b5,ff,19,4a,0a,1d,6f,ff,30,b4,fb,25,91,71,1b,09,5c,db,\
    "??"=hex:ec,7f,62,96,57,2c,d6,08,cc,a5,1f,55,b4,c4,7c,48
    .
    [HKEY_USERS\S-1-5-21-4155977539-3866038618-1452371025-1000\Software\SecuROM\License information*]
    "datasecu"=hex:d4,71,c9,04,b1,95,e1,fa,53,cb,df,b7,b2,b2,99,39,8d,e8,85,d8,56,
    65,44,90,32,91,17,3b,af,a6,59,74,d3,c4,68,53,e4,28,5f,e5,32,27,2a,be,dd,78,\
    "rkeysecu"=hex:d8,ec,a5,ca,e2,b6,d4,dc,0c,55,e3,2b,e8,a1,9c,69
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Tidspunkt ferdig: 2012-11-06 23:58:42
    ComboFix-quarantined-files.txt 2012-11-06 22:58
    ComboFix2.txt 2012-11-06 14:15
    ComboFix3.txt 2012-08-03 10:51
    .
    Pre-Run: 416 359 227 392 byte ledig
    Post-Run: 416 298 143 744 byte ledig
    .
    - - End Of File - - 87A57FB7E21A08563BAF9582A142FD9E


    There we go. Does it look clean?
     
     
  12. OcularDismay

    OcularDismay TS Rookie Topic Starter

    I think it's clean now, I haven't seen any popups since yesterday
     
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create
    Now we can purge the infected ones
    • Go back to the System and Maintenance page
    • Select Performance Information and Tools
    • On the left select Open Disk Cleanup
    • Select Files from all users and accept the warning if you get one
    • In the drop down box select your main drive I.e. C
    • For a few moments the system will make some calculations:
      [​IMG]
    • Select the More Options tab
      [​IMG]
    • In the System Restore and Shadow Backups select Clean up
      [​IMG]
    • Select Delete on the pop up
    • Select OK
    • Select Delete
    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    NOTE: If you already have this installed, you don't have to reinstall it.

    Please download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    • Double-click the CCleaner shortcut on the desktop to start the program.
    • A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
    • On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
    • Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

      Caution: Only use the Registry feature if you are very familiar with the registry.
      Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

      Security Check

      Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
      • Save it to your Desktop.
      • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
      • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
     
  14. OcularDismay

    OcularDismay TS Rookie Topic Starter

    Results of screen317's Security Check version 0.99.54
    Windows 7 x64 (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.1.1000
    TuneUp Utilities 2011
    TuneUp Utilities Language Pack (en-US)
    TuneUp Utilities 2011
    Java 7 Update 7
    Java version out of Date!
    Adobe Flash Player 11.4.402.287
    Adobe Reader X 10.1.1 Adobe Reader out of Date!
    Mozilla Firefox (3.6.13) Firefox out of Date!
    Mozilla Thunderbird (3.1.7) Thunderbird out of Date!
    Google Chrome 21.0.1180.83
    Google Chrome 21.0.1180.89
    Google Chrome 22.0.1229.79
    Google Chrome 22.0.1229.92
    Google Chrome 22.0.1229.94
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
     
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Java Update!

    Please download the newest version of Java from Java.com.

    Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

    Once old versions are gone, please install the newest version.

    Read more about Java exploit problems

    Adobe Reader Update!

    Please download the newest version of Adobe Acrobat Reader from Adobe.com

    Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.


    Firefox update

    Firefox is out of date. Firefox is a very popular web browser, and if it is out of date, it is very vulnerable to security bugs, and other holes. To update it now, click Help > About Firefox > Check for Updates.


    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.


    Any other questions before I mark this topic solved?
     
  16. OcularDismay

    OcularDismay TS Rookie Topic Starter

    Alright, I will do that now, and I do not have any more questions, everything seems good. Thank you very much for your help, Jay. You're very good at what you do, and it is appreciated.

    Take care, Jay, and have a great weekend
     
  17. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Thanks! And you're welcome.

    Topic marked. √
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.