Survey popup problem

[tdlarsen]

My son somehow caught this annoying piece of malware starting up every time. It says 'To regain access to your Computer, you must complete this survey.' It somehow disables the joblist under ctrl, alt del, Malwarebytes didn't kill it, neither did Spybot S&D. Here's a screenshot, logs in the next post. Superdave has provided excellent help before, so I'm hoping for new miracles

 

[tdlarsen]

Iobit Malware fighter log

 

IObit Malware Fighter

 

OS: Windows 7

Version: 1.7.0.0

Database version: 1209

Tidsforbrug: 01:00:18

Scannede objekter: 88456

Fundne trusler: 6

Tid gemt: 13-02-2013 23:40:27

 

|Navn|Type|Beskrivelse|ID|

Babylon Toolbar, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Babylon, 2013735

FunMoods, REG, HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}, 2013632

FunMoods, REG, HKEY_CLASSES_ROOT\AppID\escort.DLL, 2013637

BabylonToolbar, REG, HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}, 2013684

BabylonToolbar, REG, HKEY_CLASSES_ROOT\Prod.cap, 2013714

BabylonToolbar, REG, HKEY_LOCAL_MACHINE\Software\Babylon\Babylon Client, 2013722

[tdlarsen]

DDS log

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457

Run by Torben at 23:42:10 on 2013-02-13

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.45.1030.18.16361.13151 [GMT 1:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\3Link\3Link_Service.exe

C:\Program Files\P4G\BatteryLife.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe

C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\ProgramData\DatacardService\HWDeviceService64.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\ProgramData\DatacardService\DCSHelper.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\FSP\FspUip.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\ExpressGateUtil\VAWinService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

D:\Steam\Steam.exe

C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe

C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Mobile Broadband\Bin\mcserver.exe

C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\20701005_Setup.exe

C:\Users\Torben\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe

C:\Windows\AsScrPro.exe

C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe

C:\Windows\SysWOW64\cmd.exe

C:\ExpressGateUtil\VAWinAgent.exe

C:\Program Files (x86)\Mobile Broadband\Bin\dbus-daemon.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\3Link\3Link_Launcher.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe

C:\Program Files (x86)\Mobile Broadband\Bin\db_daemon.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Intel\TurboBoost\TurboBoost.exe

C:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://se.search.yahoo.com?type=800236&fr=spigot-yhp-ie

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uDefault_Page_URL = hxxp://asus.msn.com

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.google.com

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\6.9\iobitappsToolbarIE.dll

uURLSearchHooks: {37483b40-c254-4a72-bda4-22ee90182c1e} - <orphaned>

mWinlogon: Userinit = userinit.exe,

BHO: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\6.9\iobitappsToolbarIE.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO: Hjælp til logon til Microsoft-konto: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: DownTango Launcher: {b52d0735-ec19-448a-abde-e01b5bd275d2} - C:\Users\Torben\AppData\Roaming\DownTangoLauncherToolbar\DownTangoLauncherToolbar.dll

BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: DownTango Launcher: {b52d0735-ec19-448a-abde-e01b5bd275d2} - C:\Users\Torben\AppData\Roaming\DownTangoLauncherToolbar\DownTangoLauncherToolbar.dll

TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\6.9\iobitappsToolbarIE.dll

uRun: [Google Update] "C:\Users\Torben\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [steam] "D:\Steam\steam.exe" -silent

uRun: [HP Photosmart 7510 series (NET)] "C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN21B354PC05PX:NW" -scfn "HP Photosmart 7510 series (NET)" -AutoStart 1

uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

uRun: [steelSeries Engine] c:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"

mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun: [uSBChargerPlusTray] C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe

mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe

mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe

mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [3Link_3Link_Launcher.exe] C:\Program Files (x86)\3Link\3Link_Launcher.exe

mRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

mRun: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

mRun: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart

StartupFolder: C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\20701005_Setup.exe

StartupFolder: C:\Users\Torben\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Torben\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Torben\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INTEL(~1.LNK - C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCtlSvc.lnk - C:\Program Files (x86)\Mobile Broadband\Bin\mcserver.exe

uPolicies-Explorer: NoDriveAutoRun = dword:0

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {45d8438c-b51d-47a8-aeea-9061535f25f1} - {b52d0735-ec19-448a-abde-e01b5bd275d2}

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab

DPF: {AC0C4B4E-D9EF-462A-B68D-0B823CA994CD} - hxxps://ftp.trustgate.dk/pub/TGSoftClient-x64.cab

DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{2B0C72E3-D877-4DF3-89E4-0B59225BBA4F} : NameServer = 80.251.201.177 80.251.201.178

TCP: Interfaces\{4DB1A8DD-0A79-4C61-A8EC-D5A25CBEA314} : DHCPNameServer = 10.161.0.13

TCP: Interfaces\{5CCA437F-32EA-4B8A-9283-297BDEF7B67B} : NameServer = 208.122.23.22,208.122.23.23

TCP: Interfaces\{5CCA437F-32EA-4B8A-9283-297BDEF7B67B} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{5CCA437F-32EA-4B8A-9283-297BDEF7B67B}\3596C6675627 : DHCPNameServer = 89.150.129.22 89.150.129.10

TCP: Interfaces\{5CCA437F-32EA-4B8A-9283-297BDEF7B67B}\35F6E6A616E65647 : DHCPNameServer = 192.168.10.1

TCP: Interfaces\{5CCA437F-32EA-4B8A-9283-297BDEF7B67B}\4556C69616741647567716975383D29383D23353D29303D26383D25433 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{5CCA437F-32EA-4B8A-9283-297BDEF7B67B}\4716E6B6D62702E65647 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{5CCA437F-32EA-4B8A-9283-297BDEF7B67B}\474736F62746C656373723 : DHCPNameServer = 89.150.129.22 89.150.129.10

TCP: Interfaces\{5CCA437F-32EA-4B8A-9283-297BDEF7B67B}\6596E6465676164656 : DHCPNameServer = 212.10.10.5 212.10.10.4

TCP: Interfaces\{6BA38EA0-6DF3-4097-B67E-71BB1FCAACEF} : NameServer = 80.251.201.177 80.251.201.178

TCP: Interfaces\{9593F5AE-D070-4573-8B48-F1BD9FE34EB7} : NameServer = 80.251.201.177 80.251.201.178

TCP: Interfaces\{A6409056-26F8-4275-828A-DDE5DBC6FF85} : NameServer = 80.251.201.177 80.251.201.178

TCP: Interfaces\{BB505F05-C558-45B3-8DEA-53B3AB06FEDF} : DHCPNameServer = 62.44.166.197 62.44.166.69

TCP: Interfaces\{DF6FD226-A165-47A9-BD7E-19F40D6BBD47} : DHCPNameServer = 192.168.10.1

TCP: Interfaces\{E13C8D7F-A85E-4B27-A9DF-07063F74640E} : DHCPNameServer = 62.44.166.197 62.44.166.69

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: SDWinLogon - SDWinLogon.dll

SSODL: WebCheck - <orphaned>

x64-mStart Page = hxxp://asus.msn.com

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"

x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"

x64-Run: [fspuip] c:\Program Files (x86)\FSP\fspuip.exe

x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64

x64-Run: [setwallpaper] c:\programdata\SetWallpaper.cmd

x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]

R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]

R2 3Link_Service;3Link Service;C:\Program Files (x86)\3Link\3Link_Service.exe [2013-2-8 490480]

R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2013-2-8 805240]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]

R2 AsusUacSvc;Asus process privilege adjust service;C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [2011-9-29 113840]

R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-13 138400]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]

R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe -/service --> C:\ProgramData\DatacardService\HWDeviceService64.exe -/service [?]

R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2013-2-13 821592]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-13 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-13 682344]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 128456]

R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-2-13 1103392]

R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-2-13 1369624]

R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-2-13 168384]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-9 382272]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-29 2655768]

R2 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2011-3-26 91464]

R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2011-9-29 16768]

R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-13 36000]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-13 298656]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-13 28832]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-13 201376]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-13 55456]

R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-13 154272]

R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-13 280224]

R3 busenum;SteelBusSvc;C:\Windows\System32\drivers\SteelBus64.sys [2012-5-23 112128]

R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2013-2-13 21384]

R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2011-4-8 177152]

R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2011-4-8 56320]

R3 fspad_win764;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_win764;C:\Windows\System32\drivers\fspad_win764.sys [2011-7-20 53760]

R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2012-3-1 85504]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-13 24176]

R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2011-9-29 32344]

R3 NisSrv;Microsoft Netværksinspektion;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]

R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2012-2-26 398144]

R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2013-2-13 33224]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-29 471144]

R3 SAlphamHid;SteelHIDSvc;C:\Windows\System32\drivers\SAlpham64.sys [2012-5-21 34944]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2013-2-13 21904]

R3 VBoxTAP;VirtualBox TAP Adapter;C:\Windows\System32\drivers\VBoxTAP.sys [2011-10-11 64760]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 Mobile Partner. RunOuc;Mobile Partner. OUC;C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [2012-3-1 218624]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-9-29 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-9-29 79360]

S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2012-3-1 117248]

S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbenumfilter.sys [2012-3-1 13952]

S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\System32\drivers\ewusbnet.sys [2012-3-1 256000]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-12-5 57856]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-24 22408]

S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2012-2-7 66328]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-24 16008]

S3 massfilter_lte;LTE Device Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter_LTE.sys [2012-3-8 18456]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-8-2 22528]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]

S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\rtsuvstor.sys [2011-9-29 290920]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]

S3 SVBoxDrv;Secomea VBox Support Driver;C:\Program Files\Secomea\TrustGate SoftClient\SVBoxDrv.sys [2011-10-11 138872]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-18 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-2-18 31232]

S3 UHSfiltv;UHSfiltv;C:\Windows\System32\drivers\UHSfiltv.sys [2012-10-16 23552]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]

S3 WatAdminSvc;Tjenesten Windows Aktivering;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-26 1255736]

S3 zgdcat;ZTE Datacard AT Port;C:\Windows\System32\drivers\zgdcat.sys [2011-12-12 130200]

S3 zgdcdiag;ZTE Datacard Diagnostics Port;C:\Windows\System32\drivers\zgdcdiag.sys [2011-12-12 130200]

S3 zgdcmdm;ZTE Datacard Modem;C:\Windows\System32\drivers\zgdcmdm.sys [2011-12-12 130200]

S3 zgdcnet;ZTE Datacard Network Adapter;C:\Windows\System32\drivers\zgdcnet.sys [2011-12-12 169496]

S3 zgdcnmea;ZTE Datacard NMEA Port;C:\Windows\System32\drivers\zgdcnmea.sys [2012-3-8 128912]

.

=============== Created Last 30 ================

.

2013-02-13 20:23:22 -------- d-----w- C:\ProgramData\IObit

2013-02-13 20:23:21 -------- d-----w- C:\Users\Torben\AppData\Roaming\IObit

2013-02-13 20:23:10 -------- d-----w- C:\Program Files (x86)\IObit

2013-02-13 20:22:19 -------- d-----w- C:\Program Files (x86)\Application Updater

2013-02-13 20:22:18 -------- d-----w- C:\Program Files (x86)\IObit Apps Toolbar

2013-02-13 20:22:18 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot

2013-02-13 17:48:07 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2013-02-13 17:47:51 17272 ----a-w- C:\Windows\System32\sdnclean64.exe

2013-02-13 17:47:48 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2

2013-02-13 17:27:31 173504 ----a-w- C:\Windows\System32\drivers\tmcomm.sys

2013-02-13 16:00:19 -------- d-----w- C:\Users\Torben\AppData\Roaming\Malwarebytes

2013-02-13 16:00:15 -------- d-----w- C:\ProgramData\Malwarebytes

2013-02-13 16:00:14 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-02-13 16:00:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-02-13 15:59:59 -------- d-----w- C:\Users\Torben\AppData\Local\Programs

2013-02-13 15:48:43 23040 ----a-w- C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\20701005_Setup.exe

2013-02-13 15:35:58 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{61219877-623F-446C-864E-397498A459D4}\mpengine.dll

2013-02-13 15:28:18 -------- d-----w- C:\Users\Torben\AppData\Roaming\WinDbg

2013-02-12 16:30:36 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-02-12 10:42:33 -------- d-----w- C:\Users\Torben\AppData\Local\sabnzbd

2013-02-12 10:40:58 -------- d-----w- C:\Program Files (x86)\SABnzbd

2013-02-11 15:42:03 -------- d-----w- C:\Users\Torben\AppData\Roaming\uTorrent

2013-02-10 12:57:37 -------- d-----w- C:\Users\Torben\AppData\Roaming\redsn0w

2013-02-08 13:24:20 -------- d-----w- C:\Users\Torben\AppData\Roaming\Sierra Wireless

2013-02-08 13:24:17 -------- d-----w- C:\Users\Torben\AppData\Roaming\3Link

2013-02-08 13:23:55 -------- d-----w- C:\Program Files (x86)\3Link

2013-02-04 10:49:00 -------- d-----w- C:\Users\Torben\AppData\Roaming\.minecraft

.

==================== Find3M ====================

.

2013-02-13 18:57:04 45056 ----a-w- C:\Windows\SysWow64\acovcnt.exe

2013-02-10 16:26:33 281872 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2013-02-10 16:26:33 281872 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2013-02-10 16:16:29 111928 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe

2013-01-15 15:56:10 477616 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2013-01-15 15:56:07 473520 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-12-27 12:28:05 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll

2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll

2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll

2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs

2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs

2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs

2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs

2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs

2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs

2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs

2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs

2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs

2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs

2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs

2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs

2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs

2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs

2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-11-25 12:17:08 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll

2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe

2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll

2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll

2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

.

============= FINISH: 23:42:55,64 ===============

[tdlarsen]

DDS Attach log

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 26-02-2012 14:43:29

System Uptime: 13-02-2013 21:30:59 (2 hours ago)

.

Motherboard: ASUSTeK Computer Inc. | | G74Sx

Processor: Intel® Core i7-2670QM CPU @ 2.20GHz | CPU 1 | 792/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 124 GiB total, 14,712 GiB free.

D: is FIXED (NTFS) - 349 GiB total, 42,617 GiB free.

E: is FIXED (NTFS) - 349 GiB total, 282,234 GiB free.

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Bluetooth-enhed (Personal Area Network)

Device ID: BTH\MS_BTHPAN\7&25257B58&0&2

Manufacturer: Microsoft

Name: Bluetooth-enhed (Personal Area Network)

PNP Device ID: BTH\MS_BTHPAN\7&25257B58&0&2

Service: BthPan

.

==== System Restore Points ===================

.

RP239: 27-01-2013 17:46:56 - Windows Update

RP240: 31-01-2013 16:40:17 - Windows Update

RP241: 31-01-2013 18:21:30 - Installed DirectX

RP242: 03-02-2013 16:53:01 - Windows Update

RP243: 06-02-2013 17:12:09 - Windows Update

RP244: 10-02-2013 11:34:22 - Installed Java 6 Update 39

RP245: 10-02-2013 17:26:21 - Windows Update

.

==== Installed Programs ======================

.

3Link

Ace of Spades

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Alliance of Valiant Arms

Amnesia: The Dark Descent

APB Reloaded

Apple-programunderstøttelse

Apple Mobile Device Support

Apple Software Update

Assassin's Creed® III v1.02

ASUS AI Recovery

ASUS Power4Gear Hybrid

ASUS SmartLogon

ASUS Splendid Video Enhancement Technology

ASUS USB Charger Plus

ASUS Virtual Camera

AsusScr_G74 Series_ENG

Atheros Client Installation Program

ATK Package

µTorrent

Bandicam

Bandisoft MPEG-1 Decoder

Bastion

Batman: Arkham City GOTY

Battlefield 3™

Battlefield Heroes

Battlelog Web Plugins

Bluetooth Win7 Suite (64)

Bonjour

Borderlands 2

Braid

Brawl Busters

Call of Duty: Black Ops II

Call of Duty: Black Ops II - Multiplayer

Call of Duty: Black Ops II - Zombies

Call of Duty: Modern Warfare 3 - Multiplayer

Call of Duty: World at War

Castle Crashers

Chivalry: Medieval Warfare

Counter-Strike: Global Offensive

Counter-Strike: Global Offensive - SDK

Counter-Strike: Source

Creative System Information

CyberLink LabelPrint

CyberLink Power2Go

D3DX10

Dead Island

DirectX 9 Runtime

Don't Starve

DownTango

DownTango Launcher

Dropbox

Dual-Core Optimizer

Dungeon Defenders

ESN Sonar

ExpressGateCloud

Far Cry 3

Finger Sensing Pad Driver

Forge

Fotogalleri

Fotogalleriet

Fresco Logic USB3.0 Host Controller

Garry's Mod

Google Chrome

Gotham City Impostors

Grand Theft Auto IV

Grand Theft Auto: Episodes from Liberty City

Half Minute Hero: Super Mega Neo Climax Ultimate Boy

Hotline Miami

HP Photosmart 7510 series grundlæggende enhedssoftware

iCloud

Intel® Control Center

Intel® Management Engine Components

Intel® Turbo Boost Technology Monitor 2.0

IObit Apps Toolbar v6.9

IObit Malware Fighter

iTunes

Java Auto Updater

Java 6 Update 31 (64-bit)

Java 6 Update 39

Junk Mail filter update

Just Cause 2

League of Legends

Left 4 Dead 2

LibreOffice 3.5

LibreOffice 3.5 Help Pack (Danish)

LIMBO

Little Inferno

LogMeIn Hamachi

Lone Survivor

Malwarebytes Anti-Malware version 1.70.0.1100

Medal of Honor™ Warfighter

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile DAN Language Pack

Microsoft .NET Framework 4 Client Profile DAN sprogpakke

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Extended DAN Language Pack

Microsoft .NET Framework 4 Extended DAN sprogpakke

Microsoft Antimalware Service DA-DK Language Pack

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2010

Microsoft Office Klik og kør 2010

Microsoft Office Starter 2010 - dansk

Microsoft Security Client

Microsoft Security Client DA-DK Language Pack

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SkyDrive

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft XNA Framework Redistributable 3.1

Microsoft XNA Framework Redistributable 4.0

MicroVolts

Mirror's Edge

Mobile Broadband

Mobile Partner

Movie Maker

Mozilla Thunderbird 15.0.1 (x86 da)

MSVCRT

MSVCRT_amd64

MSVCRT110

MSVCRT110_amd64

NVIDIA 3D Vision-driver 295.73

NVIDIA 3D Vision Controller Driver

NVIDIA 3D Vision Controllerdriver 295.73

NVIDIA Grafikdriver 295.73

NVIDIA HD-lyddriver 1.3.12.0

NVIDIA Install Application

NVIDIA Kontrolpanel 295.73

NVIDIA Opdateringer 1.7.11

NVIDIA PhysX

NVIDIA PhysX-systemsoftware 9.12.0209

NVIDIA Stereoscopic 3D Driver

NVIDIA Update Components

Origin

Photo Common

Photo Gallery

Picasa 3

PlanetSide 2

Portal

Portal 2

Portal 2 Publishing Tool

Protected Search 1.1

Psychonauts

PunkBuster Services

QuickTime

Realm of the Mad God

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Realtek USB 2.0 Reader Driver

Rotation Desktop for G Series.exe

SABnzbd 0.7.11

Saints Row: The Third

Secomea TrustGate SoftClient

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile DAN sprogpakke (KB2518870)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Skype Click to Call

Skype™ 6.1

Skyrim Online version 1.0

Sniper Elite V2

Sound Blaster Tactic(3D)

Source Filmmaker

Source SDK Base 2007

Spiral Knights

Spybot - Search & Destroy

Steam

SteamTool 1.1

SteelSeries Engine

Super Crate Box

Super Meat Boy

Super Meat Boy Editor

Superbrothers: Sword & Sworcery EP

Team Fortress 2

Terraria

The Elder Scrolls V: Skyrim

The Ship

The Ship Single Player

THX TruStudio

Tom Clancy's Ghost Recon Future Soldier

Ubisoft Game Launcher

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Valokuvavalikoima

VLC media player 2.0.0

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Fotogalleri

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Liven peruspaketti

Windows Liven sähköposti

WinFlash

WinRAR 4.11 (32-bit)

Wireless Console 3

ZTE LTE Device USB Driver

.

==== End Of File ===========================

[Superdave]

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

*************************************************************

Please run MBAM in Safe Mode and post the log.

 

Please download AdwCleaner by Xplode onto your Desktop.

• 
  
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Search.
  
• A logfile will automatically open after the scan has finished.
  
• Please post the content of that logfile in your reply.
  
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
  

[Melvin_Deal]

Wow!

 

No wonder the machine doesn't function!

 

Is it possible that the machine be removed and dedicated to being fixed?

 

Or is the commitment by your son firm enough to follow all instructions exactly and not even try to use the machine for anything else while it is being cleansed?

 

Thank you for posting this before you have to re-format...;-)

 

 

Thank you for following the guidelines!;-)

 

Sincerely,

-Mel

Live long and prosper!

 

[EDIT by Mel] Hi Dave... Glad you are here!

[tdlarsen]

ADWcleaner log

 

# AdwCleaner v2.112 - Logfil lavet d. 14/02/2013 kl. 09:54:02

# Opdateret d. 10/02/2013 af Xplode

# Operativ system : Windows 7 Home Premium Service Pack 1 (64 bits)

# Bruger : Torben - ASUS-LAPTOP

# Boot Mode : Normal

# Kører fra : C:\Users\Torben\Desktop\adwcleaner0.exe

# Indstilling [søg]

 

 

***** [servicer] *****

 

Fundet : Application Updater

 

***** [Filer / Mapper] *****

 

Filer Fundet : C:\user.js

Filer Fundet : C:\Users\Torben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage

Filer Fundet : C:\Users\Torben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal

Mapper Fundet : C:\Program Files (x86)\Application Updater

Mapper Fundet : C:\Program Files (x86)\Common Files\spigot

Mapper Fundet : C:\Program Files (x86)\Conduit

Mapper Fundet : C:\Program Files (x86)\DownTangoLauncherToolbar

Mapper Fundet : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DownTango

Mapper Fundet : C:\ProgramData\Partner

Mapper Fundet : C:\Users\Torben\AppData\Local\Conduit

Mapper Fundet : C:\Users\Torben\AppData\Local\DownTango

Mapper Fundet : C:\Users\Torben\AppData\Local\RavenBleuSA

Mapper Fundet : C:\Users\Torben\AppData\LocalLow\Conduit

Mapper Fundet : C:\Users\Torben\AppData\LocalLow\DownTangoLauncherToolbar

Mapper Fundet : C:\Users\Torben\AppData\LocalLow\Search Settings

Mapper Fundet : C:\Users\Torben\AppData\Roaming\DownTangoLauncherToolbar

 

***** [Registeret] *****

 

Nøgle Fundet : HKCU\Software\AppDataLow\Software\Search Settings

Nøgle Fundet : HKCU\Software\Conduit

Nøgle Fundet : HKCU\Software\InstallCore

Nøgle Fundet : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B52D0735-EC19-448A-ABDE-E01B5BD275D2}

Nøgle Fundet : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B52D0735-EC19-448A-ABDE-E01B5BD275D2}

Nøgle Fundet : HKCU\Software\ProtectedSearch

Nøgle Fundet : HKCU\Software\Search Settings

Nøgle Fundet : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Nøgle Fundet : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Nøgle Fundet : HKLM\Software\Application Updater

Nøgle Fundet : HKLM\SOFTWARE\Classes\AppID\{3FC27B34-0C19-49DA-875E-1875DDD4A6B2}

Nøgle Fundet : HKLM\SOFTWARE\Classes\Toolbar.CT2801948

Nøgle Fundet : HKLM\SOFTWARE\Classes\wtb.Band

Nøgle Fundet : HKLM\SOFTWARE\Classes\wtb.Band.1

Nøgle Fundet : HKLM\SOFTWARE\Classes\wtb.NotificationSource

Nøgle Fundet : HKLM\SOFTWARE\Classes\wtb.NotificationSource.1

Nøgle Fundet : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl

Nøgle Fundet : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl.1

Nøgle Fundet : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo

Nøgle Fundet : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo.1

Nøgle Fundet : HKLM\Software\Conduit

Nøgle Fundet : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

Nøgle Fundet : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

Nøgle Fundet : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Nøgle Fundet : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Nøgle Fundet : HKLM\Software\Search Settings

Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A928E66C-F501-4E66-9953-855C712F93B2}

Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B52D0735-EC19-448A-ABDE-E01B5BD275D2}

Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}

Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}

Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}

Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}

Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}

Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B52D0735-EC19-448A-ABDE-E01B5BD275D2}

Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Protected Search_is1

Nøgle Fundet : HKLM\SOFTWARE\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}

Nøgle Fundet : HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}

Nøgle Fundet : HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}

Nøgle Fundet : HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}

Nøgle Fundet : HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}

Nøgle Fundet : HKU\S-1-5-21-3984325867-2906248765-3498124827-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Nøgle Fundet : HKU\S-1-5-21-3984325867-2906248765-3498124827-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Nøgle Fundet : HKU\S-1-5-21-3984325867-2906248765-3498124827-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Værdi Fundet : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchSettings]

Værdi Fundet : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{B52D0735-EC19-448A-ABDE-E01B5BD275D2}]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16464

 

[OK] Registeret er rent.

 

-\\ Google Chrome v24.0.1312.57

 

Filer : C:\Users\Torben\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] Filen er ren.

 

*************************

 

AdwCleaner[R1].txt - [5728 octets] - [14/02/2013 09:54:02]

 

########## EOF - C:\AdwCleaner[R1].txt - [5788 octets] ##########

[tdlarsen]

Hi Dave

Good to know I'm in safe hands. As for what Mel asks, yeah he's committed, to a certain extent. He's gonna miss steam, but hey, he's learned a lesson. However a swift and easy kill of this annoying popup will be his number one wish.

 

Yeah, the computer is kind of filled with games and stuff. I'll probably end up reformatting, but let's give this a try.

 

Sincerely

Torben

[Superdave]

Remove the Adware:

• Please close all open programs and internet browsers.
  
• Double click on adwcleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with OK
  
• Your computer will be rebooted automatically. A text file will open after the restart.
  
• Please post the content of that logfile in your reply.
  
• You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.
  

*******************************************************

Were you able to run MBAM in Safe Mode?

 

Download Combofix from any of the links below, and save it to your DESKTOP.

If your version of Windows defaults to you download folder you will need to copy it to your desktop.

 

Link 1

Link 2

Link 3

 

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
   
  You will see the following image:
  

http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png

 

Click I Agree to start the program.

 

ComboFix will then extract the necessary files and you will see this:

 

http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png

 

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

 

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

 

If you did not have it installed, you will see the prompt below. Choose YES.

 

http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif

 

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

 

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

http://i424.photobucket.com/albums/pp322/digistar/whatnext.png

 

Click on Yes, to continue scanning for malware.

 

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

 

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

 

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

[Melvin_Deal]

It is important that the machine be dedicated to cleansing! If the machine is used beside the cleansing process... the data posted in the logs will be inaccurate. Is the machine solely dedicated to being cleansed?

 

Sincerely,

-Mel

Live long and Prosper!

[tdlarsen]

Rest assured. The computer is only used for this cleaning process. The survey banner is always on top, so nothing to do until it's removed.

I tried to run MBAM in safe mode, I'll post that log first, then the adwcleaner, then the third one.

After at this moment having run MBAM in safe mode and then Adwcleaner, the problem still persisits :(

 

Sincerely

Torben

[tdlarsen]

MBAM log

 

Malwarebytes Anti-Malware (Prøveversion) 1.70.0.1100

http://www.malwarebytes.org

 

Database version: v2013.02.15.04

 

Windows 7 Service Pack 1 x64 NTFS (Fejlsikret Tilstand Med Netværk)

Internet Explorer 9.0.8112.16421

Torben :: ASUS-LAPTOP [administrator]

 

Beskyttelse: Slået fra

 

15-02-2013 08:15:46

MBAM-log-2013-02-15 (09-51-44).txt

 

Skanningstype: Fuldstændig skanning (C:\|D:\|E:\|)

Skanningsmuligheder valgt: Hukommelse | Opstart | Registreringsdatabasen | Filsystem | Heuristics/Ekstra | Heuristics/Shuriken | PUP | PUM

Skanningsmuligheder som er deaktiverede: P2P

Objekter skannet: 730623

Tid gået: 1 time(e), 4 minut(ter), 32 sekund(er)

 

Hukommelses Processorer Inficeret: 0

(Ingen skadelige objekter blev fundet)

 

Hukommelses Moduler Inficeret: 0

(Ingen skadelige objekter blev fundet)

 

Registreringsdatabasenøgler Inficeret: 6

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CDC7DCFD-42EE-4A59-A6F5-161155BAF7CD} (Trojan.Backdoor.MRX) -> Ingen handling valgt.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Battlelog Web Plugins (Trojan.Backdoor.MRX) -> Ingen handling valgt.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ESN Sonar-0.70.4 (Trojan.Backdoor.MRX) -> Ingen handling valgt.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobile Partner (Trojan.Backdoor.MRX) -> Ingen handling valgt.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DownTango (Trojan.Backdoor.MRX) -> Ingen handling valgt.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SABnzbd (Trojan.Backdoor.MRX) -> Ingen handling valgt.

 

Registreringsdatabaseværdier Inficeret: 0

(Ingen skadelige objekter blev fundet)

 

Registreringsdatabasedata Objekter Inficeret: 0

(Ingen skadelige objekter blev fundet)

 

Inficerede Mapper: 0

(Ingen skadelige objekter blev fundet)

 

Inficerede Filer: 14

C:\Program Files\Secomea\TrustGate SoftClient\uninstall.exe (Trojan.Backdoor.MRX) -> Ingen handling valgt.

C:\Program Files\SteelSeries\SteelSeries Engine\uninst.exe (Trojan.Backdoor.MRX) -> Ingen handling valgt.

C:\Program Files (x86)\Battlelog Web Plugins\uninstall.exe (Trojan.Backdoor.MRX) -> Ingen handling valgt.

C:\Program Files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe (Trojan.Backdoor.MRX) -> Ingen handling valgt.

C:\Program Files (x86)\Mobile Partner\uninst.exe (Trojan.Backdoor.MRX) -> Ingen handling valgt.

C:\Program Files (x86)\Mobile Partner\AutoRun\AutoRunSetup.exe (Trojan.Backdoor.MRX) -> Ingen handling valgt.

C:\Program Files (x86)\Mobile Partner\AutoRun\AutoRunUninstall.exe (Trojan.Backdoor.MRX) -> Ingen handling valgt.

C:\Program Files (x86)\NCH Software\Components\NCHToolbars\conduit\ConduitInstaller.exe (Trojan.Backdoor.MRX) -> Ingen handling valgt.

C:\Program Files (x86)\Red Sky\DownTango\Uninstaller.exe (Trojan.Backdoor.MRX) -> Ingen handling valgt.

C:\Program Files (x86)\SABnzbd\Uninstall.exe (Trojan.Backdoor.MRX) -> Ingen handling valgt.

C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe (Trojan.Backdoor.MRX) -> Ingen handling valgt.

C:\ProgramData\NVIDIA\Updatus\Download\33020A60\drsupdate.12601159_RUNASUSER.exe (Trojan.Backdoor.MRX) -> Ingen handling valgt.

C:\Users\Torben\Downloads\SABnzbd-0.7.11-win32-setup.exe (Trojan.Backdoor.MRX) -> Ingen handling valgt.

D:\Steam\steamapps\common\ava\xfire_installer.ava.exe (Trojan.Backdoor.MRX) -> Ingen handling valgt.

 

(færdig)

[tdlarsen]

Adwcleaner log

 

# AdwCleaner v2.112 - Logfil lavet d. 15/02/2013 kl. 10:16:02

# Opdateret d. 10/02/2013 af Xplode

# Operativ system : Windows 7 Home Premium Service Pack 1 (64 bits)

# Bruger : Torben - ASUS-LAPTOP

# Boot Mode : Normal

# Kører fra : C:\Users\Torben\Desktop\adwcleaner0.exe

# Indstilling [slet]

 

 

***** [servicer] *****

 

Stoppet & Slettet : Application Updater

 

***** [Filer / Mapper] *****

 

Filer Slettet : C:\user.js

Filer Slettet : C:\Users\Torben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage

Filer Slettet : C:\Users\Torben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal

Mapper Slettet : C:\Program Files (x86)\Conduit

Mapper Slettet : C:\Program Files (x86)\DownTangoLauncherToolbar

Mapper Slettet : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DownTango

Mapper Slettet : C:\ProgramData\Partner

Mapper Slettet : C:\Users\Torben\AppData\Local\Conduit

Mapper Slettet : C:\Users\Torben\AppData\Local\DownTango

Mapper Slettet : C:\Users\Torben\AppData\Local\RavenBleuSA

Mapper Slettet : C:\Users\Torben\AppData\LocalLow\Conduit

Mapper Slettet : C:\Users\Torben\AppData\LocalLow\DownTangoLauncherToolbar

Mapper Slettet : C:\Users\Torben\AppData\LocalLow\Search Settings

Mapper Slettet : C:\Users\Torben\AppData\Roaming\DownTangoLauncherToolbar

 

***** [Registeret] *****

 

Nøgle Slettet : HKCU\Software\APN PIP

Nøgle Slettet : HKCU\Software\AppDataLow\Software\Search Settings

Nøgle Slettet : HKCU\Software\Conduit

Nøgle Slettet : HKCU\Software\InstallCore

Nøgle Slettet : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B52D0735-EC19-448A-ABDE-E01B5BD275D2}

Nøgle Slettet : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B52D0735-EC19-448A-ABDE-E01B5BD275D2}

Nøgle Slettet : HKCU\Software\ProtectedSearch

Nøgle Slettet : HKCU\Software\Search Settings

Nøgle Slettet : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Nøgle Slettet : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Nøgle Slettet : HKLM\Software\Application Updater

Nøgle Slettet : HKLM\SOFTWARE\Classes\AppID\{3FC27B34-0C19-49DA-875E-1875DDD4A6B2}

Nøgle Slettet : HKLM\SOFTWARE\Classes\Toolbar.CT2801948

Nøgle Slettet : HKLM\SOFTWARE\Classes\wtb.Band

Nøgle Slettet : HKLM\SOFTWARE\Classes\wtb.Band.1

Nøgle Slettet : HKLM\SOFTWARE\Classes\wtb.NotificationSource

Nøgle Slettet : HKLM\SOFTWARE\Classes\wtb.NotificationSource.1

Nøgle Slettet : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl

Nøgle Slettet : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl.1

Nøgle Slettet : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo

Nøgle Slettet : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo.1

Nøgle Slettet : HKLM\Software\Conduit

Nøgle Slettet : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

Nøgle Slettet : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

Nøgle Slettet : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Nøgle Slettet : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Nøgle Slettet : HKLM\Software\PIP

Nøgle Slettet : HKLM\Software\Search Settings

Nøgle Slettet : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Nøgle Slettet : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A928E66C-F501-4E66-9953-855C712F93B2}

Nøgle Slettet : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B52D0735-EC19-448A-ABDE-E01B5BD275D2}

Nøgle Slettet : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Nøgle Slettet : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}

Nøgle Slettet : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}

Nøgle Slettet : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}

Nøgle Slettet : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}

Nøgle Slettet : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}

Nøgle Slettet : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B52D0735-EC19-448A-ABDE-E01B5BD275D2}

Nøgle Slettet : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Protected Search_is1

Nøgle Slettet : HKLM\SOFTWARE\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}

Nøgle Slettet : HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}

Nøgle Slettet : HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}

Nøgle Slettet : HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}

Nøgle Slettet : HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}

Nøgle Slettet : HKU\S-1-5-21-3984325867-2906248765-3498124827-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Værdi Slettet : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchSettings]

Værdi Slettet : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{B52D0735-EC19-448A-ABDE-E01B5BD275D2}]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16464

 

[OK] Registeret er rent.

 

-\\ Google Chrome v24.0.1312.57

 

Filer : C:\Users\Torben\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] Filen er ren.

 

*************************

 

AdwCleaner[R1].txt - [5843 octets] - [14/02/2013 09:54:02]

AdwCleaner[R2].txt - [5855 octets] - [15/02/2013 10:14:44]

AdwCleaner[s1].txt - [5561 octets] - [15/02/2013 10:16:02]

 

########## EOF - C:\AdwCleaner[s1].txt - [5621 octets] ##########

[tdlarsen]

MBAM log safe mode after Adwcleaner

 

Malwarebytes Anti-Malware (Prøveversion) 1.70.0.1100

http://www.malwarebytes.org

 

Database version: v2013.02.15.04

 

Windows 7 Service Pack 1 x64 NTFS (Fejlsikret Tilstand Med Netværk)

Internet Explorer 9.0.8112.16421

Torben :: ASUS-LAPTOP [administrator]

 

Beskyttelse: Slået fra

 

15-02-2013 10:27:49

mbam-log-2013-02-15 (10-27-49).txt

 

Skanningstype: Fuldstændig skanning (C:\|D:\|E:\|)

Skanningsmuligheder valgt: Hukommelse | Opstart | Registreringsdatabasen | Filsystem | Heuristics/Ekstra | Heuristics/Shuriken | PUP | PUM

Skanningsmuligheder som er deaktiverede: P2P

Objekter skannet: 730937

Tid gået: 1 time(e), 4 minut(ter), 25 sekund(er)

 

Hukommelses Processorer Inficeret: 0

(Ingen skadelige objekter blev fundet)

 

Hukommelses Moduler Inficeret: 0

(Ingen skadelige objekter blev fundet)

 

Registreringsdatabasenøgler Inficeret: 0

(Ingen skadelige objekter blev fundet)

 

Registreringsdatabaseværdier Inficeret: 0

(Ingen skadelige objekter blev fundet)

 

Registreringsdatabasedata Objekter Inficeret: 0

(Ingen skadelige objekter blev fundet)

 

Inficerede Mapper: 0

(Ingen skadelige objekter blev fundet)

 

Inficerede Filer: 0

(Ingen skadelige objekter blev fundet)

 

(færdig)

[tdlarsen]

Combofix log

 

ComboFix 13-02-13.02 - Torben 15-02-2013 11:53:26.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.45.1030.18.16361.13953 [GMT 1:00]

Kører fra: c:\users\Torben\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Dannede nyt systemgendannelsespunkt

.

.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\89adac2205f84ad6da20a8fab75b44d5_c

c:\programdata\FullRemove.exe

c:\users\Torben\AppData\Local\Temp\8e48ab1f-1350-4e71-a323-f8fb69357150\CliSecureRT64.dll

c:\users\Torben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\20701005_Setup.exe

c:\windows\AsPatch10430001.exe

E:\install.exe

.

.

((((((((((((((((((((((((((((( Filer skabt fra 2013-01-15 til 2013-02-15 )))))))))))))))))))))))))))))))))))

.

.

2013-02-15 12:16 . 2013-02-15 12:16 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-02-15 12:16 . 2013-02-15 12:16 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-02-15 09:15 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EDE6B725-DA95-43FD-8C17-A152E5FFCC08}\mpengine.dll

2013-02-14 09:21 . 2013-02-14 09:21 -------- d-----w- c:\users\Torben\AppData\Local\libimobiledevice

2013-02-14 09:12 . 2013-02-14 09:12 -------- d-----w- c:\program files (x86)\Foxit Software

2013-02-13 23:11 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 23:11 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 20:23 . 2013-02-13 20:23 -------- d-----w- c:\programdata\IObit

2013-02-13 20:23 . 2013-02-13 20:23 -------- d-----w- c:\users\Torben\AppData\Roaming\IObit

2013-02-13 20:23 . 2013-02-13 20:23 -------- d-----w- c:\program files (x86)\IObit

2013-02-13 20:22 . 2013-02-13 20:22 -------- d-----w- c:\program files (x86)\IObit Apps Toolbar

2013-02-13 17:48 . 2013-02-15 10:44 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2013-02-13 17:47 . 2013-02-15 10:50 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2

2013-02-13 17:27 . 2012-07-27 02:02 173504 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2013-02-13 16:00 . 2013-02-13 16:00 -------- d-----w- c:\users\Torben\AppData\Roaming\Malwarebytes

2013-02-13 16:00 . 2013-02-13 16:00 -------- d-----w- c:\programdata\Malwarebytes

2013-02-13 16:00 . 2013-02-13 16:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-02-13 16:00 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-02-13 15:59 . 2013-02-13 15:59 -------- d-----w- c:\users\Torben\AppData\Local\Programs

2013-02-13 15:35 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-02-13 15:28 . 2013-02-13 17:19 -------- d-----w- c:\users\Torben\AppData\Roaming\WinDbg

2013-02-13 10:11 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-02-13 10:11 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-02-13 10:11 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-02-13 10:11 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-02-13 10:11 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll

2013-02-13 10:11 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2013-02-13 10:11 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2013-02-13 10:11 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-02-13 10:11 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-02-13 10:11 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-02-13 10:11 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-02-13 10:11 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2013-02-12 10:42 . 2013-02-12 10:42 -------- d-----w- c:\users\Torben\AppData\Local\sabnzbd

2013-02-12 10:40 . 2013-02-12 10:41 -------- d-----w- c:\program files (x86)\SABnzbd

2013-02-11 15:42 . 2013-02-11 21:05 -------- d-----w- c:\users\Torben\AppData\Roaming\uTorrent

2013-02-10 12:57 . 2013-02-10 12:57 -------- d-----w- c:\users\Torben\AppData\Roaming\redsn0w

2013-02-08 13:24 . 2013-02-08 13:24 -------- d-----w- c:\users\Torben\AppData\Roaming\Sierra Wireless

2013-02-08 13:24 . 2013-02-08 13:32 -------- d-----w- c:\users\Torben\AppData\Roaming\3Link

2013-02-08 13:23 . 2013-02-08 13:23 -------- d-----w- c:\program files (x86)\3Link

2013-02-04 10:49 . 2013-02-04 17:31 -------- d-----w- c:\users\Torben\AppData\Roaming\.minecraft

2013-02-01 17:35 . 2013-02-01 17:35 -------- d-----w- c:\program files (x86)\Common Files\Skype

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-14 14:45 . 2012-02-26 13:43 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe

2013-02-13 23:17 . 2012-02-26 16:32 70004024 ----a-w- c:\windows\system32\MRT.exe

2013-02-10 16:26 . 2012-03-01 18:22 281872 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2013-02-10 16:26 . 2012-03-01 18:02 281872 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2013-02-10 16:16 . 2012-03-01 18:02 111928 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2013-01-30 10:53 . 2012-02-26 15:25 273840 ------w- c:\windows\system32\MpSigStub.exe

2013-01-15 15:56 . 2012-09-16 11:08 477616 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2013-01-15 15:56 . 2012-02-26 17:33 473520 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-01-04 04:43 . 2013-02-13 10:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-12-27 12:28 . 2012-03-01 18:02 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-12-16 17:11 . 2012-12-21 22:03 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 14:45 . 2012-12-21 22:03 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:13 . 2012-12-21 22:03 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-16 14:13 . 2012-12-21 22:03 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-07 13:20 . 2013-01-09 20:39 441856 ----a-w- c:\windows\system32\Wpc.dll

2012-12-07 13:15 . 2013-01-09 20:39 2746368 ----a-w- c:\windows\system32\gameux.dll

2012-12-07 12:26 . 2013-01-09 20:39 308736 ----a-w- c:\windows\SysWow64\Wpc.dll

2012-12-07 12:20 . 2013-01-09 20:39 2576384 ----a-w- c:\windows\SysWow64\gameux.dll

2012-12-07 11:20 . 2013-01-09 20:39 30720 ----a-w- c:\windows\system32\usk.rs

2012-12-07 11:20 . 2013-01-09 20:39 43520 ----a-w- c:\windows\system32\csrr.rs

2012-12-07 11:20 . 2013-01-09 20:39 23552 ----a-w- c:\windows\system32\oflc.rs

2012-12-07 11:20 . 2013-01-09 20:39 45568 ----a-w- c:\windows\system32\oflc-nz.rs

2012-12-07 11:20 . 2013-01-09 20:39 44544 ----a-w- c:\windows\system32\pegibbfc.rs

2012-12-07 11:20 . 2013-01-09 20:39 20480 ----a-w- c:\windows\system32\pegi-fi.rs

2012-12-07 11:20 . 2013-01-09 20:39 20480 ----a-w- c:\windows\system32\pegi-pt.rs

2012-12-07 11:19 . 2013-01-09 20:39 20480 ----a-w- c:\windows\system32\pegi.rs

2012-12-07 11:19 . 2013-01-09 20:39 46592 ----a-w- c:\windows\system32\fpb.rs

2012-12-07 11:19 . 2013-01-09 20:39 40960 ----a-w- c:\windows\system32\cob-au.rs

2012-12-07 11:19 . 2013-01-09 20:39 21504 ----a-w- c:\windows\system32\grb.rs

2012-12-07 11:19 . 2013-01-09 20:39 15360 ----a-w- c:\windows\system32\djctq.rs

2012-12-07 11:19 . 2013-01-09 20:39 55296 ----a-w- c:\windows\system32\cero.rs

2012-12-07 11:19 . 2013-01-09 20:39 51712 ----a-w- c:\windows\system32\esrb.rs

2012-12-07 10:46 . 2013-01-09 20:39 43520 ----a-w- c:\windows\SysWow64\csrr.rs

2012-12-07 10:46 . 2013-01-09 20:39 30720 ----a-w- c:\windows\SysWow64\usk.rs

2012-12-07 10:46 . 2013-01-09 20:39 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs

2012-12-07 10:46 . 2013-01-09 20:39 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs

2012-12-07 10:46 . 2013-01-09 20:39 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs

2012-12-07 10:46 . 2013-01-09 20:39 23552 ----a-w- c:\windows\SysWow64\oflc.rs

2012-12-07 10:46 . 2013-01-09 20:39 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs

2012-12-07 10:46 . 2013-01-09 20:39 46592 ----a-w- c:\windows\SysWow64\fpb.rs

2012-12-07 10:46 . 2013-01-09 20:39 20480 ----a-w- c:\windows\SysWow64\pegi.rs

2012-12-07 10:46 . 2013-01-09 20:39 21504 ----a-w- c:\windows\SysWow64\grb.rs

2012-12-07 10:46 . 2013-01-09 20:39 40960 ----a-w- c:\windows\SysWow64\cob-au.rs

2012-12-07 10:46 . 2013-01-09 20:39 15360 ----a-w- c:\windows\SysWow64\djctq.rs

2012-12-07 10:46 . 2013-01-09 20:39 55296 ----a-w- c:\windows\SysWow64\cero.rs

2012-12-07 10:46 . 2013-01-09 20:39 51712 ----a-w- c:\windows\SysWow64\esrb.rs

2012-11-30 05:45 . 2013-01-09 20:38 362496 ----a-w- c:\windows\system32\wow64win.dll

2012-11-30 05:45 . 2013-01-09 20:38 243200 ----a-w- c:\windows\system32\wow64.dll

2012-11-30 05:45 . 2013-01-09 20:38 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2012-11-30 05:43 . 2013-01-09 20:38 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2012-11-30 05:41 . 2013-01-09 20:38 424448 ----a-w- c:\windows\system32\KernelBase.dll

2012-11-30 05:41 . 2013-01-09 20:38 1161216 ----a-w- c:\windows\system32\kernel32.dll

2012-11-30 05:38 . 2013-01-09 20:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 20:38 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 20:38 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 20:38 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 20:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 20:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 20:38 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 20:38 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 20:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 20:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 20:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 20:38 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 20:38 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 20:38 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 20:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 20:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 20:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 20:38 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 20:38 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 20:38 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 20:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 20:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 20:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 20:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 20:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 20:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 20:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 20:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2012-11-30 04:53 . 2013-01-09 20:38 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll

2012-11-30 04:45 . 2013-01-09 20:38 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 20:38 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 20:38 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 20:38 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 20:38 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 20:38 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 20:38 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 20:38 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 20:38 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 20:38 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 20:38 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 20:38 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 20:38 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 20:38 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 20:38 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 20:38 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 20:38 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 20:38 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 20:38 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

.

.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Bemærk* tomme linier & lovlige standard linier vises ikke

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{03EB0E9C-7A91-4381-A220-9B52B641CDB1}"= "c:\program files (x86)\IObit Apps Toolbar\IE\6.9\iobitappsToolbarIE.dll" [2013-02-08 1353024]

.

[HKEY_CLASSES_ROOT\clsid\{03eb0e9c-7a91-4381-a220-9b52b641cdb1}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]

2013-02-08 09:46 1353024 ----a-w- c:\program files (x86)\IObit Apps Toolbar\IE\6.9\iobitappsToolbarIE.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{03EB0E9C-7A91-4381-A220-9B52B641CDB1}"= "c:\program files (x86)\IObit Apps Toolbar\IE\6.9\iobitappsToolbarIE.dll" [2013-02-08 1353024]

.

[HKEY_CLASSES_ROOT\clsid\{03eb0e9c-7a91-4381-a220-9b52b641cdb1}]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2012-12-05 18:10 220632 ----a-w- c:\users\Torben\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2012-12-05 18:10 220632 ----a-w- c:\users\Torben\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2012-12-05 18:10 220632 ----a-w- c:\users\Torben\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="d:\steam\steam.exe" [2013-02-14 1597864]

"HP Photosmart 7510 series (NET)"="c:\program files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe" [2011-08-31 2676584]

"SteelSeries Engine"="c:\program files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe" [2012-08-27 236032]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-03-31 2018032]

"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2011-04-08 43008]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]

"USBChargerPlusTray"="c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe" [2011-04-18 496560]

"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-09-28 3058304]

"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-03-17 909312]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2011-04-08 45448]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]

"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]

"3Link_3Link_Launcher.exe"="c:\program files (x86)\3Link\3Link_Launcher.exe" [2012-08-22 470000]

.

c:\users\Torben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Torben\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]

Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

MCtlSvc.lnk - c:\program files (x86)\Mobile Broadband\Bin\mcserver.exe [2012-3-8 60688]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]

R2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe [2012-03-01 218624]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-09-28 79360]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-09-28 79360]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-03-01 117248]

R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-03-01 13952]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2012-03-01 256000]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]

R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2012-02-07 66328]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]

R3 massfilter_lte;LTE Device Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_lte.sys [2011-08-30 18456]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]

R3 NisSrv;Microsoft Netværksinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

R3 SVBoxDrv;Secomea VBox Support Driver;c:\program files\Secomea\TrustGate SoftClient\SVBoxDrv.sys [2011-10-10 138872]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]

R3 UHSfiltv;UHSfiltv;c:\windows\system32\drivers\UHSfiltv.sys [2011-07-15 23552]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]

R3 WatAdminSvc;Tjenesten Windows Aktivering;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-26 1255736]

R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]

R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]

R3 zgdcat;ZTE Datacard AT Port;c:\windows\system32\DRIVERS\zgdcat.sys [2011-12-11 130200]

R3 zgdcdiag;ZTE Datacard Diagnostics Port;c:\windows\system32\DRIVERS\zgdcdiag.sys [2011-12-11 130200]

R3 zgdcmdm;ZTE Datacard Modem;c:\windows\system32\DRIVERS\zgdcmdm.sys [2011-12-11 130200]

R3 zgdcnet;ZTE Datacard Network Adapter;c:\windows\system32\DRIVERS\zgdcnet.sys [2011-12-11 169496]

R3 zgdcnmea;ZTE Datacard NMEA Port;c:\windows\system32\DRIVERS\zgdcnmea.sys [2011-08-30 128912]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]

S2 3Link_Service;3Link Service;c:\program files (x86)\3Link\3Link_Service.exe [2012-08-22 490480]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 AsusUacSvc;Asus process privilege adjust service;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [2010-07-27 113840]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]

S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2010-11-16 339456]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]

S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2011-03-26 91464]

S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2011-02-26 16768]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224]

S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys [2012-05-22 112128]

S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2011-04-08 177152]

S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2011-04-08 56320]

S3 fspad_win764;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_win764;c:\windows\system32\DRIVERS\fspad_win764.sys [2011-06-19 53760]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-03-01 85504]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]

S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\DRIVERS\nvstusb.sys [2012-02-10 398144]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-21 471144]

S3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys [2012-05-21 34944]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

S3 VBoxTAP;VirtualBox TAP Adapter;c:\windows\system32\DRIVERS\VBoxTAP.sys [2011-10-10 64760]

.

.

Indhold af mappen 'Planlagte Opgaver'

.

2013-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3984325867-2906248765-3498124827-1001Core.job

- c:\users\Torben\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-26 16:07]

.

2013-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3984325867-2906248765-3498124827-1001UA.job

- c:\users\Torben\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-26 16:07]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2012-12-05 18:10 244696 ----a-w- c:\users\Torben\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2012-12-05 18:10 244696 ----a-w- c:\users\Torben\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2012-12-05 18:10 244696 ----a-w- c:\users\Torben\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Torben\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Torben\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Torben\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Torben\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-04-07 11788392]

"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]

"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]

.

------- Yderligere scanning -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://se.search.yahoo.com?type=800236&fr=spigot-yhp-ie

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: {{45d8438c-b51d-47a8-aeea-9061535f25f1} - {b52d0735-ec19-448a-abde-e01b5bd275d2} -

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: Interfaces\{2B0C72E3-D877-4DF3-89E4-0B59225BBA4F}: NameServer = 80.251.201.177 80.251.201.178

TCP: Interfaces\{6BA38EA0-6DF3-4097-B67E-71BB1FCAACEF}: NameServer = 80.251.201.177 80.251.201.178

TCP: Interfaces\{9593F5AE-D070-4573-8B48-F1BD9FE34EB7}: NameServer = 80.251.201.177 80.251.201.178

TCP: Interfaces\{A6409056-26F8-4275-828A-DDE5DBC6FF85}: NameServer = 80.251.201.177 80.251.201.178

DPF: {AC0C4B4E-D9EF-462A-B68D-0B823CA994CD} - hxxps://ftp.trustgate.dk/pub/TGSoftClient-x64.cab

.

- - - - TOMME GENVEJE FJERNET - - - -

.

URLSearchHooks-{37483b40-c254-4a72-bda4-22ee90182c1e} - (no file)

Toolbar-Locked - (no file)

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Torben\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Torben\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Torben\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

Toolbar-Locked - (no file)

HKLM-Run-fspuip - c:\program files (x86)\FSP\fspuip.exe

HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

AddRemove-{cb6d194b-149b-4e28-9b6b-fd0bdaa2aa7c}_is1 - c:\program files (x86)\DownTangoLauncherToolbar\unins000.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va009]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va011]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"

.

--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

.

[HKEY_USERS\S-1-5-21-3984325867-2906248765-3498124827-1001\Software\SecuROM\License information*]

"datasecu"=hex:ef,d8,18,23,dd,33,87,66,a0,f2,99,b6,80,b6,46,ed,42,99,8b,c8,e0,

0b,18,d3,70,8a,5f,d1,2c,31,3a,74,e7,7d,23,5b,06,c4,30,5a,24,ef,04,b2,ce,6c,\

"rkeysecu"=hex:4c,66,82,e2,d6,32,2a,0c,33,cb,8e,94,c3,e3,28,58

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Gennemført tid: 2013-02-15 13:20:57

ComboFix-quarantined-files.txt 2013-02-15 12:20

.

Pre-Kørsel: 16.634.269.696 byte ledig

Post-Kørsel: 16.712.564.736 byte ledig

.

- - End Of File - - DD2C94F8788240508B6CC1BA736A5F81

[tdlarsen]

OK. Restarted a couple of times. Seems ok. Keeping my fingers crossed. I'll let the boy play a bit, no new installaions the next couple of days.

 

Thx for yur help again!

[Scannan]

Hi tdlarsen

 

Glad to see your issue is sorted. However, it would be very helpful if you could give us some feedback on the final outcome.

Was it a virus/malware which caused the problem, and if so which one.

Did you manage to discover how you got the pop-up in the first place.

This would all be very useful information for other users.

[tdlarsen]

Hi tdlarsen

 

Glad to see your issue is sorted. However, it would be very helpful if you could give us some feedback on the final outcome.

Was it a virus/malware which caused the problem, and if so which one.

Did you manage to discover how you got the pop-up in the first place.

This would all be very useful information for other users.

Hi Scannan

 

The virus popped up two day ago out of the blue. We did not install anything, my son was playing CoD Black Ops 2 on a public server, and it was after that the popup started.

It disabled regedit and task manager and was lying on top all the time. I have no idea what it's name is, maybe you can see that in some of the logs?

[tdlarsen]

Thank you Superdave

 

hi dave im super glad that you fixed our computer so i can play games like before it really makes me happy to see peapole take care of each other

 

Sofus

PS. tdlarsen's son

[Superdave]

I would like to run a few more scans just to make sure the computer's clean.

 

Re-running ComboFix to remove infections:

 

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Open notepad and copy/paste the text in the quotebox below into it:
  

  
  KillAll::
   
  Firefox::
  Trusted Zone: clonewarsadventures.com
  Trusted Zone: freerealms.com
  Trusted Zone: soe.com
   
  DDS::
  Trusted Zone: clonewarsadventures.com
  Trusted Zone: freerealms.com
  Trusted Zone: soe.com
   
  

• Save this as CFScript.txt, in the same location as ComboFix.exe
   
  http://i424.photobucket.com/albums/pp322/digistar/cfscriptb4.gif
   
  
• Referring to the picture above, drag CFScript into ComboFix.exe
  
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• I don't need to see the log from this action.
  

****************************************************

• Download RogueKiller on the desktop
  
• Close all the running programs
  
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  
• Otherwise just double-click on RogueKiller.exe
  
• Pre-scan will start. Let it finish.
  
• Click on SCAN button.
  
• A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
  

**************************************************

Download Security Check by screen317 from one of the following links and save it to your desktop.

 

Link 1

Link 2

 

* Double-click Security Check.bat

* Follow the on-screen instructions inside of the black box.

* A Notepad document should open automatically called checkup.txt

* Post the contents of that document in your next reply.

 

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

[tdlarsen]

Rogue Killer report

 

RogueKiller V8.5.1 [Feb 12 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Torben [Admin rights]

Mode : Scan -- Date : 02/16/2013 10:35:07

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] ouc.exe -- C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [-] -> KILLED [TermProc]

 

¤¤¤ Registry Entries : 15 ¤¤¤

[RUN][sUSP PATH] HKUS\S-1-5-21-3984325867-2906248765-3498124827-1003[...]\RunOnce : CTPostBootSequencer ("C:\Users\Torben\AppData\Local\Temp\CTPBSeq.exe" /reglaunch /self_destruct) [x] -> FOUND

[TASK][sUSP PATH] ASUS Patch 10430001 : C:\Windows\AsPatch10430001.exe -e [x] -> FOUND

[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{2B0C72E3-D877-4DF3-89E4-0B59225BBA4F} : NameServer (80.251.201.177 80.251.201.178) -> FOUND

[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{6BA38EA0-6DF3-4097-B67E-71BB1FCAACEF} : NameServer (80.251.201.177 80.251.201.178) -> FOUND

[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{9593F5AE-D070-4573-8B48-F1BD9FE34EB7} : NameServer (80.251.201.177 80.251.201.178) -> FOUND

[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{A6409056-26F8-4275-828A-DDE5DBC6FF85} : NameServer (80.251.201.177 80.251.201.178) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{2B0C72E3-D877-4DF3-89E4-0B59225BBA4F} : NameServer (80.251.201.177 80.251.201.178) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{6BA38EA0-6DF3-4097-B67E-71BB1FCAACEF} : NameServer (80.251.201.177 80.251.201.178) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{9593F5AE-D070-4573-8B48-F1BD9FE34EB7} : NameServer (80.251.201.177 80.251.201.178) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{A6409056-26F8-4275-828A-DDE5DBC6FF85} : NameServer (80.251.201.177 80.251.201.178) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[sCREENSV][sUSP PATH] HKCU\[...]\Desktop (C:\Users\Torben\Desktop\dds.scr) [x] -> FOUND

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED] ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

 

127.0.0.1 localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: INTEL SSDSA2CW160G3 +++++

--- User ---

[MBR] 10578327d7acf39bc6f00e1f3c1c9627

[bSP] 2ee18edf56eb573bfe8fc4993312b762 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 127025 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive1: WDC WD7500BPKT-80PK4T0 +++++

--- User ---

[MBR] b17efdbde997cde13963cd71a27bec4c

[bSP] e6c2cebec9d5914c6fe029aa4b621d92 : Windows Vista/7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 357688 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 732547072 | Size: 357715 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[1]_S_02162013_02d1035.txt >>

RKreport[1]_S_02162013_02d1035.txt

[tdlarsen]

Security Check log

 

Results of screen317's Security Check version 0.99.57

Windows 7 Service Pack 1 x86 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

Java 6 Update 39

Java version out of Date!

Adobe Flash Player 10 Flash Player out of Date!

Mozilla Thunderbird 15.0.1 Thunderbird out of Date!

Google Chrome 24.0.1312.56

Google Chrome 24.0.1312.57

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:

````````````````````End of Log``````````````````````

[Superdave]

Update Your Java (JRE)

 

Old versions of Java have vulnerabilities that malware can use to infect your system.

 

First Verify your Java Version

 

If there are any other version(s) installed then update now.

 

Get the new version (if needed)

 

If your version is out of date install the newest version of the Sun Java Runtime Environment.

 

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

 

Be sure to close ALL open web browsers before starting the installation.

 

Remove any old versions

 

1. Download JavaRa and unzip the file to your Desktop.

2. Open JavaRA.exe and choose Remove Older Versions

3. Once complete exit JavaRA.

 

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

*****************************************************

Update your Adobe Reader. get.adobe.com/reader.

 

Be sure to uncheck the Free McAfee Security Scan so it isn't installed.

 

******************************************************

ESET Online Scan

 

Scan your computer with the ESET FREE Online Virus Scan

 

* Click the ESET Online Scanner button.

 

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

 

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the Back button then click Finish.

 

In your next reply please include the ESET Online Scan Log

[tdlarsen]

eset log

 

C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientDic\index.html HTML/Iframe.B.Gen virus deleted - quarantined

[Superdave]

How's your computer running now? Any other issues?