[Got an infection, apparently some nasty adware]

System appears to be 100% clean. I guess TFC did the job. Should I bump this if I keep getting redirected or is there anything else I should try?

MBAM:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.27.08

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Shaoni :: SHAONI-HP [administrator]

Protection: Enabled

27.06.2012 19:47:30

mbam-log-2012-06-27 (19-47-30).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 205493

Time elapsed: 4 minute(s), 44 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

ESET:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=0f4afbef602b354fbb739a9af9a6adf1

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-06-28 12:26:50

# local_time=2012-06-28 02:26:50 (+0100, Vest-Europa (sommertid))

# country="Norway"

# lang=1033

# osver=6.1.7600 NT

# compatibility_mode=5893 16776573 100 94 135430 92513233 0 0

# compatibility_mode=8192 67108863 100 0 146 146 0 0

# scanned=241732

# found=0

# cleaned=0

# scan_time=3027

Security Check:

Results of screen317's Security Check version 0.99.42

Windows 7 x64 (UAC is enabled)

Out of date service pack!!

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware versión 1.61.0.1400

Java 6 Update 29

Java version out of Date!

Mozilla Firefox (13.0.1)

Google Chrome 19.0.1084.52

Google Chrome 19.0.1084.56

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

[Got an infection, apparently some nasty adware]

Malwarebytes log came out exactly as before, 0 infections anywhere, even after getting updated.

Combofix:

ComboFix 12-06-27.01 - Shaoni 27.06.2012 20:00:48.1.2 - x64

Microsoft Windows 7 Professional 6.1.7600.0.1252.47.1044.18.1791.819 [GMT 2:00]

Kjører fra: c:\users\Shaoni\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\system32\drivers\etc\hosts.txt

.

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2012-05-27 til 2012-06-27 )))))))))))))))))))))))))))))))))

.

.

2012-06-26 21:59 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{350F2ECF-F35C-42DF-BB11-DF58FD628ED1}\mpengine.dll

2012-06-23 20:07 . 2012-06-23 20:07 -------- d-----w- c:\users\Shaoni\AppData\Local\Macromedia

2012-06-22 14:39 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-22 14:39 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-22 14:39 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-22 14:39 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-22 14:38 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-22 14:38 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-22 14:38 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-22 14:38 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-22 14:38 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-20 01:35 . 2012-06-20 02:02 -------- d-----w- c:\users\Shaoni\AppData\Roaming\TS3Client

2012-06-17 14:03 . 2012-06-17 14:03 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-17 14:03 . 2012-06-17 14:03 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll

2012-06-16 19:10 . 2012-06-16 19:10 -------- d-----w- c:\users\Shaoni\AppData\Local\FlashDevelop

2012-06-16 18:48 . 2012-06-16 18:48 -------- d-----w- c:\program files (x86)\FlashDevelop

2012-06-16 01:21 . 2011-03-11 08:09 51024 ----a-w- c:\windows\system32\vcomp100.dll

2012-06-14 00:51 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-14 00:51 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-14 00:51 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-14 00:51 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll

2012-06-14 00:51 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-06-14 00:51 . 2012-05-04 10:08 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-06-14 00:51 . 2012-05-04 10:08 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-06-14 00:50 . 2012-05-15 01:32 3144192 ----a-w- c:\windows\system32\win32k.sys

2012-06-14 00:50 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-14 00:50 . 2012-04-07 12:18 3213824 ----a-w- c:\windows\system32\msi.dll

2012-06-14 00:50 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-06-14 00:50 . 2012-04-24 05:59 182272 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-14 00:50 . 2012-04-24 05:59 1460224 ----a-w- c:\windows\system32\crypt32.dll

2012-06-14 00:50 . 2012-04-24 05:59 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-14 00:50 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-14 00:50 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-14 00:50 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-06-13 01:14 . 2012-06-13 01:14 -------- d-----w- c:\program files\TeamSpeak 3 Client

2012-06-12 19:39 . 2012-06-12 19:44 -------- d-----w- c:\program files (x86)\Amnesia - The Dark Descent

2012-06-12 19:32 . 2012-06-12 19:32 -------- d-----w- c:\program files (x86)\Elaborate Bytes

2012-06-11 20:22 . 2012-06-11 20:22 -------- d-----w- c:\users\Shaoni\AppData\Local\SplitMediaLabs

2012-06-11 20:20 . 2012-06-11 20:20 -------- d-----w- c:\program files (x86)\SplitMediaLabs

2012-06-11 20:20 . 2012-06-11 20:20 -------- d-----w- c:\programdata\SplitMediaLabs

2012-06-11 20:18 . 2012-06-11 20:18 -------- d-----w- c:\users\Shaoni\AppData\Roaming\SplitMediaLabs

2012-06-11 17:06 . 2012-06-27 18:18 -------- d-----w- c:\users\Shaoni\AppData\Roaming\Skype

2012-06-11 17:05 . 2012-06-11 17:05 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-06-11 17:05 . 2012-06-11 17:05 -------- d-----r- c:\program files (x86)\Skype

2012-06-11 17:05 . 2012-06-11 17:06 -------- d-----w- c:\programdata\Skype

2012-06-10 21:33 . 2003-07-06 12:12 152576 ----a-w- c:\windows\system32\CNCS32.DLL

2012-06-10 20:51 . 2012-06-10 20:51 -------- d-----w- c:\program files (x86)\Game Maker 8 Pro Edition

2012-06-08 14:07 . 2012-06-08 14:08 -------- d-----w- c:\program files (x86)\Multimedia Fusion 2

2012-06-06 18:59 . 2012-06-06 18:59 -------- d-----w- c:\users\Shaoni\AppData\Roaming\SmartFTP

2012-06-06 18:55 . 2012-06-06 18:55 -------- d-----w- c:\program files\SmartFTP Client

2012-06-06 18:53 . 2012-06-06 18:53 -------- d-----w- c:\program files (x86)\SmartFTP Client 4.0 (x64) Setup Files

2012-05-29 11:44 . 2012-05-29 11:44 -------- d-----w- c:\users\Shaoni\AppData\Roaming\Toribash

2012-05-29 11:44 . 2012-05-29 11:44 -------- d-----w- C:\Games

2012-05-29 10:12 . 2012-06-27 18:17 -------- d-----w- c:\users\Shaoni\AppData\Local\TSVNCache

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-23 19:19 . 2012-05-14 18:35 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-23 19:19 . 2012-03-14 17:48 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-17 22:50 . 2012-05-17 22:50 71680 ----a-w- c:\windows\system32\frapsv64.dll

2012-05-17 22:50 . 2012-05-17 22:50 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll

2012-05-08 12:25 . 2012-05-08 12:25 235 ----a-w- c:\windows\SysWow64\nxEuUninstall.bat

2012-05-08 12:25 . 2012-05-08 12:25 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe

2012-04-24 05:21 . 2012-04-24 05:21 0 ----a-w- c:\windows\SysWow64\sho9356.tmp

2012-04-23 01:44 . 2012-04-23 01:44 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-04-23 01:44 . 2012-04-23 01:44 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-04-23 01:44 . 2012-04-23 01:44 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-04-23 01:44 . 2012-04-23 01:44 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-04-23 01:44 . 2012-04-23 01:44 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-04-23 01:44 . 2012-04-23 01:44 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-04-23 01:44 . 2012-04-23 01:44 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-04-23 01:44 . 2012-04-23 01:44 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-04-23 01:44 . 2012-04-23 01:44 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-04-23 01:44 . 2012-04-23 01:44 603648 ----a-w- c:\windows\system32\vbscript.dll

2012-04-23 01:44 . 2012-04-23 01:44 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-04-23 01:44 . 2012-04-23 01:44 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-04-23 01:44 . 2012-04-23 01:44 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-04-23 01:44 . 2012-04-23 01:44 448512 ----a-w- c:\windows\system32\html.iec

2012-04-23 01:44 . 2012-04-23 01:44 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-04-23 01:44 . 2012-04-23 01:44 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-04-23 01:44 . 2012-04-23 01:44 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-04-23 01:44 . 2012-04-23 01:44 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-04-23 01:44 . 2012-04-23 01:44 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-04-23 01:44 . 2012-04-23 01:44 222208 ----a-w- c:\windows\system32\msls31.dll

2012-04-23 01:44 . 2012-04-23 01:44 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-04-23 01:44 . 2012-04-23 01:44 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-04-23 01:44 . 2012-04-23 01:44 160256 ----a-w- c:\windows\system32\wextract.exe

2012-04-23 01:44 . 2012-04-23 01:44 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-04-23 01:44 . 2012-04-23 01:44 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-04-23 01:44 . 2012-04-23 01:44 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-04-23 01:44 . 2012-04-23 01:44 12288 ----a-w- c:\windows\system32\mshta.exe

2012-04-23 01:44 . 2012-04-23 01:44 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-04-23 01:44 . 2012-04-23 01:44 114176 ----a-w- c:\windows\system32\admparse.dll

2012-04-23 01:44 . 2012-04-23 01:44 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-04-23 01:44 . 2012-04-23 01:44 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-04-23 01:44 . 2012-04-23 01:44 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2012-04-20 01:17 . 2012-04-20 01:17 0 ----a-w- c:\windows\SysWow64\shoD589.tmp

2012-04-12 16:12 . 2012-04-12 16:12 147248 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

2012-04-12 16:12 . 2012-05-01 02:53 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2012-04-12 16:12 . 2012-05-01 02:52 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2012-04-04 16:33 . 2012-05-16 02:37 955800 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-04-04 16:33 . 2012-05-16 02:37 839056 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-04 13:56 . 2012-05-27 15:57 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-30 11:09 . 2012-05-11 21:49 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Shaoni\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Shaoni\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Shaoni\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]

"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-03-15 742264]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-03-24 1242448]

"WhatPulse"="c:\program files (x86)\WhatPulse\WhatPulse.exe" [2011-11-15 3990528]

"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2012-05-08 438272]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]

"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2010-02-11 710656]

"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]

"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]

"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]

"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-12-12 11265536]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"D-Link D-Link DWA-121"="c:\program files (x86)\D-Link\DWA-121 revA\AirNCFG.exe" [2010-09-26 1041728]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]

.

c:\users\Shaoni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Shaoni\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2011-12-19 2362720]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]

2009-12-07 18:36 75320 ----a-w- c:\windows\System32\DeviceNP.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ DPPassFilter scecli

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]

R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2009-10-21 40760]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-12-07 362040]

R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304]

R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]

R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 OxPPort;OxPPort;c:\windows\system32\DRIVERS\OxPPort.sys [2008-07-31 98304]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-23 1255736]

S0 SafeBoot;SafeBoot; [x]

S0 SbAlg;SbAlg; [x]

S0 SbFsLock;SbFsLock; [x]

S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys [2010-06-07 15872]

S1 RsvLock;RsvLock; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-11 203264]

S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 D_Link_DWA-121_WPS;D_Link_DWA-121_WPS Service;c:\program files (x86)\D-Link\DWA-121 revA\ANIWConnService.exe [2010-07-11 53248]

S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-01-12 36864]

S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-02 281192]

S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-12 297984]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-11 6790656]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-11 221184]

S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-02-02 704512]

S3 DRTL8192cu;D-Link DWA Wireless N USB Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [2010-08-19 748648]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-03 331880]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-10-19 39480]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-04-12 147248]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

--- Andre tjenester/drivere lastet i minnet ---

.

*NewlyCreated* - WS2IFSL

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

.

2012-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 19:19]

.

2012-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4186856315-2171103671-2923768269-1003Core.job

- c:\users\Shaoni\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-14 16:46]

.

2012-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4186856315-2171103671-2923768269-1003UA.job

- c:\users\Shaoni\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-14 16:46]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Shaoni\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Shaoni\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Shaoni\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Shaoni\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://isearch.avg.com/?cid={4239988E-650D-4FD8-B60F-C9B0105CF733}&mid=1d99233e8e1447d0a802d94961e4913a-c4dd7f8ad735c313a7791894eb41bf978829701a〈=en&ds=is015&pr=sa&d=2012-05-07 08:28&v=11.0.0.9&sap=hp

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //FWEvent.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

TCP: DhcpNameServer = 130.67.15.198 193.213.112.4 10.0.0.138

FF - ProfilePath - c:\users\Shaoni\AppData\Roaming\Mozilla\Firefox\Profiles\toq7b9ty.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com?cid=%7Bb47f3b72-cc88-4086-88bb-cbdcd9f117e0%7D&mid=1d99233e8e1447d0a802d94961e4913a-c4dd7f8ad735c313a7791894eb41bf978829701a&ds=is015&v=11.0.0.9〈=en&pr=sa&d=2012-05-07%2008%3A28%3A44

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb47f3b72-cc88-4086-88bb-cbdcd9f117e0%7D&mid=1d99233e8e1447d0a802d94961e4913a-c4dd7f8ad735c313a7791894eb41bf978829701a&ds=is015&v=11.0.0.9〈=en&pr=sa&d=2012-05-07%2008%3A28%3A44&sap=ku&q=

.

- - - - TOMME PEKERE FJERNET - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-{319E272A-B5DB-4939-99D0-1F1F0C55699E} - c:\program files (x86)\InstallShield Installation Information\{319E272A-B5DB-4939-99D0-1F1F0C55699E}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LÅSTE REGISTERNøKLER ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

c:\program files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe

c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe

c:\nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe

c:\users\Shaoni\Desktop\Isaac.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2012-06-27 20:41:22 - maskinen ble startet pÅ nytt

ComboFix-quarantined-files.txt 2012-06-27 18:41

.

Pre-Run: 170 700 963 840 byte ledig

Post-Run: 171 911 704 576 byte ledig

.

- - End Of File - - B1EF1E0813A08236ED0C946B1D931EAB

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Shaoni at 20:46:44 on 2012-06-27

Microsoft Windows 7 Professional 6.1.7600.0.1252.47.1044.18.1791.469 [GMT 2:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe

c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\D-Link\DWA-121 revA\ANIWConnService.exe

c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe

C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files (x86)\PDF Complete\pdfsvc.exe

C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe

C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\rundll32.exe

c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe

c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\WhatPulse\WhatPulse.exe

C:\Users\Shaoni\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Trillian\trillian.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe

C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE

C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe

C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\D-Link\DWA-121 revA\AirNCFG.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://isearch.avg.com/?cid={4239988E-650D-4FD8-B60F-C9B0105CF733}&mid=1d99233e8e1447d0a802d94961e4913a-c4dd7f8ad735c313a7791894eb41bf978829701a〈=en&ds=is015&pr=sa&d=2012-05-07 08:28:44&v=11.0.0.9&sap=hp

BHO: File Sanitizer for HP ProtectTools: {3134413b-49b4-425c-98a5-893c1f195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll

BHO: HP ProtectTools Security Manager Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll

BHO: PÅloggingshjelp for Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [WhatPulse] C:\Program Files (x86)\WhatPulse\WhatPulse.exe

uRun: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"

mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

mRun: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe

mRun: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe

mRun: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [D-Link D-Link DWA-121] C:\Program Files (x86)\D-Link\DWA-121 revA\AirNCFG.exe

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

StartupFolder: C:\Users\Shaoni\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Shaoni\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Shaoni\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Trillian.lnk - C:\Program Files (x86)\Trillian\trillian.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //FWEvent.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 130.67.15.198 193.213.112.4 10.0.0.138

TCP: Interfaces\{1A75FCCB-6B32-4F75-861D-D8E531A08CAC} : DhcpNameServer = 193.213.112.4 130.67.15.198 10.0.0.138

TCP: Interfaces\{AD4CC578-F195-4D05-B5E9-6FDA4FFE253E} : DhcpNameServer = 130.67.15.198 193.213.112.4 10.0.0.138

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Notify: DeviceNP - DeviceNP.dll

LSA: Notification Packages = DPPassFilter scecli

{3134413B-49B4-425C-98A5-893C1F195601}

{395610AE-C624-4f58-B89E-23733EA00F9A}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{d2ce3e00-f94a-4740-988e-03dc2f38c34f}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

{8dcb7100-df86-4384-8842-8fa844297b3f}

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"

mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

mRun-x64: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe

mRun-x64: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe

mRun-x64: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [D-Link D-Link DWA-121] C:\Program Files (x86)\D-Link\DWA-121 revA\AirNCFG.exe

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Shaoni\AppData\Roaming\Mozilla\Firefox\Profiles\toq7b9ty.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com?cid=%7Bb47f3b72-cc88-4086-88bb-cbdcd9f117e0%7D&mid=1d99233e8e1447d0a802d94961e4913a-c4dd7f8ad735c313a7791894eb41bf978829701a&ds=is015&v=11.0.0.9〈=en&pr=sa&d=2012-05-07%2008%3A28%3A44

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb47f3b72-cc88-4086-88bb-cbdcd9f117e0%7D&mid=1d99233e8e1447d0a802d94961e4913a-c4dd7f8ad735c313a7791894eb41bf978829701a&ds=is015&v=11.0.0.9〈=en&pr=sa&d=2012-05-07%2008%3A28%3A44&sap=ku&q=

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\BYOND\bin\npbyond.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npbyond.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Users\Shaoni\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SbAlg;SbAlg;C:\Windows\System32\drivers\SbAlg.sys [2010-2-2 51800]

R0 SbFsLock;SbFsLock;C:\Windows\System32\drivers\SbFsLock.sys [2010-2-2 13256]

R1 anodlwf;ANOD Network Security Filter driver;C:\Windows\system32\DRIVERS\anodlwfx.sys --> C:\Windows\system32\DRIVERS\anodlwfx.sys [?]

R1 RsvLock;RsvLock;C:\Windows\System32\drivers\rsvlock.sys [2010-2-2 40088]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 D_Link_DWA-121_WPS;D_Link_DWA-121_WPS Service;C:\Program Files (x86)\D-Link\DWA-121 revA\ANIWConnService.exe [2012-4-12 53248]

R2 HP ProtectTools Service;HP ProtectTools Service;C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-1-12 36864]

R2 HpFkCryptService;Drive Encryption Service;C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-2-2 281192]

R2 HPFSService;File Sanitizer for HP ProtectTools;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-12 297984]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-27 654408]

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-10-21 635416]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 DEBridge;DEBridge;C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-2-2 704512]

R3 DRTL8192cu;D-Link DWA Wireless N USB Adapter;C:\Windows\system32\DRIVERS\RTL8192cu.sys --> C:\Windows\system32\DRIVERS\RTL8192cu.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-14 250056]

S3 DAMDrv;DAMDrv;C:\Windows\system32\DRIVERS\DAMDrv64.sys --> C:\Windows\system32\DRIVERS\DAMDrv64.sys [?]

S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\SysWOW64\flcdlock.exe [2009-12-7 362040]

S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\system32\DRIVERS\mcvidrv_x64.sys --> C:\Windows\system32\DRIVERS\mcvidrv_x64.sys [?]

S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\system32\drivers\mcaudrv_x64.sys --> C:\Windows\system32\drivers\mcaudrv_x64.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-14 113120]

S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 OxPPort;OxPPort;C:\Windows\system32\DRIVERS\OxPPort.sys --> C:\Windows\system32\DRIVERS\OxPPort.sys [?]

S3 StorSvc;Oppbevaringstjeneste;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-06-27 17:58:42 98816 ----a-w- C:\Windows\sed.exe

2012-06-27 17:58:42 518144 ----a-w- C:\Windows\SWREG.exe

2012-06-27 17:58:42 256000 ----a-w- C:\Windows\PEV.exe

2012-06-27 17:58:42 208896 ----a-w- C:\Windows\MBR.exe

2012-06-26 21:59:12 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{350F2ECF-F35C-42DF-BB11-DF58FD628ED1}\mpengine.dll

2012-06-23 20:07:52 -------- d-----w- C:\Users\Shaoni\AppData\Local\Macromedia

2012-06-22 14:39:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-22 14:38:59 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-22 14:38:10 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-22 14:38:10 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-20 01:35:35 -------- d-----w- C:\Users\Shaoni\AppData\Roaming\TS3Client

2012-06-17 14:03:29 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-17 14:03:29 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll

2012-06-16 19:10:35 -------- d-----w- C:\Users\Shaoni\AppData\Local\FlashDevelop.old

2012-06-16 19:10:35 -------- d-----w- C:\Users\Shaoni\AppData\Local\FlashDevelop

2012-06-16 18:48:28 -------- d-----w- C:\Program Files (x86)\FlashDevelop

2012-06-16 01:21:29 51024 ----a-w- C:\Windows\System32\vcomp100.dll

2012-06-14 00:51:33 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-06-14 00:51:33 76288 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-06-14 00:51:33 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-06-14 00:51:25 208896 ----a-w- C:\Windows\System32\profsvc.dll

2012-06-14 00:51:14 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-06-14 00:51:14 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-06-14 00:51:13 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-06-14 00:50:56 3144192 ----a-w- C:\Windows\System32\win32k.sys

2012-06-14 00:50:45 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-06-14 00:50:36 3213824 ----a-w- C:\Windows\System32\msi.dll

2012-06-14 00:50:36 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2012-06-14 00:50:26 182272 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-06-14 00:50:26 1460224 ----a-w- C:\Windows\System32\crypt32.dll

2012-06-14 00:50:26 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-06-14 00:50:26 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-06-14 00:50:25 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-06-14 00:50:25 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-06-13 01:14:14 -------- d-----w- C:\Program Files\TeamSpeak 3 Client

2012-06-12 19:39:51 -------- d-----w- C:\Program Files (x86)\Amnesia - The Dark Descent

2012-06-12 19:32:34 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes

2012-06-11 20:22:56 -------- d-----w- C:\Users\Shaoni\AppData\Local\SplitMediaLabs

2012-06-11 20:20:44 -------- d-----w- C:\Program Files (x86)\SplitMediaLabs

2012-06-11 20:20:42 -------- d-----w- C:\ProgramData\SplitMediaLabs

2012-06-11 20:18:48 -------- d-----w- C:\Users\Shaoni\AppData\Roaming\SplitMediaLabs

2012-06-11 17:05:44 -------- d-----r- C:\Program Files (x86)\Skype

2012-06-10 21:33:46 152576 ----a-w- C:\Windows\System32\CNCS32.DLL

2012-06-10 20:51:14 -------- d-----w- C:\Program Files (x86)\Game Maker 8 Pro Edition

2012-06-08 14:07:55 -------- d-----w- C:\Program Files (x86)\Multimedia Fusion 2

2012-06-06 18:55:46 -------- d-----w- C:\Program Files\SmartFTP Client

2012-06-06 18:53:59 -------- d-----w- C:\Program Files (x86)\SmartFTP Client 4.0 (x64) Setup Files

2012-05-29 11:44:28 -------- d-----w- C:\Users\Shaoni\AppData\Roaming\Toribash

2012-05-29 11:44:02 -------- d-----w- C:\Games

2012-05-29 10:12:17 -------- d-----w- C:\Users\Shaoni\AppData\Local\TSVNCache

.

==================== Find3M ====================

.

2012-06-23 19:19:44 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-23 19:19:44 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:50:06 71680 ----a-w- C:\Windows\System32\frapsv64.dll

2012-05-17 22:50:04 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-05-08 12:25:59 235 ----a-w- C:\Windows\SysWow64\nxEuUninstall.bat

2012-05-08 12:25:57 446464 ----a-w- C:\Windows\NEXON_EU_DownloaderUpdater.exe

2012-04-24 05:21:57 0 ----a-w- C:\Windows\SysWow64\sho9356.tmp

2012-04-20 01:17:37 0 ----a-w- C:\Windows\SysWow64\shoD589.tmp

2012-04-12 16:12:56 147248 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys

2012-04-12 16:12:54 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys

2012-04-12 16:12:54 130864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys

2012-04-04 16:33:18 955800 ----a-w- C:\Windows\System32\npDeployJava1.dll

2012-04-04 16:33:14 839056 ----a-w- C:\Windows\System32\deployJava1.dll

2012-04-04 13:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-30 11:09:53 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

============= FINISH: 20:47:24,92 ===============

[Got an infection, apparently some nasty adware]

2 days ago my internet suddenly started acting weird - major sites like Google, Facebook and Youtube didn't work. I could connect to other sites, albeit slowly. Eventually contacted my ISP and got the problem solves, which evidently was a DNS mix up.

Shortly after I decided to make an online purchase of World of Warcraft game time, and ran a quick scan with Malwarebytes just to ensure I didn't have any keyloggers or other malicious stuff. Apparently I had one infection, "BEF3.tmp", which I quarantined and removed - then I looked it up on several online virus directories, and found out this particular virus was often paired with "Zlob.DNS Changer". Whoops.

The DNS Changer hadn't showed up in the quick scan, so I ran a full scan of my entire machine and there still weren't any more infections. I didn't think much of it, perhaps I was lucky and only had BEF3.tmp, but yeah, no. After playing some World of Warcraft I decided to take a break, and when I tried to start it up again, apparently my 3D Acceleration DirectX driver thingie was malfunctioning. It also automatically opened an ad in my browser, which I recognized as one which has troubled me for a long time (I never paid notice to it before now, but for several months I've had an obnoxious popup ad in the right lower corner on many websites, which I usually just close with the little black X button).

A few of my links have also started redirecting me to the same ad, although it's somewhat rare. I'm certain I've got some adware on my PC, and perhaps more than that considering it's apparently made my DirectX fail.

(Note, I bought the WoW game time on another PC I have on the same network to be absolutely sure it wouldn't be keylogged. Is there any possibility it has spread to other PCs on my network?)

I don't know much about stuff like this, to be honest, but I've been extremely paranoid since this happened. Here's my DDS log, attached the zipped Attach.txt:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Shaoni at 7:22:07 on 2012-06-27

Microsoft Windows 7 Professional 6.1.7600.0.1252.47.1044.18.1791.696 [GMT 2:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe

c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\D-Link\DWA-121 revA\ANIWConnService.exe

c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe

C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files (x86)\PDF Complete\pdfsvc.exe

C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Windows\system32\atieclxx.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\System32\alg.exe

C:\Windows\system32\taskhost.exe

c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe

C:\Windows\system32\taskeng.exe

c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\WhatPulse\WhatPulse.exe

C:\Program Files (x86)\Trillian\trillian.exe

C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE

C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe

C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\D-Link\DWA-121 revA\AirNCFG.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe

C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe

C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

C:\Program Files (x86)\BYOND\bin\byond.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://isearch.avg.com/?cid={4239988E-650D-4FD8-B60F-C9B0105CF733}&mid=1d99233e8e1447d0a802d94961e4913a-c4dd7f8ad735c313a7791894eb41bf978829701a〈=en&ds=is015&pr=sa&d=2012-05-07 08:28:44&v=11.0.0.9&sap=hp

mWinlogon: Userinit=userinit.exe,

BHO: File Sanitizer for HP ProtectTools: {3134413b-49b4-425c-98a5-893c1f195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll

BHO: HP ProtectTools Security Manager Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll

BHO: Påloggingshjelp for Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [WhatPulse] C:\Program Files (x86)\WhatPulse\WhatPulse.exe

uRun: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe

uRun: [Google Update] "C:\Users\Shaoni\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"

mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

mRun: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe

mRun: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe

mRun: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [D-Link D-Link DWA-121] C:\Program Files (x86)\D-Link\DWA-121 revA\AirNCFG.exe

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

StartupFolder: C:\Users\Shaoni\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Shaoni\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Shaoni\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Trillian.lnk - C:\Program Files (x86)\Trillian\trillian.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //FWEvent.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 130.67.15.198 193.213.112.4 10.0.0.138

TCP: Interfaces\{1A75FCCB-6B32-4F75-861D-D8E531A08CAC} : DhcpNameServer = 193.213.112.4 130.67.15.198 10.0.0.138

TCP: Interfaces\{AD4CC578-F195-4D05-B5E9-6FDA4FFE253E} : DhcpNameServer = 130.67.15.198 193.213.112.4 10.0.0.138

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Notify: DeviceNP - DeviceNP.dll

LSA: Notification Packages = DPPassFilter scecli

{3134413B-49B4-425C-98A5-893C1F195601}

{395610AE-C624-4f58-B89E-23733EA00F9A}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{d2ce3e00-f94a-4740-988e-03dc2f38c34f}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

{8dcb7100-df86-4384-8842-8fa844297b3f}

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"

mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

mRun-x64: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe

mRun-x64: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe

mRun-x64: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [D-Link D-Link DWA-121] C:\Program Files (x86)\D-Link\DWA-121 revA\AirNCFG.exe

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

Hosts: 149.5.18.173 www.google-analytics.com.

Hosts: 149.5.18.173 ad-emea.doubleclick.net.

Hosts: 149.5.18.173 www.statcounter.com.

Hosts: 108.163.215.51 www.google-analytics.com.

Hosts: 108.163.215.51 ad-emea.doubleclick.net.

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Shaoni\AppData\Roaming\Mozilla\Firefox\Profiles\toq7b9ty.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com?cid=%7Bb47f3b72-cc88-4086-88bb-cbdcd9f117e0%7D&mid=1d99233e8e1447d0a802d94961e4913a-c4dd7f8ad735c313a7791894eb41bf978829701a&ds=is015&v=11.0.0.9〈=en&pr=sa&d=2012-05-07%2008%3A28%3A44

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb47f3b72-cc88-4086-88bb-cbdcd9f117e0%7D&mid=1d99233e8e1447d0a802d94961e4913a-c4dd7f8ad735c313a7791894eb41bf978829701a&ds=is015&v=11.0.0.9〈=en&pr=sa&d=2012-05-07%2008%3A28%3A44&sap=ku&q=

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\BYOND\bin\npbyond.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npbyond.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Users\Shaoni\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SbAlg;SbAlg;C:\Windows\System32\drivers\SbAlg.sys [2010-2-2 51800]

R0 SbFsLock;SbFsLock;C:\Windows\System32\drivers\SbFsLock.sys [2010-2-2 13256]

R1 anodlwf;ANOD Network Security Filter driver;C:\Windows\system32\DRIVERS\anodlwfx.sys --> C:\Windows\system32\DRIVERS\anodlwfx.sys [?]

R1 RsvLock;RsvLock;C:\Windows\System32\drivers\rsvlock.sys [2010-2-2 40088]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 D_Link_DWA-121_WPS;D_Link_DWA-121_WPS Service;C:\Program Files (x86)\D-Link\DWA-121 revA\ANIWConnService.exe [2012-4-12 53248]

R2 HP ProtectTools Service;HP ProtectTools Service;C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-1-12 36864]

R2 HpFkCryptService;Drive Encryption Service;C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-2-2 281192]

R2 HPFSService;File Sanitizer for HP ProtectTools;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-12 297984]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-27 654408]

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-10-21 635416]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 DEBridge;DEBridge;C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-2-2 704512]

R3 DRTL8192cu;D-Link DWA Wireless N USB Adapter;C:\Windows\system32\DRIVERS\RTL8192cu.sys --> C:\Windows\system32\DRIVERS\RTL8192cu.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-14 250056]

S3 DAMDrv;DAMDrv;C:\Windows\system32\DRIVERS\DAMDrv64.sys --> C:\Windows\system32\DRIVERS\DAMDrv64.sys [?]

S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\SysWOW64\flcdlock.exe [2009-12-7 362040]

S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\system32\DRIVERS\mcvidrv_x64.sys --> C:\Windows\system32\DRIVERS\mcvidrv_x64.sys [?]

S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\system32\drivers\mcaudrv_x64.sys --> C:\Windows\system32\drivers\mcaudrv_x64.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-14 113120]

S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 OxPPort;OxPPort;C:\Windows\system32\DRIVERS\OxPPort.sys --> C:\Windows\system32\DRIVERS\OxPPort.sys [?]

S3 StorSvc;Oppbevaringstjeneste;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-06-26 21:59:12 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{350F2ECF-F35C-42DF-BB11-DF58FD628ED1}\mpengine.dll

2012-06-23 20:07:52 -------- d-----w- C:\Users\Shaoni\AppData\Local\Macromedia

2012-06-22 14:39:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-22 14:38:10 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-22 14:38:10 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-20 01:35:35 -------- d-----w- C:\Users\Shaoni\AppData\Roaming\TS3Client

2012-06-17 14:03:29 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-17 14:03:29 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll

2012-06-16 19:10:35 -------- d-----w- C:\Users\Shaoni\AppData\Local\FlashDevelop.old

2012-06-16 19:10:35 -------- d-----w- C:\Users\Shaoni\AppData\Local\FlashDevelop

2012-06-16 18:48:28 -------- d-----w- C:\Program Files (x86)\FlashDevelop

2012-06-16 01:21:29 51024 ----a-w- C:\Windows\System32\vcomp100.dll

2012-06-14 00:51:33 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-06-14 00:51:33 76288 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-06-14 00:51:33 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-06-14 00:51:25 208896 ----a-w- C:\Windows\System32\profsvc.dll

2012-06-14 00:51:14 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-06-14 00:51:14 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-06-14 00:51:13 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-06-14 00:50:56 3144192 ----a-w- C:\Windows\System32\win32k.sys

2012-06-14 00:50:45 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-06-14 00:50:36 3213824 ----a-w- C:\Windows\System32\msi.dll

2012-06-14 00:50:36 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2012-06-14 00:50:26 182272 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-06-14 00:50:26 1460224 ----a-w- C:\Windows\System32\crypt32.dll

2012-06-14 00:50:26 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-06-14 00:50:26 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-06-14 00:50:25 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-06-14 00:50:25 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-06-13 01:14:14 -------- d-----w- C:\Program Files\TeamSpeak 3 Client

2012-06-12 19:39:51 -------- d-----w- C:\Program Files (x86)\Amnesia - The Dark Descent

2012-06-12 19:32:34 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes

2012-06-11 20:22:56 -------- d-----w- C:\Users\Shaoni\AppData\Local\SplitMediaLabs

2012-06-11 20:20:44 -------- d-----w- C:\Program Files (x86)\SplitMediaLabs

2012-06-11 20:20:42 -------- d-----w- C:\ProgramData\SplitMediaLabs

2012-06-11 20:18:48 -------- d-----w- C:\Users\Shaoni\AppData\Roaming\SplitMediaLabs

2012-06-11 17:05:44 -------- d-----r- C:\Program Files (x86)\Skype

2012-06-10 21:33:46 152576 ----a-w- C:\Windows\System32\CNCS32.DLL

2012-06-10 20:51:14 -------- d-----w- C:\Program Files (x86)\Game Maker 8 Pro Edition

2012-06-08 14:07:55 -------- d-----w- C:\Program Files (x86)\Multimedia Fusion 2

2012-06-06 18:55:46 -------- d-----w- C:\Program Files\SmartFTP Client

2012-06-06 18:53:59 -------- d-----w- C:\Program Files (x86)\SmartFTP Client 4.0 (x64) Setup Files

2012-05-29 11:44:28 -------- d-----w- C:\Users\Shaoni\AppData\Roaming\Toribash

2012-05-29 11:44:02 -------- d-----w- C:\Games

2012-05-29 10:12:17 -------- d-----w- C:\Users\Shaoni\AppData\Local\TSVNCache

2012-05-28 14:21:15 -------- d-----w- C:\Users\Shaoni\AppData\Roaming\TortoiseSVN

2012-05-28 14:17:56 -------- d-----w- C:\Users\Shaoni\AppData\Roaming\Subversion

2012-05-28 14:17:20 -------- d-----w- C:\Program Files (x86)\Common Files\TortoiseOverlays

2012-05-28 14:17:18 -------- d-----w- C:\Program Files\Common Files\TortoiseOverlays

2012-05-28 14:17:17 -------- d-----w- C:\Program Files\TortoiseSVN

.

==================== Find3M ====================

.

2012-06-23 19:19:44 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-23 19:19:44 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:50:06 71680 ----a-w- C:\Windows\System32\frapsv64.dll

2012-05-17 22:50:04 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-05-08 12:25:59 235 ----a-w- C:\Windows\SysWow64\nxEuUninstall.bat

2012-05-08 12:25:57 446464 ----a-w- C:\Windows\NEXON_EU_DownloaderUpdater.exe

2012-04-24 05:21:57 0 ----a-w- C:\Windows\SysWow64\sho9356.tmp

2012-04-20 01:17:37 0 ----a-w- C:\Windows\SysWow64\shoD589.tmp

2012-04-12 16:12:56 147248 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys

2012-04-12 16:12:54 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys

2012-04-12 16:12:54 130864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys

2012-04-04 16:33:18 955800 ----a-w- C:\Windows\System32\npDeployJava1.dll

2012-04-04 16:33:14 839056 ----a-w- C:\Windows\System32\deployJava1.dll

2012-04-04 13:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-30 11:09:53 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

============= FINISH: 7:22:52,36 ===============

Attach.rar