espenlok

Members

View Profile See their activity

Posts
3
Joined
July 12, 2012
Last visited
July 13, 2012

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by espenlok

Ad pop-ups in bottom right corner

espenlok replied to espenlok's topic in Resolved Malware Removal Logs

Hello again! it actually seems that the pop-up problem has disappeared after I used combofix on the machine. And the problem with the programs not starting disappeared after a new restart. Excellent. Thanks a lot for your help! Espen
- July 13, 2012
- 6 replies
Ad pop-ups in bottom right corner

espenlok replied to espenlok's topic in Resolved Malware Removal Logs

Hi! Thanks for your reply. I did a new MBAM Quick Scan, but unfortunately the log file disappeared during the ComboFix scan (which made the computer restart). I tried to rund MBAM again, but the computer says C:\ProgramFiles (x86)\Malwarebytes' Anti Malware\mbam.exe Illegal operation was tried in a register key that was marked for deleting (my translation from Norwegian). However, I saw the log file before it disappeared, and there were no findings. The ComboFix log file says ComboFix 12-07-12.02 - Roar 12.07.2012 22:00:37.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.47.1044.18.3944.2161 [GMT 2:00] Kjører fra: c:\users\Roar\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\assembly\tmp\U c:\windows\system32\drivers\etc\hosts.txt c:\windows\system32\Thumbs.db Q:\Autorun.inf . . ((((((((((((((((((((((((((( Filer Opprettet Fra 2012-06-12 til 2012-07-12 ))))))))))))))))))))))))))))))))) . . 2012-07-12 16:00 . 2012-07-12 16:00 -------- d-----w- c:\users\Roar\AppData\Roaming\Malwarebytes 2012-07-12 16:00 . 2012-07-12 16:00 -------- d-----w- c:\programdata\Malwarebytes 2012-07-12 16:00 . 2012-07-12 16:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-12 16:00 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-12 12:22 . 2012-07-12 12:22 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-07-12 12:22 . 2012-07-12 12:22 -------- d-----w- c:\program files (x86)\Java 2012-07-12 08:24 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C3D5F105-0091-47D7-A992-26F7B85D6A5A}\mpengine.dll 2012-07-11 22:34 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-10 22:10 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-09 01:00 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe 2012-07-08 17:53 . 2012-02-10 14:10 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{080ACEE7-6302-465E-A989-43A1A41F118C}\gapaengine.dll 2012-06-21 07:44 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 07:44 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 07:44 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 07:44 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 07:43 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-21 07:43 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 07:43 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 07:43 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 07:43 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-13 05:33 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-13 05:33 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-13 05:33 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-13 05:33 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-06-13 05:33 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-06-13 05:33 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-06-13 05:32 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-06-13 05:32 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-13 05:32 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll 2012-06-13 05:32 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-06-13 05:32 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-06-13 05:32 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-13 05:32 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-13 05:32 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-06-13 05:32 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-06-13 05:32 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-06-13 05:20 . 2012-06-13 05:20 -------- d-----w- c:\program files\iPod 2012-06-13 05:20 . 2012-06-13 05:21 -------- d-----w- c:\program files\iTunes 2012-06-13 05:20 . 2012-06-13 05:21 -------- d-----w- c:\program files (x86)\iTunes . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-12 12:22 . 2012-01-13 13:51 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-07-12 12:11 . 2012-04-09 16:40 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-12 12:11 . 2012-01-13 13:51 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl . . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LTT"="c:\program files\PC-Doctor\EnableToolbarW32.exe" [2011-06-27 23120] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-19 39408] "OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Power Manager Power Agenda"="c:\progra~2\ThinkPad\UTILIT~1\DPMHost.exe" [2011-08-11 75064] "Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-14 4351712] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . c:\users\Roar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Microsoft SharePoint Workspace.lnk - c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ C-Pen 20.lnk - c:\windows\Installer\{ED10A1F7-C0D9-44F4-AA62-E6EACFE9188C}\_5A1930EDFA8D_4359_BB47_DE9376F17160.exe [2012-1-18 45056] McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-19 136176] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056] R3 CPen20;C-Pen 20;c:\windows\system32\Drivers\CPen20.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-19 136176] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 pendfu;PenDfu (pendfu.sys);c:\windows\system32\Drivers\pendfu.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-14 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-08-11 70968] S2 Sks8821;Skdaemon Service;c:\program files\Lenovo\Lenovo Slim USB Keyboard\Sks8821.exe [2010-05-04 137216] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-03 2656280] S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2011-04-13 84088] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-10-19 56344] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-12-01 250984] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776] . . --- Andre tjenester/drivere lastet i minnet --- . *NewlyCreated* - WS2IFSL . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) . 2012-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 12:11] . 2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-19 01:23] . 2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-19 01:23] . 2012-07-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06] . 2012-07-12 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-09 11663976] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-14 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-14 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-14 418328] "Skd8821"="c:\program files\Lenovo\Lenovo Slim USB Keyboard\Skd8821.exe" [2010-08-05 384000] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.startsiden.no/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksporter til Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd til OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 81.167.36.3 81.167.36.11 DPF: DirectEdit - hxxps://www.itslearning.com/file/DirectEdit.CAB FF - ProfilePath - c:\users\Roar\AppData\Roaming\Mozilla\Firefox\Profiles\m2ilvz3a.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Symantec VIP Access Add-On: VIP@verisign.com - c:\program files (x86)\Symantec\VIP Access Client . - - - - TOMME PEKERE FJERNET - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- LÅSTE REGISTERNøKLER --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Lenovo\System Update\SUService.exe . ************************************************************************** . Tidspunkt ferdig: 2012-07-12 22:10:29 - maskinen ble startet pÅ nytt ComboFix-quarantined-files.txt 2012-07-12 20:10 . Pre-Run: 407 804 325 888 byte ledig Post-Run: 407 987 023 872 byte ledig . - - End Of File - - 528F4CF8C51E962C5BFDFEE36A78FED9
- July 12, 2012
- 6 replies
Ad pop-ups in bottom right corner

espenlok posted a topic in Resolved Malware Removal Logs

Hi guys! My father's computer has been infected with some adware, which I'm not able to get awaty. Would be great if you could help me out. I have tried to rund Malwarebytes' Anti-Malware, but it didn't find anything. As instructed, I have included the logs from DDS.txt and Attach.txt. DDS.txt . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33 Run by Roar at 18:09:14 on 2012-07-12 Microsoft Windows 7 Professional 6.1.7601.1.1252.47.1044.18.3944.1936 [GMT 2:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Sks8821.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Skdh8821.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Skd8821.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files (x86)\C Technologies\C-Pen 20\CPen20.exe C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\C Technologies\C-Pen 20\CPenOCR.exe C:\Program Files (x86)\C Technologies\C-Pen 20\CPenDesk.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files (x86)\Symantec\VIP Access Client\VIPUIManager.exe C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\rundll32.exe C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Lenovo\System Update\SUService.exe C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\taskeng.exe C:\Program Files\PC-Doctor\pcdrcui.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Program Files\PC-Doctor\pcdrrealtime.p5x C:\Windows\notepad.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP uStart Page = hxxp://www.startsiden.no/ uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Påloggingshjelp for Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO: Symantec VIP Access Add-On: {c63cd127-a1cb-4d49-a4f7-d6f88a917be6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [LTT] C:\Program Files\PC-Doctor\EnableToolbarW32.exe uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" mRun: [Power Manager Power Agenda] C:\PROGRA~2\ThinkPad\UTILIT~1\DPMHost.exe mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent StartupFolder: C:\Users\Roar\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\C-PEN2~1.LNK - C:\Windows\Installer\{ED10A1F7-C0D9-44F4-AA62-E6EACFE9188C}\_5A1930EDFA8D_4359_BB47_DE9376F17160.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200 IE: E&ksporter til Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd til OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: DirectEdit - hxxps://www.itslearning.com/file/DirectEdit.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab TCP: DhcpNameServer = 81.167.36.3 81.167.36.11 TCP: Interfaces\{1C428772-1E1C-4202-BEDD-1EC85CB772BE} : DhcpNameServer = 81.167.36.3 81.167.36.11 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL {18DF081C-E8AD-4283-A596-FA578C2EBDC3} {72853161-30C5-4D22-B7F9-0BBC1D38A37E} {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} {9030D464-4C02-4ABF-8ECC-5164760863C6} {AA58ED58-01DD-4d91-8333-CF10577473F7} {B4F3A835-0E21-4959-BA22-42B3008E02FF} {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} {DBC80044-A445-435b-BC74-9C25C1C588A9} {2318C2B1-4965-11d4-9B18-009027A5CD4F} mRun-x64: [Power Manager Power Agenda] C:\PROGRA~2\ThinkPad\UTILIT~1\DPMHost.exe mRun-x64: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook Hosts: 149.5.18.172 www.google-analytics.com. Hosts: 149.5.18.172 ad-emea.doubleclick.net. Hosts: 149.5.18.172 www.statcounter.com. Hosts: 108.163.215.51 www.google-analytics.com. Hosts: 108.163.215.51 ad-emea.doubleclick.net. . Note: multiple HOSTS entries found. Please refer to Attach.txt . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Roar\AppData\Roaming\Mozilla\Firefox\Profiles\m2ilvz3a.default\ FF - component: C:\Program Files (x86)\Symantec\VIP Access Client\components\VeriSign Identity Protection.dll FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npjpi160_31.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npoji610.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Symantec VIP Access Add-On: VIP@verisign.com - C:\Program Files (x86)\Symantec\VIP Access Client . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-12 655944] R2 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-11-19 70968] R2 Sks8821;Skdaemon Service;C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Sks8821.exe [2010-5-4 137216] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-19 2656280] R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2011-4-13 84088] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] R3 PCDSRVC{127174DC-C366ED8B-06020200}_0;PCDSRVC{127174DC-C366ED8B-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor\pcdsrvc_x64.pkms [2011-6-27 25584] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-19 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 250056] S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-19 136176] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 StorSvc;Oppbevaringstjeneste;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184] . =============== Created Last 30 ================ . 2012-07-12 16:00:58 -------- d-----w- C:\Users\Roar\AppData\Roaming\Malwarebytes 2012-07-12 16:00:46 -------- d-----w- C:\ProgramData\Malwarebytes 2012-07-12 16:00:45 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-07-12 16:00:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-12 12:23:13 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C3D5F105-0091-47D7-A992-26F7B85D6A5A}\offreg.dll 2012-07-12 12:22:32 476936 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-07-12 10:30:26 -------- d-----w- C:\Users\Roar\AppData\Local\{0DE94EBF-B65B-4CA6-9009-DE77149F2979} 2012-07-12 10:30:15 -------- d-----w- C:\Users\Roar\AppData\Local\{6A3E1585-0191-40AF-BA74-7D464FC1F9BD} 2012-07-12 08:24:34 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C3D5F105-0091-47D7-A992-26F7B85D6A5A}\mpengine.dll 2012-07-11 22:34:25 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-11 20:39:48 -------- d-----w- C:\Users\Roar\AppData\Local\{075B8F91-17EF-43BE-9A5C-893324AE433C} 2012-07-11 20:39:37 -------- d-----w- C:\Users\Roar\AppData\Local\{C4D7FA44-B9BF-40AD-B921-D6B273186656} 2012-07-10 22:10:56 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-10 22:00:53 -------- d-----w- C:\Users\Roar\AppData\Local\{801F6545-F48C-4B5F-AD84-1405E9894FC5} 2012-07-10 06:10:05 -------- d-----w- C:\Users\Roar\AppData\Local\{129B2F24-1A07-4B6E-8B52-F592F48F0D38} 2012-07-10 06:09:55 -------- d-----w- C:\Users\Roar\AppData\Local\{3F6230D5-CF40-4BCC-80F0-81687722B81F} 2012-07-09 09:29:31 -------- d-----w- C:\Users\Roar\AppData\Local\{27E69F0B-801C-4A10-A593-9D96900E8A8E} 2012-07-09 09:29:20 -------- d-----w- C:\Users\Roar\AppData\Local\{E52C4849-60B0-4F0F-A64A-CE9EFB5DAA0D} 2012-07-09 01:00:47 294912 ----a-w- C:\Windows\System32\browserchoice.exe 2012-07-08 18:42:11 -------- d-----w- C:\Users\Roar\AppData\Local\{9D621279-F41C-458E-BD57-2B373CD3BB71} 2012-07-08 18:42:01 -------- d-----w- C:\Users\Roar\AppData\Local\{4220BD54-30E2-4EF9-BE5E-F7A708CE1262} 2012-07-08 17:53:33 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{080ACEE7-6302-465E-A989-43A1A41F118C}\gapaengine.dll 2012-06-23 05:40:14 -------- d-----w- C:\Users\Roar\AppData\Local\{56234419-208D-47B4-804E-04081F42D2D8} 2012-06-23 05:40:03 -------- d-----w- C:\Users\Roar\AppData\Local\{4518652C-CCBD-469B-BC8F-6E2F774DD5F1} 2012-06-22 12:22:29 -------- d-----w- C:\Users\Roar\AppData\Local\{A10B0033-BA98-46FA-97A3-5224B468E803} 2012-06-22 12:22:19 -------- d-----w- C:\Users\Roar\AppData\Local\{30FC51FA-E791-4359-AF24-B89CC5554A3D} 2012-06-21 15:28:40 -------- d-----w- C:\Users\Roar\AppData\Local\{C5726762-E7E7-464B-BB01-F306DE305EBF} 2012-06-21 15:28:29 -------- d-----w- C:\Users\Roar\AppData\Local\{A28252DE-66EB-4F68-B916-299C8B7F70CE} 2012-06-21 10:01:03 -------- d-----w- C:\Users\Roar\AppData\Local\{D4462F15-6F46-4B95-94B7-FC80FE1D2068} 2012-06-21 07:44:12 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-21 07:43:58 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-21 07:43:47 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-21 07:43:47 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-20 05:42:55 -------- d-----w- C:\Users\Roar\AppData\Local\{586529A0-63CC-47FD-8065-6A5D2FCA7596} 2012-06-20 05:42:44 -------- d-----w- C:\Users\Roar\AppData\Local\{FC62DE68-04FA-4A5F-9C86-18E8C4975FAC} 2012-06-19 16:07:30 -------- d-----w- C:\Users\Roar\AppData\Local\{9847855D-26C0-4AEA-A2DF-F31802EE132E} 2012-06-19 16:07:19 -------- d-----w- C:\Users\Roar\AppData\Local\{9BDCA554-B2A0-487D-9B8E-BA9FD69BE11A} 2012-06-18 19:37:28 -------- d-----w- C:\Users\Roar\AppData\Local\{56102590-B740-4706-9CB6-B74C2DFC6906} 2012-06-17 19:44:47 -------- d-----w- C:\Users\Roar\AppData\Local\{6258F93D-1484-4DA8-80A2-B9375E599FC6} 2012-06-16 11:15:40 -------- d-----w- C:\Users\Roar\AppData\Local\{85BC0034-AD58-4F89-874A-6A33C14EBA19} 2012-06-16 06:15:34 -------- d-----w- C:\Users\Roar\AppData\Local\{6D38E698-17E3-47CD-A7E0-FBF6DC259C36} 2012-06-15 14:39:12 -------- d-----w- C:\Users\Roar\AppData\Local\{7E83141C-61C8-44AE-970E-8AD8D4ECF71B} 2012-06-14 13:29:02 -------- d-----w- C:\Users\Roar\AppData\Local\{BFFFDDCA-6ACC-4ACD-B2D1-54B1465C1884} 2012-06-14 13:28:52 -------- d-----w- C:\Users\Roar\AppData\Local\{268B865D-65A4-48AA-854B-43640D053B3B} 2012-06-13 19:47:11 -------- d-----w- C:\Users\Roar\AppData\Local\{1E068139-5539-4CE0-A3AE-3C8E5471EBD3} 2012-06-13 19:47:01 -------- d-----w- C:\Users\Roar\AppData\Local\{B8405150-AA57-45D0-AAEF-982504F86790} 2012-06-13 05:33:08 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-06-13 05:33:08 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-06-13 05:33:08 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-06-13 05:33:07 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-06-13 05:33:06 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-06-13 05:33:02 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-06-13 05:32:58 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-06-13 05:32:51 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-06-13 05:32:50 3216384 ----a-w- C:\Windows\System32\msi.dll 2012-06-13 05:32:50 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-06-13 05:32:39 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-06-13 05:32:38 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-06-13 05:32:38 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-06-13 05:32:38 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-06-13 05:32:38 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-06-13 05:32:38 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-06-13 05:22:40 -------- d-----w- C:\Users\Roar\AppData\Local\{4CDEBD2C-D156-4D03-81F6-736E733C5870} 2012-06-13 05:22:29 -------- d-----w- C:\Users\Roar\AppData\Local\{B4423B12-1CFE-4693-9319-D33E3F9A8611} 2012-06-13 05:20:35 -------- d-----w- C:\Program Files\iPod 2012-06-13 05:20:34 -------- d-----w- C:\Program Files\iTunes 2012-06-13 05:20:34 -------- d-----w- C:\Program Files (x86)\iTunes . ==================== Find3M ==================== . 2012-07-12 12:22:26 472840 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-07-12 12:11:21 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-12 12:11:21 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll . ============= FINISH: 18:10:20,77 =============== Attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 13.01.2012 14:31:49 System Uptime: 12.07.2012 17:15:35 (1 hours ago) . Motherboard: LENOVO | | To be filled by O.E.M. Processor: Intel® Core i3-2120 CPU @ 3.30GHz | CPU 1 | 1584/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 453 GiB total, 355,836 GiB free. E: is CDROM () Q: is FIXED (NTFS) - 12 GiB total, 0,266 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP66: 13.06.2012 23:15:08 - Windows Update RP67: 18.06.2012 08:46:17 - Windows Update RP68: 21.06.2012 09:43:33 - Windows Update RP69: 21.06.2012 22:54:46 - Windows Update RP70: 08.07.2012 19:51:17 - Windows Update RP71: 09.07.2012 03:00:23 - Windows Update RP72: 12.07.2012 00:30:37 - Windows Update RP73: 12.07.2012 14:21:30 - Installed Java 6 Update 33 . ==== Hosts File Hijack ====================== . Hosts: 149.5.18.172 www.google-analytics.com. Hosts: 149.5.18.172 ad-emea.doubleclick.net. Hosts: 149.5.18.172 www.statcounter.com. Hosts: 108.163.215.51 www.google-analytics.com. Hosts: 108.163.215.51 ad-emea.doubleclick.net. Hosts: 108.163.215.51 www.statcounter.com. . ==== Installed Programs ====================== . ActiveX-kontroll för fjärranslutningar för Windows Live Mesh Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.3) - Norsk Adobe Shockwave Player 11.6 Apple Application Support Apple Software Update C-Pen 20 Create Recovery Media D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Google Chrome Google Earth Google Toolbar for Internet Explorer Google Update Helper Intel® Control Center Intel® Identity Protection Technology 1.1.2.0 Intel® Management Engine Components Intel® Processor Graphics Java Auto Updater Java 6 Update 33 Junk Mail filter update Lenovo Registration Lenovo User Guide Lenovo Welcome Malwarebytes Anti-Malware versjon 1.62.0.1300 McAfee Security Scan Plus Mesh Runtime Message Center Plus Microsoft .NET Framework 1.1 Microsoft Office 2010 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (Norwegian (Bokmål)) 2010 Microsoft Office Excel MUI (Norwegian (Bokmål)) 2010 Microsoft Office Groove MUI (Norwegian (Bokmål)) 2010 Microsoft Office InfoPath MUI (Norwegian (Bokmål)) 2010 Microsoft Office OneNote MUI (Norwegian (Bokmål)) 2010 Microsoft Office Outlook MUI (Norwegian (Bokmål)) 2010 Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proof (Norwegian (Bokmål)) 2010 Microsoft Office Proof (Norwegian (Nynorsk)) 2010 Microsoft Office Proofing (Norwegian (Bokmål)) 2010 Microsoft Office Publisher MUI (Norwegian (Bokmål)) 2010 Microsoft Office Shared MUI (Norwegian (Bokmål)) 2010 Microsoft Office Word MUI (Norwegian (Bokmål)) 2010 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox (3.5.5) MSVCRT MSVCRT_amd64 Picasa 3 Realtek Ethernet Controller All-In-One Windows Driver Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition System Update ThinkVantage Power Manager Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition VIPAccess VLC media player 1.1.11 Windows Live Communications Platform Windows Live Essentials Windows Live Fotogalleri Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger Windows Live Mesh ActiveX-objekt til fjernforbindelser Windows Live Mesh ActiveX Control for Remote Connections Windows Live Meshin etäyhteyksien ActiveX-komponentti Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Liven asennustyökalu Windows Liven sähköposti Windows Liven valokuvavalikoima . ==== End Of File ===========================
- July 12, 2012
- 6 replies

Sign In

espenlok

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by espenlok

Ad pop-ups in bottom right corner

Ad pop-ups in bottom right corner

Ad pop-ups in bottom right corner

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information