svchost.exe and twitter account hacked

[simman]

Hi.

My twitter account was hacked and started sending spam. I have also experienced slowdowns on my computer and high ping when playing online games. So installed MB and now its blocking incoming traffic svchost.exe. Can someone help me figure this out?

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16576

Run by Simon at 12:09:12 on 2013-05-25

Microsoft Windows 7 Professional 6.1.7601.1.1252.46.1053.18.8172.6398 [GMT 2:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\IProsetMonitor.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

C:\Program Files (x86)\Skype\Updater\Updater.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

C:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\SysWOW64\HsMgr.exe

C:\Windows\system\HsMgr64.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Users\Simon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files (x86)\Samsung\Kies\Kies.exe

C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files (x86)\Personal\bin\Personal.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files (x86)\No-IP\DUC30.exe

C:\Program Files\ASUS Xonar DX Audio\Customapp\ASUSAUDIOCENTER.EXE

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Browny02\BrYNSvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\msiexec.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

uRun: [Google Update] "C:\Users\Simon\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [spotify Web Helper] "C:\Users\Simon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup

uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

uRun: [spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean

mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

mRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN

StartupFolder: C:\Users\Simon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NO-IPD~1.LNK - C:\Program Files (x86)\No-IP\DUC30.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{5DF7F731-0F06-4E1E-BE11-01BC1D04095C} : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{5DF7F731-0F06-4E1E-BE11-01BC1D04095C} : DHCPNameServer = 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Notify: SDWinLogon - SDWinLogon.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd

x64-Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke

x64-Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke

x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-9-3 133800]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-24 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-24 701512]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]

R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-26 1103392]

R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-26 1369624]

R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-26 168384]

R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]

R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-5-4 3574624]

R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-4-4 245760]

R3 cmudaxp;ASUS Xonar DX Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2012-9-3 2725376]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-24 25928]

R3 NisSrv;Microsoft Nätverkskontroll;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 IBG_gds_db;InterBase XE3 Guardian gds_db;C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibguard.exe -i "C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3" -p gds_db --> C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibguard.exe -i C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3 [?]

S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\System32\drivers\lganddiag64.sys [2012-3-2 27648]

S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\System32\drivers\lgandgps64.sys [2012-3-2 27136]

S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\lgandadb.sys [2010-8-2 31744]

S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-1-15 49152]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-9-25 102240]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-3-29 1431888]

S3 IBS_gds_db;InterBase XE3 Server gds_db;C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibserver.exe -i "C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3" -p gds_db --> C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibserver.exe -i C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3 [?]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2012-9-25 157672]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2012-9-25 16872]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2012-9-25 177640]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-9-25 203104]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]

S3 tap0901_openvpn_accl;TAP-Win32 Adapter V9 for OpenVPN Accelerator;C:\Windows\System32\drivers\tap0901_openvpn_accl.sys [2012-8-21 37912]

S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2012-7-15 30720]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-9-3 59392]

S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-3 1255736]

.

=============== File Associations ===============

.

FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"

.

=============== Created Last 30 ================

.

2013-05-25 08:17:16 964552 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{23C4576A-DC77-4AC1-BA14-92BF60881E5C}\gapaengine.dll

2013-05-25 08:17:14 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{39534D6C-B8E3-4932-9B99-781383635AB7}\mpengine.dll

2013-05-25 08:16:40 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2013-05-25 08:16:39 -------- d-----w- C:\Program Files\Microsoft Security Client

2013-05-24 21:14:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-05-24 21:14:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-05-24 21:02:19 -------- d-----w- C:\Users\Simon\AppData\Local\{6BD0C3F2-B27B-447F-A9C5-6A5489851B5C}

2013-05-24 16:48:26 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{69FA7B7D-BA1F-4EE6-8CA9-F4AAF93D7593}\mpengine.dll

2013-05-24 09:01:55 -------- d-----w- C:\Users\Simon\AppData\Local\{67831B28-4772-4C10-8D60-B0EC1CED95D6}

2013-05-23 18:13:34 -------- d-----w- C:\Users\Simon\AppData\Local\{C3B7B599-12FF-4DF8-AFE5-B9FA6B2C352E}

2013-05-22 08:04:49 -------- d-----w- C:\Users\Simon\AppData\Local\{274E94AC-40D7-4C7C-BD2D-0C4F361D36CA}

2013-05-21 18:28:21 -------- d-----w- C:\Users\Simon\AppData\Local\{BF5E8AF0-245D-442F-9B8D-6DF6A2A02C80}

2013-05-20 08:18:56 -------- d-----w- C:\Users\Simon\AppData\Local\{4927C90F-336D-461B-8C4B-975098875387}

2013-05-19 05:37:25 -------- d-----w- C:\Users\Simon\AppData\Local\{F6D7D865-6F6A-467C-9214-28EDCD807175}

2013-05-18 10:19:48 -------- d-----w- C:\Users\Simon\AppData\Local\{3BFB70A7-24C1-4F7D-AA44-3CD81BAB12CE}

2013-05-17 09:54:05 -------- d-----w- C:\Users\Simon\AppData\Local\{90FBDC0F-4C42-4307-A493-111F1E499F5B}

2013-05-16 10:26:08 -------- d-----w- C:\Users\Simon\AppData\Local\{2BFCA933-63BF-4624-A537-D0F9A0B622D9}

2013-05-15 22:33:22 -------- d-----w- C:\ProgramData\Bohemia Interactive

2013-05-15 09:26:25 -------- d-----w- C:\Users\Simon\AppData\Local\{7F3C0A61-8FF9-46E4-ADD6-45C14A320C88}

2013-05-14 16:41:45 -------- d-----w- C:\Users\Simon\AppData\Local\{489576A7-52B5-4988-8194-F7F5F357E27C}

2013-05-13 20:40:23 -------- d-----w- C:\Users\Simon\AppData\Local\{942F08E8-E68C-4703-BA0C-73ECE79F65DA}

2013-05-13 07:16:49 -------- d-----w- C:\Users\Simon\AppData\Local\{3540C1FA-C5AA-4817-AA3B-D16E11BF5E96}

2013-05-12 08:55:40 -------- d-----w- C:\Users\Simon\AppData\Local\{B937E431-4857-4D08-BD01-8CF697D4B048}

2013-05-11 11:15:33 -------- d-----w- C:\Users\Simon\AppData\Local\{70BF73CC-0446-45EB-A567-4E5C49A9A293}

2013-05-10 23:15:09 -------- d-----w- C:\Users\Simon\AppData\Local\{E65415F5-438A-4D38-8D5C-3FA893768A90}

2013-05-10 11:14:45 -------- d-----w- C:\Users\Simon\AppData\Local\{7B1065AF-FFE6-47AE-A134-443A2E529038}

2013-05-09 19:53:09 -------- d-----w- C:\Users\Simon\AppData\Local\{575D3D01-7099-4EC9-A0EB-033F3C80EBB2}

2013-05-08 09:21:37 -------- d-----w- C:\Users\Simon\AppData\Local\{3E5C1321-6C01-413A-BEF9-4CFE88FBE44E}

2013-05-07 14:50:02 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls

2013-05-07 11:18:09 -------- d-----w- C:\Users\Simon\AppData\Local\{7E3D769B-6649-4AF8-874F-81EC738B98D2}

2013-05-06 13:20:29 -------- d-----w- C:\Users\Simon\AppData\Local\{3D33DB81-B3F4-4B97-8E49-430AFE52C392}

2013-05-05 11:57:00 -------- d-----w- C:\Users\Simon\AppData\Local\{F6413681-3EA7-466A-9429-55CAD82877B1}

2013-05-04 14:19:43 -------- d-----w- C:\Program Files (x86)\TeamViewer

2013-05-04 04:02:01 -------- d-----w- C:\Users\Simon\AppData\Local\{75EB29CD-83C1-4C16-B316-39D97F656FC7}

2013-05-03 13:39:09 -------- d-----w- C:\Users\Simon\AppData\Roaming\3909 LLC

2013-05-03 10:28:30 -------- d-----w- C:\Users\Simon\AppData\Local\{3A4932B0-409F-41D5-8DC3-EB40B75A7311}

2013-05-02 11:23:33 -------- d-----w- C:\Users\Simon\AppData\Local\{38F3D7B3-A5BD-4A33-B9B5-B18B48FC0215}

2013-05-01 11:59:22 -------- d-----w- C:\Users\Simon\AppData\Local\{E9D7386A-3317-4F68-9B72-BA5222FF98E6}

2013-04-30 19:13:59 -------- d-----w- C:\Users\Simon\AppData\Local\{01D59D6F-CF42-4974-9CA8-76D2CDF192CF}

2013-04-29 16:16:31 -------- d-----w- C:\Users\Simon\AppData\Local\{FD474FFB-8EB1-46F4-AC8C-021C660F2976}

2013-04-28 13:50:13 -------- d-----w- C:\Users\Simon\AppData\Local\Chromium

2013-04-28 12:00:17 -------- d-----w- C:\Users\Simon\AppData\Local\{8BA454C9-F080-48C5-B475-4D081EA7075B}

2013-04-27 11:54:15 -------- d-----w- C:\Users\Simon\AppData\Local\{35D8476C-E8EA-4556-B1A5-42AA0F1A9432}

2013-04-26 04:16:21 -------- d-----w- C:\Users\Simon\AppData\Local\{B42C944C-7FDE-469E-BB79-45BC3CED022D}

.

==================== Find3M ====================

.

2013-05-25 08:05:17 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-25 08:05:17 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-05-24 20:00:35 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2013-05-24 20:00:35 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2013-05-24 20:00:27 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2013-05-07 16:03:14 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll

2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll

2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll

2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe

2013-02-27 06:02:44 111448 ----a-w- C:\Windows\System32\consent.exe

2013-02-27 05:48:00 1930752 ----a-w- C:\Windows\System32\authui.dll

2013-02-27 05:47:10 70144 ----a-w- C:\Windows\System32\appinfo.dll

2013-02-27 04:49:24 1796096 ----a-w- C:\Windows\SysWow64\authui.dll

2012-11-21 15:07:28 5729792 ----a-w- C:\Program Files (x86)\Secrets.exe

.

============= FINISH: 12:09:20.43 ===============

attach.zip

[Maniac]

Hello simman and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
  

Step 1

Please uninstall this application: µTorrent

Step 2

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

• Download on the desktop RogueKiller
  
• Quit all programs
  
• Start RogueKiller.exe
  
• Wait until Prescan has finished ...
  
• Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.

In your next reply, post the following log files:

• Malwarebytes' Anti-Malware log
  
• RogueKiller log

[simman]

Thank you for your fast reply Maniac. Here are the logs:

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.05.25.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16576

Simon :: DATTA [administrator]

Protection: Enabled

2013-05-25 12:39:38

mbam-log-2013-05-25 (12-39-38).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Shuriken | PUP | PUM

Scan options disabled: Heuristics/Extra | P2P

Objects scanned: 35953

Time elapsed: 3 minute(s), 16 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Simon [Admin rights]

Mode : Scan -- Date : 05/25/2013 12:44:25

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤

[RUN][bLACKLISTDLL] HKLM\[...]\Run : Cmaudio8788 (C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG SSD 830 Series ATA Device +++++

--- User ---

[MBR] 68f51cbc0a1c053569790f690fc8e696

[bSP] f630658e3f787c5a438ca135336e5243 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 244196 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: Corsair Force 3 SSD ATA Device +++++

--- User ---

[MBR] 5b1f4d7b87b8939e37b606d75f071092

[bSP] 8cadbf059d6dd52e4669ff9065048977 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive2: SAMSUNG HD103UJ ATA Device +++++

--- User ---

[MBR] 5b4d17d6f7286329144e241fdc031cb0

[bSP] 3569fda99014e33414361292cebc85e3 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953866 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_05252013_02d1244.txt >>

RKreport[1]_S_05252013_02d1244.txt

[Maniac]

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

[simman]

ComboFix 13-05-25.02 - Simon 2013-05-26 12:12:24.1.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.46.1053.18.8172.6540 [GMT 2:00]

Körs från: c:\users\Simon\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Simon\AppData\Local\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll

c:\windows\pkunzip.pif

c:\windows\pkzip.pif

c:\windows\SysWow64\frapsvid.dll

c:\windows\SysWow64\muzapp.exe

.

.

(((((((((((((((((((((((( Filer skapade från 2013-04-26 till 2013-05-26 ))))))))))))))))))))))))))))))

.

.

2013-05-26 10:09 . 2013-05-12 21:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{25B71C72-9392-4D22-84DF-21AFEF0A3A2C}\mpengine.dll

2013-05-25 08:17 . 2013-05-25 08:17 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{23C4576A-DC77-4AC1-BA14-92BF60881E5C}\gapaengine.dll

2013-05-25 08:17 . 2013-05-12 21:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-05-25 08:16 . 2013-05-25 08:16 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2013-05-25 08:16 . 2013-05-25 08:16 -------- d-----w- c:\program files\Microsoft Security Client

2013-05-24 21:14 . 2013-05-24 21:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-05-24 21:14 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-05-24 16:48 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{69FA7B7D-BA1F-4EE6-8CA9-F4AAF93D7593}\mpengine.dll

2013-05-15 22:33 . 2013-05-15 22:33 -------- d-----w- c:\programdata\Bohemia Interactive

2013-05-07 14:50 . 2013-05-07 14:50 -------- d-----w- c:\program files (x86)\Microsoft Chart Controls

2013-05-04 14:19 . 2013-05-04 14:19 -------- d-----w- c:\program files (x86)\TeamViewer

2013-05-03 13:39 . 2013-05-03 13:39 -------- d-----w- c:\users\Simon\AppData\Roaming\3909 LLC

2013-04-28 13:50 . 2013-04-28 13:50 -------- d-----w- c:\users\Simon\AppData\Local\Chromium

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-25 22:45 . 2012-09-03 22:57 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2013-05-25 22:45 . 2012-09-03 22:28 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2013-05-25 22:45 . 2012-09-03 22:28 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2013-05-25 08:05 . 2012-09-14 23:18 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-25 08:05 . 2012-09-14 23:18 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-05-15 23:58 . 2012-09-03 18:36 75016696 ----a-w- c:\windows\system32\MRT.exe

2013-05-09 19:52 . 2011-03-28 16:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-07 16:03 . 2012-09-03 22:28 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2013-05-02 15:29 . 2012-09-03 18:38 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-04-13 05:49 . 2013-05-15 19:43 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-15 19:43 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-15 19:43 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-15 19:43 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-15 19:43 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-15 19:43 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-12 14:45 . 2013-04-24 09:40 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-01 22:54 . 2013-04-01 22:54 97280 ----a-w- c:\windows\system32\mshtmled.dll

2013-04-01 22:54 . 2013-04-01 22:54 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-04-01 22:54 . 2013-04-01 22:54 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-04-01 22:54 . 2013-04-01 22:54 81408 ----a-w- c:\windows\system32\icardie.dll

2013-04-01 22:54 . 2013-04-01 22:54 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-04-01 22:54 . 2013-04-01 22:54 762368 ----a-w- c:\windows\system32\ieapfltr.dll

2013-04-01 22:54 . 2013-04-01 22:54 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-04-01 22:54 . 2013-04-01 22:54 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-04-01 22:54 . 2013-04-01 22:54 62976 ----a-w- c:\windows\system32\pngfilt.dll

2013-04-01 22:54 . 2013-04-01 22:54 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-04-01 22:54 . 2013-04-01 22:54 599552 ----a-w- c:\windows\system32\vbscript.dll

2013-04-01 22:54 . 2013-04-01 22:54 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-04-01 22:54 . 2013-04-01 22:54 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-04-01 22:54 . 2013-04-01 22:54 51200 ----a-w- c:\windows\system32\imgutil.dll

2013-04-01 22:54 . 2013-04-01 22:54 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-04-01 22:54 . 2013-04-01 22:54 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-04-01 22:54 . 2013-04-01 22:54 452096 ----a-w- c:\windows\system32\dxtmsft.dll

2013-04-01 22:54 . 2013-04-01 22:54 441856 ----a-w- c:\windows\system32\html.iec

2013-04-01 22:54 . 2013-04-01 22:54 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-04-01 22:54 . 2013-04-01 22:54 361984 ----a-w- c:\windows\SysWow64\html.iec

2013-04-01 22:54 . 2013-04-01 22:54 281600 ----a-w- c:\windows\system32\dxtrans.dll

2013-04-01 22:54 . 2013-04-01 22:54 27648 ----a-w- c:\windows\system32\licmgr10.dll

2013-04-01 22:54 . 2013-04-01 22:54 270848 ----a-w- c:\windows\system32\iedkcs32.dll

2013-04-01 22:54 . 2013-04-01 22:54 247296 ----a-w- c:\windows\system32\webcheck.dll

2013-04-01 22:54 . 2013-04-01 22:54 235008 ----a-w- c:\windows\system32\url.dll

2013-04-01 22:54 . 2013-04-01 22:54 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-04-01 22:54 . 2013-04-01 22:54 226304 ----a-w- c:\windows\system32\elshyph.dll

2013-04-01 22:54 . 2013-04-01 22:54 216064 ----a-w- c:\windows\system32\msls31.dll

2013-04-01 22:54 . 2013-04-01 22:54 197120 ----a-w- c:\windows\system32\msrating.dll

2013-04-01 22:54 . 2013-04-01 22:54 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-04-01 22:54 . 2013-04-01 22:54 173568 ----a-w- c:\windows\system32\ieUnatt.exe

2013-04-01 22:54 . 2013-04-01 22:54 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-04-01 22:54 . 2013-04-01 22:54 158720 ----a-w- c:\windows\SysWow64\msls31.dll

2013-04-01 22:54 . 2013-04-01 22:54 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

2013-04-01 22:54 . 2013-04-01 22:54 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-04-01 22:54 . 2013-04-01 22:54 149504 ----a-w- c:\windows\system32\occache.dll

2013-04-01 22:54 . 2013-04-01 22:54 144896 ----a-w- c:\windows\system32\wextract.exe

2013-04-01 22:54 . 2013-04-01 22:54 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-04-01 22:54 . 2013-04-01 22:54 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

2013-04-01 22:54 . 2013-04-01 22:54 138752 ----a-w- c:\windows\SysWow64\wextract.exe

2013-04-01 22:54 . 2013-04-01 22:54 13824 ----a-w- c:\windows\system32\mshta.exe

2013-04-01 22:54 . 2013-04-01 22:54 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-04-01 22:54 . 2013-04-01 22:54 136192 ----a-w- c:\windows\system32\iepeers.dll

2013-04-01 22:54 . 2013-04-01 22:54 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-04-01 22:54 . 2013-04-01 22:54 12800 ----a-w- c:\windows\SysWow64\mshta.exe

2013-04-01 22:54 . 2013-04-01 22:54 12800 ----a-w- c:\windows\system32\msfeedssync.exe

2013-04-01 22:54 . 2013-04-01 22:54 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-04-01 22:54 . 2013-04-01 22:54 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-04-01 22:54 . 2013-04-01 22:54 102912 ----a-w- c:\windows\system32\inseng.dll

2013-03-19 06:04 . 2013-04-10 08:31 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-19 05:46 . 2013-04-10 08:31 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-19 05:04 . 2013-04-10 08:31 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04 . 2013-04-10 08:31 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47 . 2013-04-10 08:31 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06 . 2013-04-10 08:31 112640 ----a-w- c:\windows\system32\smss.exe

2013-02-25 22:32 . 2013-02-25 22:32 25256224 ----a-w- c:\windows\system32\nvcompiler.dll

2013-02-25 22:32 . 2012-11-15 14:17 2505144 ----a-w- c:\windows\SysWow64\nvapi.dll

2013-02-25 22:32 . 2012-09-03 19:03 15129960 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2013-02-25 22:32 . 2013-02-25 22:32 6262608 ----a-w- c:\windows\SysWow64\nvopencl.dll

2013-02-25 22:32 . 2012-09-03 19:03 2826040 ----a-w- c:\windows\system32\nvapi64.dll

2013-02-25 22:32 . 2013-02-25 22:32 18055184 ----a-w- c:\windows\system32\nvd3dumx.dll

2013-02-25 22:32 . 2012-09-03 19:03 1814304 ----a-w- c:\windows\system32\nvdispco64.dll

2013-02-25 22:32 . 2012-09-03 19:03 1107440 ----a-w- c:\windows\system32\nvumdshimx.dll

2013-02-25 22:32 . 2013-02-25 22:32 958120 ----a-w- c:\windows\SysWow64\nvumdshim.dll

2013-02-25 22:32 . 2013-02-25 22:32 420128 ----a-w- c:\windows\system32\nvEncodeAPI64.dll

2013-02-25 22:32 . 2013-02-25 22:32 2720544 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2013-02-25 22:32 . 2013-02-25 22:32 26929440 ----a-w- c:\windows\system32\nvoglv64.dll

2013-02-25 22:32 . 2013-02-25 22:32 7932256 ----a-w- c:\windows\SysWow64\nvcuda.dll

2013-02-25 22:32 . 2013-02-25 22:32 2346784 ----a-w- c:\windows\system32\nvcuvenc.dll

2013-02-25 22:32 . 2013-02-25 22:32 245872 ----a-w- c:\windows\system32\nvinitx.dll

2013-02-25 22:32 . 2013-02-25 22:32 11036448 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2013-02-25 22:32 . 2012-11-15 14:17 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll

2013-02-25 22:32 . 2013-02-25 22:32 364832 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll

2013-02-25 22:32 . 2013-02-25 22:32 2904352 ----a-w- c:\windows\system32\nvcuvid.dll

2013-02-25 22:32 . 2013-02-25 22:32 20449056 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2013-02-25 22:32 . 2012-09-03 19:03 15053264 ----a-w- c:\windows\system32\nvwgf2umx.dll

2013-02-25 22:32 . 2013-02-25 22:32 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2013-02-25 22:32 . 2013-02-25 22:32 7564040 ----a-w- c:\windows\system32\nvopencl.dll

2013-02-25 22:32 . 2013-02-25 22:32 1985824 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2013-02-25 22:32 . 2013-02-25 22:32 12641992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2013-02-25 22:32 . 2013-02-25 22:32 9390760 ----a-w- c:\windows\system32\nvcuda.dll

2013-02-25 22:32 . 2013-02-25 22:32 201576 ----a-w- c:\windows\SysWow64\nvinit.dll

2012-11-21 15:07 . 2012-11-21 15:07 5729792 ----a-w- c:\program files (x86)\Secrets.exe

.

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* tomma poster & legitima standardposter visas inte.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spotify Web Helper"="c:\users\Simon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-05-17 1105408]

"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-08-31 964024]

"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-31 21432]

"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-08-31 3524536]

"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]

.

c:\users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

No-IP DUC.lnk - c:\program files (x86)\No-IP\DUC30.exe [2010-6-18 1423520]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

BankID säkerhetsprogram.lnk - c:\program files (x86)\Personal\bin\Personal.exe [2012-4-17 1333144]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 IBG_gds_db;InterBase XE3 Guardian gds_db;c:\program files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibguard.exe [2012-11-27 633504]

R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]

R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [2012-03-02 27648]

R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [2012-03-02 27136]

R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]

R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [2010-08-01 31744]

R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe [2013-02-03 49152]

R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-31 102240]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-03-29 1431888]

R3 IBS_gds_db;InterBase XE3 Server gds_db;c:\program files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibserver.exe [2012-11-27 5341856]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]

R3 NisSrv;Microsoft Nätverkskontroll;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2012-06-27 157672]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2012-06-27 16872]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2012-06-27 177640]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-31 203104]

R3 tap0901_openvpn_accl;TAP-Win32 Adapter V9 for OpenVPN Accelerator;c:\windows\system32\DRIVERS\tap0901_openvpn_accl.sys [2012-08-21 37912]

R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2012-07-15 30720]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-03 1255736]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]

S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]

S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]

S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]

S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-04-23 3574624]

S3 cmudaxp;ASUS Xonar DX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2011-03-10 2725376]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]

.

.

--- Övriga tjänster/drivrutiner i minnet ---

.

*NewlyCreated* - WS2IFSL

.

Innehåll i mappen 'Schemalagda aktiviteter':

.

2013-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-07 20:44]

.

2013-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-07 20:44]

.

2013-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2267105586-392305542-1326473791-1000Core.job

- c:\users\Simon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-03 18:59]

.

2013-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2267105586-392305542-1326473791-1000UA.job

- c:\users\Simon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-03 18:59]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]

"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]

"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Extra genomsökning -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{5DF7F731-0F06-4E1E-BE11-01BC1D04095C}: NameServer = 8.8.8.8,8.8.4.4

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

.

Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe

Notify-SDWinLogon - SDWinLogon.dll

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

AddRemove-BattlEye for A2 - e:\steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe

AddRemove-ESN Sonar-0.70.4 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe

.

.

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

.

[HKEY_USERS\S-1-5-21-2267105586-392305542-1326473791-1000\Software\SecuROM\License information*]

"datasecu"=hex:07,fb,67,ac,ae,f6,6e,1d,9b,67,79,59,f8,31,6a,1f,f2,9e,cf,c5,8d,

d3,a0,fc,a1,ec,f5,66,04,7b,b8,2a,86,b4,3a,21,2c,b1,59,7b,55,02,e8,4b,3b,f7,\

"rkeysecu"=hex:23,f2,b0,e5,2a,1e,b0,9f,0f,76,cd,11,98,7b,1a,58

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andra processer som körs ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\windows\SysWOW64\PnkBstrA.exe

.

**************************************************************************

.

Sluttid: 2013-05-26 12:16:25 - datorn startades om.

ComboFix-quarantined-files.txt 2013-05-26 10:16

.

Före genomsökningen: 44 615 122 944 byte ledigt

Efter genomsökningen: 45 203 628 032 byte ledigt

.

- - End Of File - - ADA87C9D7DFE13F0904C9E3193B922E7

[Maniac]

Please scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
  
• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
    Save it to your Desktop.
    
  • Double click on the to download the ESET Smart Installer. icon on your Desktop.
    

  [*]Check "YES, I accept the Terms of Use."

  [*]Click the Start button.

  [*]Accept any security warnings from your browser.

  [*]Under Scan Settings, check "Scan Archives" and "Remove found threats"

  [*]Click Advanced settings and select the following:

  • Scan potentially unwanted applications
    
  • Scan for potentially unsafe applications
    
  • Enable Anti-Stealth technology

  [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

  [*]When the scan completes, click List Threats

  [*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

  [*]Click the Back button.

  [*]Click the Finish button.

[simman]

This is the results from ESET:

C:\Users\Simon\Downloads\cdbxp_setup_4.4.2.3442.exe Win32/OpenCandy application cleaned by deleting - quarantined

C:\Users\Simon\Downloads\cdbxp_setup_4.5.1.3868.exe Win32/OpenCandy application cleaned by deleting - quarantined

C:\Users\Simon\Downloads\DTLite4454-0316.exe Win32/OpenCandy application cleaned by deleting - quarantined

C:\Users\Simon\Downloads\hwmonitor_1.21-setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined

F:\Telefoni\LG Optimus 2x\13.8-11 MoDaCo FR19 Fear Edition 12.6.zip a variant of Android/Locm.A application deleted - quarantined

[Maniac]

How are things now? Did you change all of your passwords?

[simman]

Everything seems to be fine now. I have normal latency when playing online and no slowdowns or other weird behaviour. Im gonna go change my passwords now. Thank you for helping

[Maniac]

Glad I could help!

• Download OTC to your desktop and run it
  
• Click Yes to beginning the Cleanup process and remove these components, including this application.
  
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  

Next, uninstall ESET Online Scanner.

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing!

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!