Jump to content

New programs keep appearing on my desktop and files are randomly removed Nr2


Recommended Posts

Hello! I have made a thread that is exactly the same as this one, but I don't have acess to that account anymore so I am making a new thread. I have been noticing programs appearing on my desktop. I am not the person who is downloading these, no one else where I live is doing that either considering the fact that I live by myself. Files and stuff also disappear sometimes. Most notably is a 35GB folder that disappeared today(I didn't remove it).

HJT log

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:54:52, on 2011-09-29

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18639)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Logitech\G35\G35.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Users\Petter\AppData\Local\Apps\2.0\BNL473A6.YGO\8VQ8E3NZ.X99\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\CurseClient.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Mumble\mumble.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\World of Warcraft\Launcher.exe

C:\Windows\explorer.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

c:\users\Petter\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [Logitech G35] C:\Program Files\Logitech\G35\G35.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\Petter\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')

O4 - HKUS\S-1-5-21-1204039485-1667662688-3031602587-1001\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')

O4 - Startup: CurseClientStartup.ccip

O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Tjänsten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Tjänsten Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--

End of file - 7982 bytes

Mbam quickscan

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7828

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

2011-09-29 20:57:31

mbam-log-2011-09-29 (20-57-31).txt

Scan type: Quick scan

Objects scanned: 172054

Time elapsed: 6 minute(s), 58 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Mbam quick scan

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7852

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

2011-10-03 10:13:42

mbam-log-2011-10-03 (10-13-42).txt

Scan type: Quick scan

Objects scanned: 170937

Time elapsed: 3 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_27

Run by Petter at 10:13:34 on 2011-10-03

Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.46.1053.18.3326.1620 [GMT 2:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Logitech\G35\G35.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Pando Networks\Media Booster\PMB.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Users\Petter\AppData\Local\Apps\2.0\BNL473A6.YGO\8VQ8E3NZ.X99\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\CurseClient.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

.

============== Pseudo HJT Report ===============

.

mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll

BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll

TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [steam] "c:\program files\steam\Steam.exe" -silent

uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000

uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe

uRun: [Google Update] "c:\users\petter\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [Logitech G35] c:\program files\logitech\g35\G35.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\users\petter\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip

StartupFolder: c:\users\petter\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 195.84.98.161 192.168.0.1

TCP: Interfaces\{9B933A29-E418-46D3-8FBC-1DA5D55C2734} : DhcpNameServer = 195.84.98.161 192.168.0.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\petter\appdata\roaming\mozilla\firefox\profiles\zetlobsf.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine -

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\users\petter\appdata\local\google\update\1.3.21.69\npGoogleUpdate3.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-8 442200]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-4-8 320856]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-4-8 20568]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-4-8 54616]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-4-8 44768]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-9-18 2255464]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-4-8 1153368]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-8-3 379496]

R3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\drivers\ladfDHP2i386.sys [2010-9-29 53976]

R3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\drivers\ladfSBVMi386.sys [2010-9-29 335064]

R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-10-3 41272]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-8 136176]

S3 gupdatem;Tjänsten Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-8 136176]

S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-12-1 34384]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-10-03 08:09:28 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-02 16:44:04 -------- d-----w- c:\program files\uTorrent

2011-10-02 16:43:33 -------- d-----w- c:\users\petter\appdata\roaming\uTorrent

2011-09-30 13:01:45 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{42284587-12e1-4e5a-a936-b49935a95551}\offreg.dll

2011-09-30 13:01:44 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{42284587-12e1-4e5a-a936-b49935a95551}\mpengine.dll

2011-09-29 17:00:39 -------- d-----w- c:\users\petter\appdata\local\Blizzard Entertainment

2011-09-18 11:43:02 -------- d-----w- c:\users\petter\appdata\roaming\NVIDIA

2011-09-18 11:42:08 -------- d-----w- c:\users\petter\appdata\roaming\.minecraft

2011-09-18 10:12:36 66664 ----a-w- c:\windows\system32\nvshext.dll

2011-09-18 10:12:35 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll

2011-09-18 10:07:42 914024 ----a-w- c:\windows\system32\nvdispco32.dll

2011-09-18 10:07:42 875112 ----a-w- c:\windows\system32\nvgenco32.dll

2011-09-18 10:07:42 6613096 ----a-w- c:\windows\system32\nvwgf2um.dll

2011-09-18 10:07:42 57960 ----a-w- c:\windows\system32\OpenCL.dll

2011-09-18 10:07:42 2391656 ----a-w- c:\windows\system32\nvcuvid.dll

2011-09-18 10:07:42 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll

2011-09-18 10:07:42 16595560 ----a-w- c:\windows\system32\nvoglv32.dll

2011-09-18 10:07:42 10304104 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2011-09-18 10:07:41 5404776 ----a-w- c:\windows\system32\nvcuda.dll

2011-09-18 10:07:41 17193576 ----a-w- c:\windows\system32\nvcompiler.dll

2011-09-09 09:48:21 -------- d-sh--w- C:\found.012

2011-09-04 08:50:59 -------- d-sh--w- C:\found.011

.

==================== Find3M ====================

.

2011-10-01 08:52:06 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-20 15:59:04 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr

2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-09-06 20:36:26 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-08-31 15:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-19 12:57:19 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2011-08-03 11:50:00 599144 ----a-w- c:\windows\system32\nvvsvc.exe

2011-08-03 11:50:00 3730024 ----a-w- c:\windows\system32\nvcpl.dll

2011-08-03 11:50:00 2558568 ----a-w- c:\windows\system32\nvsvc.dll

2011-08-03 11:50:00 2412136 ----a-w- c:\windows\system32\nvapi.dll

2011-08-03 11:50:00 12636776 ----a-w- c:\windows\system32\nvd3dum.dll

2011-08-03 11:50:00 111208 ----a-w- c:\windows\system32\nvmctray.dll

2011-08-03 01:31:54 311912 ----a-w- c:\windows\system32\nvStreaming.exe

2011-07-06 14:56:47 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

.

============= FINISH: 10:13:54,58 ===============

Link to post
Share on other sites

  • Staff

Hi

Please see:

HijackThis Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

It's likely why your issue began in the first place.

This goes for uTorrent and anything else you may have installed.

Link to post
Share on other sites

Now I seem to have gotten rid of uTorrent, I can't find any trace of it and for the time it's not coming back. However, having said this, I am getting a popup that tells me "Windows has blocked a program from starting up" about every 5 minutes.

Should I Post a new DDS log?

This post is not accurate anymore, uTorrent was not on my computer for a while but it is back now.

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :regfind
    Torrent
    :filefind
    Torrent
    :folderfind
    Torrent


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

Hello

While running SystemLook I got a popup that told me that the program was damaged. It still produced a log on my desktop so I will post that.

SystemLook 30.07.11 by jpshortstuff

Log created at 09:51 on 10/10/2011 by Petter

Administrator - Elevation successful

========== regfind ==========

Searching for "Torrent"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]

"e"="C:\Program Files\uTorrent\1"

[HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe]

[HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe\shell\open\command]

@=""C:\Program Files\uTorrent\uTorrent.exe" "%1""

[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]

"C:\Program Files\uTorrent\uTorrent.exe"="µTorrent"

[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]

"C:\Program Files\uTorrent\uTorrent.exe.3769.tmp"="µTorrent"

[HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrent]

[HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrent]

"Extension"=".torrent"

[HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent]

"Extension"=".torrent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]

[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\AppPaths\client]

"AppPath"="C:\Program Files\uTorrent\uTorrent.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"TCP Query User{6D2DC112-1E3D-4423-8C9C-3C933AA8022F}C:\users\petter\downloads\utorrent.exe"="v2.0|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\petter\downloads\utorrent.exe|Name=utorrent.exe|Desc=utorrent.exe|Edge=FALSE|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"UDP Query User{EE653E93-2AFF-436F-934D-C23D132868F3}C:\users\petter\downloads\utorrent.exe"="v2.0|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\petter\downloads\utorrent.exe|Name=utorrent.exe|Desc=utorrent.exe|Edge=FALSE|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"TCP Query User{6D2DC112-1E3D-4423-8C9C-3C933AA8022F}C:\users\petter\downloads\utorrent.exe"="v2.0|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\petter\downloads\utorrent.exe|Name=utorrent.exe|Desc=utorrent.exe|Edge=FALSE|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"UDP Query User{EE653E93-2AFF-436F-934D-C23D132868F3}C:\users\petter\downloads\utorrent.exe"="v2.0|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\petter\downloads\utorrent.exe|Name=utorrent.exe|Desc=utorrent.exe|Edge=FALSE|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"TCP Query User{6D2DC112-1E3D-4423-8C9C-3C933AA8022F}C:\users\petter\downloads\utorrent.exe"="v2.0|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\petter\downloads\utorrent.exe|Name=utorrent.exe|Desc=utorrent.exe|Edge=FALSE|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"UDP Query User{EE653E93-2AFF-436F-934D-C23D132868F3}C:\users\petter\downloads\utorrent.exe"="v2.0|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\petter\downloads\utorrent.exe|Name=utorrent.exe|Desc=utorrent.exe|Edge=FALSE|"

[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent]

[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]

"e"="C:\Program Files\uTorrent\1"

[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000\Software\Classes\Applications\uTorrent.exe]

[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000\Software\Classes\Applications\uTorrent.exe\shell\open\command]

@=""C:\Program Files\uTorrent\uTorrent.exe" "%1""

[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]

"C:\Program Files\uTorrent\uTorrent.exe"="µTorrent"

[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]

"C:\Program Files\uTorrent\uTorrent.exe.3769.tmp"="µTorrent"

[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000\Software\Classes\MIME\Database\Content Type\application/x-bittorrent]

[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000\Software\Classes\MIME\Database\Content Type\application/x-bittorrent]

"Extension"=".torrent"

[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000\Software\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]

[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000_Classes\Applications\uTorrent.exe]

[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000_Classes\Applications\uTorrent.exe\shell\open\command]

@=""C:\Program Files\uTorrent\uTorrent.exe" "%1""

[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]

"C:\Program Files\uTorrent\uTorrent.exe"="µTorrent"

[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]

"C:\Program Files\uTorrent\uTorrent.exe.3769.tmp"="µTorrent"

[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000_Classes\MIME\Database\Content Type\application/x-bittorrent]

[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000_Classes\MIME\Database\Content Type\application/x-bittorrent]

"Extension"=".torrent"

[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000_Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]

========== filefind ==========

Searching for "Torrent"

Link to post
Share on other sites

Hello. This is what it came up with this time.

SystemLook 30.07.11 by jpshortstuff

Log created at 16:23 on 12/10/2011 by Petter

Administrator - Elevation successful

========== regfind ==========

Searching for "Torrent"

[HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar]

[HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar]

"WebServerUrl"="http://uTorrentBar.OurToolbar.com/"

[HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar]

"Write us link"="cmeek@bittorrent.com"

[HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar]

"DisplayName"="uTorrentBar"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentBar Toolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]

"e"="C:\Program Files\uTorrent\1"

[HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe]

[HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe\shell\open\command]

@=""C:\Program Files\uTorrent\uTorrent.exe" "%1""

[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]

"C:\Program Files\uTorrent\uTorrent.exe"="µTorrent"

[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]

"C:\Program Files\uTorrent\uTorrent.exe.3769.tmp"="µTorrent"

[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]

"C:\Users\Petter\Downloads\utorrent(1).exe"="µTorrent"

[HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrent]

[HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrent]

"Extension"=".torrent"

[HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41BE5DC3-212A-44A3-8811-4A54E9D2884A}]

@="uTorrentBar Findbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41BE5DC3-212A-44A3-8811-4A54E9D2884A}\InprocServer32]

@="C:\Program Files\uTorrentBar\prxtbuTor.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A97B89CD-B65C-49DD-AF46-2B772C627456}]

@="uTorrentBar API Server"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A97B89CD-B65C-49DD-AF46-2B772C627456}\InprocServer32]

@="C:\Program Files\uTorrentBar\prxtbuTor.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]

@="uTorrentBar Toolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\InprocServer32]

@="C:\Program Files\uTorrentBar\prxtbuTor.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent]

"Extension"=".torrent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]

[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\AppPaths\client]

"AppPath"="C:\Program Files\uTorrent\uTorrent.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\Platforms\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

"Name"="uTorrentBar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\Toolbars]

"uTorrentBar Toolbar"="{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3439ED44-4903-413A-B477-08E980C626EA}]

"AppName"="uTorrentBarAutoUpdateHelper.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{55340274-A118-4239-ADBC-B773C996B116}]

"AppPath"="C:\Program Files\uTorrentBar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{55340274-A118-4239-ADBC-B773C996B116}]

"AppName"="uTorrentBarToolbarHelper.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"="uTorrentBar Toolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

@="uTorrentBar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar]

"DisplayName"="uTorrentBar Toolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar]

"HelpLink"="http://uTorrentBar.OurToolbar.com/help"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar]

"Publisher"="uTorrentBar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar]

"URLInfoAbout"="http://uTorrentBar.OurToolbar.com/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar]

"DisplayIcon"="C:\Program Files\uTorrentBar\uninstall.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar]

"UninstallString"="C:\Program Files\uTorrentBar\uninstall.exe toolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\uTorrentBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\uTorrentBar\toolbar]

"DisplayName"="uTorrentBar"

[HKEY_LOCAL_MACHINE\SOFTWARE\uTorrentBar\toolbar]

"DisplayTitle"="uTorrentBar Toolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\uTorrentBar\toolbar]

"Path"="C:\Program Files\uTorrentBar"

[HKEY_LOCAL_MACHINE\SOFTWARE\uTorrentBar\toolbar]

"ToolbarHelperFileName"="C:\Program Files\uTorrentBar\uTorrentBarToolbarHelper.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\uTorrentBar\toolbar]

"AutoUpdateHelperPath"="C:\Users\Petter\AppData\Local\Conduit\CT2786678\uTorrentBarAutoUpdateHelper.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\uTorrentBar\toolbar]

"ProxyDllPath"="C:\Program Files\uTorrentBar\prxtbuTor.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"TCP Query User{6D2DC112-1E3D-4423-8C9C-3C933AA8022F}C:\users\petter\downloads\utorrent.exe"="v2.0|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\petter\downloads\utorrent.exe|Name=utorrent.exe|Desc=utorrent.exe|Edge=FALSE|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"UDP Query User{EE653E93-2AFF-436F-934D-C23D132868F3}C:\users\petter\downloads\utorrent.exe"="v2.0|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\petter\downloads\utorrent.exe|Name=utorrent.exe|Desc=utorrent.exe|Edge=FALSE|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"TCP Query User{A8EC5BDE-E39D-4633-AC39-132A27FFDDE7}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"UDP Query User{9208BD0D-6E3B-4150-A01C-44B7297576D3}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"TCP Query User{6D2DC112-1E3D-4423-8C9C-3C933AA8022F}C:\users\petter\downloads\utorrent.exe"="v2.0|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\petter\downloads\utorrent.exe|Name=utorrent.exe|Desc=utorrent.exe|Edge=FALSE|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"UDP Query User{EE653E93-2AFF-436F-934D-C23D132868F3}C:\users\petter\downloads\utorrent.exe"="v2.0|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\petter\downloads\utorrent.exe|Name=utorrent.exe|Desc=utorrent.exe|Edge=FALSE|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"TCP Query User{A8EC5BDE-E39D-4633-AC39-132A27FFDDE7}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"UDP Query User{9208BD0D-6E3B-4150-A01C-44B7297576D3}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"TCP Query User{6D2DC112-1E3D-4423-8C9C-3C933AA8022F}C:\users\petter\downloads\utorrent.exe"="v2.0|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\petter\downloads\utorrent.exe|Name=utorrent.exe|Desc=utorrent.exe|Edge=FALSE|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"UDP Query User{EE653E93-2AFF-436F-934D-C23D132868F3}C:\users\petter\downloads\utorrent.exe"="v2.0|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\petter\downloads\utorrent.exe|Name=utorrent.exe|Desc=utorrent.exe|Edge=FALSE|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"TCP Query User{A8EC5BDE-E39D-4633-AC39-132A27FFDDE7}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"UDP Query User{9208BD0D-6E3B-4150-A01C-44B7297576D3}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"

[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000\Software\AppDataLow\Software\uTorrentBar]

[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000\Software\AppDataLow\Software\uTorrentBar\toolbar]

"WebServerUrl"="http://uTorrentBar.OurToolbar.com/"

[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000\Software\AppDataLow\Software\uTorrentBar\toolbar]

"Write us link"="cmeek@bittorrent.com"

[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000\Software\AppDataLow\Software\uTorrentBar\toolbar]

"DisplayName"="uTorrentBar"

[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentBar Toolbar]

[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent]

[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]

"e"="C:\Program Files\uTorrent\1"

[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000\Software\Classes\Applications\uTorrent.exe]

[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000\Software\Classes\Applications\uTorrent.exe\shell\open\command]

@=""C:\Program Files\uTorrent\uTorrent.exe" "%1""

[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]

"C:\Program Files\uTorrent\uTorrent.exe"="µTorrent"

[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]

"C:\Program Files\uTorrent\uTorrent.exe.3769.tmp"="µTorrent"

[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]

"C:\Users\Petter\Downloads\utorrent(1).exe"="µTorrent"

[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000\Software\Classes\MIME\Database\Content Type\application/x-bittorrent]

[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000\Software\Classes\MIME\Database\Content Type\application/x-bittorrent]

"Extension"=".torrent"

[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000\Software\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]

[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000_Classes\Applications\uTorrent.exe]

[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000_Classes\Applications\uTorrent.exe\shell\open\command]

@=""C:\Program Files\uTorrent\uTorrent.exe" "%1""

[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]

"C:\Program Files\uTorrent\uTorrent.exe"="µTorrent"

[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]

"C:\Program Files\uTorrent\uTorrent.exe.3769.tmp"="µTorrent"

[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]

"C:\Users\Petter\Downloads\utorrent(1).exe"="µTorrent"

[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000_Classes\MIME\Database\Content Type\application/x-bittorrent]

[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000_Classes\MIME\Database\Content Type\application/x-bittorrent]

"Extension"=".torrent"

[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000_Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]

========== filefind ==========

Searching for "Torrent"

No files found.

========== folderfind ==========

Searching for "Torrent"

No folders found.

-= EOF =-

Link to post
Share on other sites

  • Staff

Hi,

First uninstall these from Add or Remove Programs, if present:

Conduit

Conduit Engine

Conduit Toolbar

Next, please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the box below into Notepad:

Registry::

[-HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentBar Toolbar]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"e"=-
[-HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\uTorrent\uTorrent.exe"=-
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\uTorrent\uTorrent.exe.3769.tmp"=-
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Petter\Downloads\utorrent(1).exe"=-
[-HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrent]
[-HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41BE5DC3-212A-44A3-8811-4A54E9D2884A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A97B89CD-B65C-49DD-AF46-2B772C627456}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Conduit]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3439ED44-4903-413A-B477-08E980C626EA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{55340274-A118-4239-ADBC-B773C996B116}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\uTorrentBar]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{6D2DC112-1E3D-4423-8C9C-3C933AA8022F}C:\users\petter\downloads\utorrent.exe"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{EE653E93-2AFF-436F-934D-C23D132868F3}C:\users\petter\downloads\utorrent.exe"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{A8EC5BDE-E39D-4633-AC39-132A27FFDDE7}C:\program files\utorrent\utorrent.exe"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{9208BD0D-6E3B-4150-A01C-44B7297576D3}C:\program files\utorrent\utorrent.exe"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{6D2DC112-1E3D-4423-8C9C-3C933AA8022F}C:\users\petter\downloads\utorrent.exe"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{EE653E93-2AFF-436F-934D-C23D132868F3}C:\users\petter\downloads\utorrent.exe"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{A8EC5BDE-E39D-4633-AC39-132A27FFDDE7}C:\program files\utorrent\utorrent.exe"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{9208BD0D-6E3B-4150-A01C-44B7297576D3}C:\program files\utorrent\utorrent.exe"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{6D2DC112-1E3D-4423-8C9C-3C933AA8022F}C:\users\petter\downloads\utorrent.exe"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{EE653E93-2AFF-436F-934D-C23D132868F3}C:\users\petter\downloads\utorrent.exe"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{A8EC5BDE-E39D-4633-AC39-132A27FFDDE7}C:\program files\utorrent\utorrent.exe"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{9208BD0D-6E3B-4150-A01C-44B7297576D3}C:\program files\utorrent\utorrent.exe"=-
[-HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000\Software\AppDataLow\Software\uTorrentBar]
[-HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentBar Toolbar]
[-HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent]
[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"e"=-
[-HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000\Software\Classes\Applications\uTorrent.exe]
[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\uTorrent\uTorrent.exe"=-
[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\uTorrent\uTorrent.exe.3769.tmp"=-
[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Petter\Downloads\utorrent(1).exe"=-
[-HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000\Software\Classes\MIME\Database\Content Type\application/x-bittorrent]
[-HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000\Software\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]
[-HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000_Classes\Applications\uTorrent.exe]
[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\uTorrent\uTorrent.exe"=-
[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\uTorrent\uTorrent.exe.3769.tmp"=-
[HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Petter\Downloads\utorrent(1).exe"=-
[-HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000_Classes\MIME\Database\Content Type\application/x-bittorrent]
[-HKEY_USERS\S-1-5-21-1204039485-1667662688-3031602587-1000_Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]
Killall::

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

Link to post
Share on other sites

Hello again.

I wanted to give you a screenshot of the message, but now Combofix ran without any error when I dropped the CFScript.txt into Combofix.exe. I turned off my AV which is Avast and I set it to be turned off permanently, but upon restart Avast was running again and I don't know if this caused any problems for Combofix. It still produced a log. I have a new DDS log aswell.

ComboFix 11-10-18.04 - Petter 2011-10-18 23:40:34.1.2 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.46.1053.18.3326.2432 [GMT 2:00]

Körs från: c:\users\Petter\Desktop\ComboFix.exe

Kommandoväxlar som använts :: c:\users\Petter\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((( Filer skapade från 2011-09-18 till 2011-10-18 ))))))))))))))))))))))))))))))

.

.

2011-10-18 21:47 . 2011-10-18 21:47 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{33032006-49E4-49E0-A83C-39634CAB5615}\offreg.dll

2011-10-18 10:43 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{33032006-49E4-49E0-A83C-39634CAB5615}\mpengine.dll

2011-10-17 14:17 . 2011-10-17 14:17 -------- d-----w- c:\users\Petter\AppData\Roaming\Origin

2011-10-17 14:17 . 2011-10-17 14:17 -------- d-----w- c:\users\Petter\AppData\Local\Origin

2011-10-17 14:17 . 2011-10-17 14:21 -------- d-----w- c:\programdata\Origin

2011-10-17 14:17 . 2011-10-17 14:17 -------- d-----w- c:\programdata\Electronic Arts

2011-10-17 14:17 . 2011-10-17 14:17 -------- d-----w- c:\program files\Origin Games

2011-10-17 14:17 . 2011-10-17 14:17 -------- d-----w- c:\program files\Origin

2011-10-12 05:47 . 2011-10-12 05:47 -------- d-----w- C:\found.015

2011-10-10 20:15 . 2011-10-10 20:15 -------- d-----w- c:\program files\Conduit

2011-10-10 20:15 . 2011-10-10 20:15 -------- d-----w- c:\program files\uTorrentBar

2011-10-10 12:59 . 2011-10-10 12:59 -------- d-----w- C:\found.014

2011-10-07 14:20 . 2011-10-07 14:20 -------- d-----w- c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}

2011-10-05 12:04 . 2011-10-05 12:04 -------- d-----w- C:\found.013

2011-09-29 17:00 . 2011-09-29 17:00 -------- d-----w- c:\users\Petter\AppData\Local\Blizzard Entertainment

2011-09-20 15:59 . 2011-09-20 15:59 -------- d-----w- c:\program files\Common Files\Java

2011-09-20 15:58 . 2011-09-20 15:58 -------- d-----w- c:\program files\Java

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-01 08:52 . 2011-05-14 08:47 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-20 15:59 . 2011-05-10 07:43 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-06 20:45 . 2011-04-08 09:56 41184 ----a-w- c:\windows\avastSS.scr

2011-09-06 20:45 . 2011-04-08 09:56 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-09-06 20:38 . 2011-04-08 09:57 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-09-06 20:37 . 2011-04-08 09:57 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-09-06 20:36 . 2011-04-08 09:57 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-09-06 20:36 . 2011-04-08 09:57 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-09-06 20:36 . 2011-04-08 09:57 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-09-06 20:36 . 2011-04-08 09:57 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-08-31 15:00 . 2011-05-21 18:36 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-19 12:57 . 2011-08-19 12:57 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2011-08-03 11:50 . 2011-09-18 10:12 66664 ----a-w- c:\windows\system32\nvshext.dll

2011-08-03 11:50 . 2011-09-18 10:12 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll

2011-08-03 11:50 . 2011-09-18 10:07 914024 ----a-w- c:\windows\system32\nvdispco32.dll

2011-08-03 11:50 . 2011-09-18 10:07 875112 ----a-w- c:\windows\system32\nvgenco32.dll

2011-08-03 11:50 . 2011-09-18 10:07 6613096 ----a-w- c:\windows\system32\nvwgf2um.dll

2011-08-03 11:50 . 2011-09-18 10:07 57960 ----a-w- c:\windows\system32\OpenCL.dll

2011-08-03 11:50 . 2011-09-18 10:07 2391656 ----a-w- c:\windows\system32\nvcuvid.dll

2011-08-03 11:50 . 2011-09-18 10:07 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll

2011-08-03 11:50 . 2011-09-18 10:07 16595560 ----a-w- c:\windows\system32\nvoglv32.dll

2011-08-03 11:50 . 2011-09-18 10:07 10304104 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2011-08-03 11:50 . 2011-09-18 10:07 5404776 ----a-w- c:\windows\system32\nvcuda.dll

2011-08-03 11:50 . 2011-09-18 10:07 17193576 ----a-w- c:\windows\system32\nvcompiler.dll

2011-08-03 11:50 . 2011-04-07 18:39 599144 ----a-w- c:\windows\system32\nvvsvc.exe

2011-08-03 11:50 . 2011-04-07 18:39 2558568 ----a-w- c:\windows\system32\nvsvc.dll

2011-08-03 11:50 . 2011-04-07 18:39 3730024 ----a-w- c:\windows\system32\nvcpl.dll

2011-08-03 11:50 . 2011-04-07 18:39 2412136 ----a-w- c:\windows\system32\nvapi.dll

2011-08-03 11:50 . 2011-04-07 18:39 111208 ----a-w- c:\windows\system32\nvmctray.dll

2011-08-03 11:50 . 2011-02-23 06:27 12636776 ----a-w- c:\windows\system32\nvd3dum.dll

2011-08-03 01:31 . 2011-08-03 01:31 311912 ----a-w- c:\windows\system32\nvStreaming.exe

2011-10-01 08:44 . 2011-04-08 09:16 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* tomma poster & legitima standardposter visas inte.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-08 39408]

"Steam"="c:\program files\Steam\Steam.exe" [2011-08-02 1242448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]

"Logitech G35"="c:\program files\Logitech\G35\G35.exe" [2010-10-05 1811800]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

c:\users\Petter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

CurseClientStartup.ccip [2011-4-27 0]

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Tjänsten Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-08 136176]

R3 gupdatem;Tjänsten Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-08 136176]

R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-12-01 34384]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]

S3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2i386.sys [2010-09-29 53976]

S3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMi386.sys [2010-09-29 335064]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

.

Innehåll i mappen 'Schemalagda aktiviteter':

.

2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-08 09:12]

.

2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-08 09:12]

.

2011-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1204039485-1667662688-3031602587-1000Core.job

- c:\users\Petter\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-20 15:29]

.

2011-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1204039485-1667662688-3031602587-1000UA.job

- c:\users\Petter\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-20 15:29]

.

.

------- Extra genomsökning -------

.

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

TCP: DhcpNameServer = 195.84.98.161 192.168.0.1

FF - ProfilePath - c:\users\Petter\AppData\Roaming\Mozilla\Firefox\Profiles\zetlobsf.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine -

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

.

AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe

.

.

.

**************************************************************************

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files:

.

**************************************************************************

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Andra processer som körs ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\NVIDIA Corporation\Display\nvxdsync.exe

c:\windows\system32\nvvsvc.exe

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\windows\system32\conime.exe

c:\program files\Common Files\Steam\SteamService.exe

.

**************************************************************************

.

Sluttid: 2011-10-18 23:51:47 - datorn startades om.

ComboFix-quarantined-files.txt 2011-10-18 21:51

.

Före genomsökningen: 294 021 488 640 byte ledigt

Efter genomsökningen: 293 972 635 648 byte ledigt

.

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10

- - End Of File - - F1CE557847B5D76F1DC8F66569FE3774

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_27

Run by Petter at 0:02:03 on 2011-10-19

Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.46.1053.18.3326.2195 [GMT 2:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Logitech\G35\G35.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Steam\SteamService.exe

C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wuauclt.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

.

============== Pseudo HJT Report ===============

.

mURLSearchHooks: H - No File

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [steam] "c:\program files\steam\Steam.exe" -silent

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [Logitech G35] c:\program files\logitech\g35\G35.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\users\petter\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip

StartupFolder: c:\users\petter\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 195.84.98.161 192.168.0.1

TCP: Interfaces\{9B933A29-E418-46D3-8FBC-1DA5D55C2734} : DhcpNameServer = 195.84.98.161 192.168.0.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\petter\appdata\roaming\mozilla\firefox\profiles\zetlobsf.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine -

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll

FF - plugin: c:\users\petter\appdata\local\google\update\1.3.21.69\npGoogleUpdate3.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-8 442200]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-4-8 320856]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-4-8 20568]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-4-8 54616]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-4-8 44768]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-9-18 2255464]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-4-8 1153368]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-8-3 379496]

R3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\drivers\ladfDHP2i386.sys [2010-9-29 53976]

R3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\drivers\ladfSBVMi386.sys [2010-9-29 335064]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-8 136176]

S3 gupdatem;Tjänsten Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-8 136176]

S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-12-1 34384]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-10-18 21:57:25 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{33032006-49e4-49e0-a83c-39634cab5615}\offreg.dll

2011-10-18 21:51:49 -------- d-----w- c:\users\petter\appdata\local\temp

2011-10-18 21:51:12 -------- d-sh--w- C:\$RECYCLE.BIN

2011-10-18 21:37:56 98816 ----a-w- c:\windows\sed.exe

2011-10-18 21:37:56 518144 ----a-w- c:\windows\SWREG.exe

2011-10-18 21:37:56 256000 ----a-w- c:\windows\PEV.exe

2011-10-18 21:37:56 208896 ----a-w- c:\windows\MBR.exe

2011-10-18 10:43:13 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{33032006-49e4-49e0-a83c-39634cab5615}\mpengine.dll

2011-10-17 14:17:30 -------- d-----w- c:\users\petter\appdata\roaming\Origin

2011-10-17 14:17:20 -------- d-----w- c:\users\petter\appdata\local\Origin

2011-10-17 14:17:13 -------- d-----w- c:\programdata\Origin

2011-10-17 14:17:13 -------- d-----w- c:\programdata\Electronic Arts

2011-10-17 14:17:13 -------- d-----w- c:\program files\Origin Games

2011-10-17 14:17:04 -------- d-----w- c:\program files\Origin

2011-10-12 05:47:48 -------- d-----w- C:\found.015

2011-10-10 20:15:13 -------- d-----w- c:\program files\Conduit

2011-10-10 20:15:00 -------- d-----w- c:\program files\uTorrentBar

2011-10-10 12:59:15 -------- d-----w- C:\found.014

2011-10-07 14:20:09 -------- d-----w- c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}

2011-10-05 12:04:36 -------- d-----w- C:\found.013

2011-09-29 17:00:39 -------- d-----w- c:\users\petter\appdata\local\Blizzard Entertainment

.

==================== Find3M ====================

.

2011-10-01 08:52:06 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-20 15:59:04 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr

2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-09-06 20:36:26 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-08-31 15:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-19 12:57:19 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2011-08-03 01:31:54 311912 ----a-w- c:\windows\system32\nvStreaming.exe

.

============= FINISH: 0:02:39,03 ===============

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

Hello

I'm having problems opening the ESET log, I am using notepad but it doesn't work. The scan found no infections though. I have the Security Check log.

T Results of screen317's Security Check version 0.99.24

Windows Vista Service Pack 1 x86 (UAC is enabled)

Out of date service pack!!

Internet Explorer 7 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

avast! Free Antivirus

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 29

Adobe Flash Player ( 10.3.183.10) Flash Player Out of Date!

Mozilla Firefox (x86 sv-SE..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

AVAST Software Avast AvastSvc.exe

AVAST Software Avast AvastUI.exe

``````````End of Log````````````

Everything seems to be working fine now. I think Utorrent is gone forever and I am not seeing any programs that I have not installed by myself. Ever since I ran Combofix I am getting this popup whenever I try to run any games on my computer. Minecraft, Starcraft, World of Warcraft, Wolfenstein, just online games in general makes this thing pop up. I have a screenshot. Should I be worried about this?

VZ3eL.jpg

The Translation is:

Security Warning

You will show pages over a secure connection

No one else can see the information being transfered between the computer and the website

Link to post
Share on other sites

  • Staff

Hi,

Click the checkbox then click OK. It shouldn't pop up again.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

ESET Online Scanner v3

Adobe Flash Player ( 10.3.183.10)

Restart your computer.

Get the latest version of Adobe Flash Player.

Next, it is absolutely essential that you upgrade to Windows Vista Service Pack 2. What you currently have, Service Pack 1, has vulnerabilities that leave you wide open for re-infection. To upgrade, please click Start, type in Windows Update, click Windows Update, then download all available critical updates, including Service Pack 2 and Internet Explorer 9.

Let me know how that goes and if there were any issues updating.

-screen317

Link to post
Share on other sites

  • Staff

Hi,

Great!

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.