Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan virus keeps coming back after removal


  • This topic is locked This topic is locked
21 replies to this topic

#1 SystemFailure

SystemFailure

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 10 December 2012 - 08:15 AM

Hi.
I'm new here, but i hope somebody can help me.
I got a trojan virus called "Trojan.Agent.Gen" or "Trojan.Agent.cn" by malwarebytes antimalware.
It creates a file called svchost.exe in appdata\local\temp directory and everytime i stop it with malwarebytes antimalware it comes back again after restarting my computer.

I provide some screenshots below, but the malwarebytes antimalware is in Norwegian language, but you can clearly see the Trojan name.


Posted Image

Posted Image



PS: I'm using windows 7 home premium.

Edited by SystemFailure, 10 December 2012 - 08:17 AM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:37 PM

Posted 10 December 2012 - 10:11 AM

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 SystemFailure

SystemFailure
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 10 December 2012 - 03:36 PM

Hi thx for replying !
I've done your tutorial above and the log can be found below.
Just a quick update first.
If i unplug my internet cable and restart the computer i get no virus message, however when i plug in my internet cable the virus message comes straight back again.
Don't know if that was much help, but i just though you would like to know.

Ps: I'm using windows 7 Home premium 64 bit version


However, here i the log file you wanted :
Ok i unplugged my external harddrive, and here is the right log finally :wink: :
--------------


New logfile coming in 10 minutes.
Did some cleanup by removing some files so i will do a new cleaner logfile now.

Edited by SystemFailure, 10 December 2012 - 06:05 PM.


#4 SystemFailure

SystemFailure
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 10 December 2012 - 03:56 PM

New logfile coming in 10 minutes

Edited by SystemFailure, 10 December 2012 - 06:06 PM.


#5 SystemFailure

SystemFailure
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 10 December 2012 - 08:37 PM

Ok, here is the new logfile.
I cleaned up my computer by deleting a whole lot of programs to make it easier for you guys to spot the virus.
The log is attached to this message !

Attached Files

  • Attached File  FRST.txt   51.21KB   7 downloads


#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:37 PM

Posted 10 December 2012 - 08:59 PM

Please run the following

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 SystemFailure

SystemFailure
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 11 December 2012 - 04:16 AM

Please run the following

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Hello, sorry for delay of my reply...

I had to try several times to get combofix to work.
First run the combofix was running for over 3 hours before i though something was not right, and i restarted my computer.
Then on second try i got the illegal operation attempt, but on the third run it seems to have worked.
The computer still have the virus, but i managed to produce the combofix log now.


And here is the combofix log :
-------------------

ComboFix 12-12-10.01 - Hjem 11.12.2012 9:34.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.47.1044.18.8183.5934 [GMT 1:00]
Kjører fra: c:\users\Hjem\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Emsisoft Anti-Malware *Disabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Emsisoft Anti-Malware *Disabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Forrige skanning -------
.
c:\programdata\Safe
c:\programdata\Safe\zsinfo.dat
c:\users\Hjem\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\Hjem\AppData\Roaming\Microsoft\bass.dll
c:\users\Hjem\AppData\Roaming\Microsoft\engine_vx.dll
c:\users\Hjem\AppData\Roaming\Microsoft\qwadjb.dll
c:\windows\SysWow64\tmp32E9.tmp
c:\windows\SysWow64\tmp32EA.tmp
c:\windows\SysWow64\tmp518F.tmp
c:\windows\SysWow64\tmp5190.tmp
c:\windows\SysWow64\tmp70B2.tmp
c:\windows\SysWow64\tmp70B3.tmp
c:\windows\SysWow64\Winter 3D Screensaver.htm
c:\windows\wininit.ini
c:\windows\XSxS
D:\Setup.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RkHit
.
.
((((((((((((((((((((((((((( Filer Opprettet Fra 2012-11-11 til 2012-12-11 )))))))))))))))))))))))))))))))))
.
.
2012-12-11 08:47 . 2012-12-11 08:47 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-11 08:47 . 2012-12-11 08:47 -------- d-----w- c:\users\Standard\AppData\Local\temp
2012-12-11 08:47 . 2012-12-11 08:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-11 05:45 . 2012-12-11 05:45 -------- d-----w- C:\FRST
2012-12-11 00:57 . 2012-12-11 01:32 -------- d-----w- c:\users\Hjem\AppData\Roaming\AVPro
2012-12-11 00:57 . 2012-12-11 00:57 -------- d-----w- c:\users\Hjem\AppData\Local\Sunbelt Software
2012-12-11 00:52 . 2012-12-11 00:18 6393144 ----a-w- c:\windows\uninstac.exe
2012-12-11 00:52 . 2012-12-11 00:52 582992 ----a-w- c:\windows\SysWow64\sbap.dll
2012-12-11 00:52 . 2012-12-11 00:52 415056 ----a-w- c:\windows\SysWow64\SpursDownload.dll
2012-12-11 00:52 . 2012-12-11 00:52 308560 ----a-w- c:\windows\SysWow64\vipre.dll
2012-12-11 00:52 . 2012-12-11 00:52 1332560 ----a-w- c:\windows\SysWow64\sbte.dll
2012-12-11 00:52 . 2012-12-11 00:52 -------- d-----w- c:\programdata\AVC1Data
2012-12-11 00:22 . 2012-12-11 00:22 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2012-12-11 00:22 . 2012-12-11 00:58 -------- d-----w- c:\programdata\Spyware Terminator
2012-12-11 00:22 . 2012-12-11 00:22 -------- d-----w- c:\users\Hjem\AppData\Roaming\Spyware Terminator
2012-12-11 00:21 . 2012-12-11 00:23 -------- d-----w- c:\program files (x86)\Spyware Terminator
2012-12-10 22:57 . 2012-12-11 08:29 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2012-12-10 22:56 . 2012-12-10 22:58 -------- d-----w- C:\Ny mappe
2012-12-10 20:11 . 2012-12-10 20:12 -------- d-----w- c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2012-12-10 13:23 . 2012-12-10 13:23 -------- d-----w- c:\programdata\SuperEasy Software
2012-12-10 13:23 . 2012-12-10 13:23 -------- d-----w- c:\program files (x86)\SuperEasy Software
2012-12-10 12:49 . 2012-12-11 00:20 -------- d-----w- C:\Virus
2012-12-10 12:48 . 2012-12-10 12:48 -------- d-----w- c:\users\Hjem\AppData\Local\FastStone
2012-12-10 12:48 . 2012-12-10 12:48 -------- d-----w- c:\program files (x86)\FastStone Capture
2012-12-10 04:50 . 2012-11-19 00:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{817598BF-9C92-4D7B-8821-886F3FD9BA06}\mpengine.dll
2012-12-10 04:21 . 2012-12-10 20:12 -------- d-----w- c:\program files\Enigma Software Group
2012-12-10 04:18 . 2012-12-10 04:18 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-12-09 17:10 . 2012-12-09 17:10 -------- d-----w- c:\programdata\Orbit
2012-12-09 16:03 . 2012-12-09 16:10 -------- d-----w- c:\program files (x86)\Far Cry 3 Deluxe Edition
2012-12-09 13:03 . 2012-12-09 13:03 -------- d-----w- c:\users\Hjem\AppData\Local\Quadriga Games
2012-12-09 10:47 . 2012-12-09 10:47 -------- d-----w- c:\program files (x86)\Quadriga Games
2012-12-09 08:03 . 2012-12-09 14:03 -------- d-----w- c:\programdata\Media Center Programs
2012-12-06 23:27 . 2012-12-06 23:27 -------- d-----w- c:\program files (x86)\DepositFiles
2012-12-06 23:26 . 2012-12-06 23:26 -------- d-----w- c:\programdata\Plugin
2012-12-05 17:59 . 2012-12-05 17:59 -------- d-----w- c:\users\Hjem\AppData\Roaming\Ashampoo
2012-12-05 17:54 . 2012-12-05 17:54 -------- d-----w- c:\users\Hjem\AppData\Local\ashampoo
2012-12-05 17:54 . 2012-12-05 17:54 -------- d-----w- c:\programdata\Ashampoo
2012-12-05 17:53 . 2012-12-05 17:53 -------- d-----w- c:\users\Hjem\AppData\Local\Programs
2012-12-02 10:02 . 2012-12-02 10:02 -------- d-----w- c:\programdata\WinMount
2012-11-30 23:52 . 2012-11-30 23:52 -------- d-----w- c:\users\Hjem\AppData\Roaming\NeatVideo VD 32
2012-11-30 23:51 . 2012-11-30 23:51 -------- d-----w- c:\program files (x86)\Neat Video for VirtualDub
2012-11-30 23:41 . 2012-03-23 18:58 11137024 ----a-w- c:\windows\SysWow64\libmfxsw32.dll
2012-11-28 02:17 . 2012-11-28 02:17 0 ----a-w- c:\windows\SysWow64\sho510D.tmp
2012-11-23 18:18 . 2012-11-23 18:18 -------- d-----w- c:\users\Hjem\AppData\Local\ESN
2012-11-21 15:01 . 2012-11-21 15:08 -------- d-----w- c:\users\Hjem\AppData\Roaming\Light Developer
2012-11-21 15:01 . 2012-11-21 15:01 -------- d-----w- c:\program files (x86)\Light Developer
2012-11-20 16:38 . 2012-11-20 16:40 -------- d-----w- c:\program files (x86)\Proxy Server Finder
2012-11-17 07:39 . 2012-11-17 09:04 -------- d-----w- c:\users\Hjem\AppData\Roaming\WinMount
2012-11-17 07:39 . 2012-12-09 10:15 -------- d-----w- c:\program files\WinMount
2012-11-17 07:39 . 2012-11-17 07:39 92536 ----a-w- c:\windows\SysWow64\drivers\WMDrive.sys
2012-11-17 02:12 . 2012-11-17 02:12 -------- d-----w- c:\program files (x86)\DCoder Image Source
2012-11-17 02:12 . 2012-11-17 02:12 -------- d-----w- c:\program files (x86)\7-Zip
2012-11-17 02:12 . 2012-11-17 02:12 -------- d-----w- c:\program files (x86)\FFMPEG Core Files
2012-11-17 02:12 . 2012-11-17 02:12 -------- d-----w- c:\program files (x86)\CD Audio Reader Filter
2012-11-17 02:12 . 2012-11-17 02:12 -------- d-----w- c:\program files (x86)\OpenSource AVI Splitter
2012-11-17 02:12 . 2012-11-17 02:12 -------- d-----w- c:\program files (x86)\Gabest MPEG Splitter
2012-11-17 02:12 . 2012-11-17 02:12 -------- d-----w- c:\program files (x86)\DScaler5
2012-11-17 02:12 . 2012-11-17 02:12 -------- d-----w- c:\program files (x86)\AC3Filter
2012-11-17 02:11 . 2012-11-17 02:11 -------- d-----w- c:\program files (x86)\OpenSource Flash Video Splitter
2012-11-17 02:11 . 2012-11-17 02:11 -------- d-----w- c:\program files (x86)\DirectVobSub
2012-11-17 02:11 . 2012-11-17 02:11 -------- d-----w- c:\program files (x86)\MadVR
2012-11-17 02:11 . 2012-11-17 02:11 -------- d-----w- c:\program files (x86)\LAV Filters
2012-11-17 02:08 . 2012-11-17 02:20 -------- d-----w- c:\programdata\Zoom Player
2012-11-17 02:08 . 2012-11-17 02:08 -------- d-----w- c:\program files (x86)\Zoom Player
2012-11-16 02:12 . 2012-07-26 05:04 2560 ----a-w- c:\windows\system32\drivers\nb-NO\wdf01000.sys.mui
2012-11-16 02:12 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 02:12 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 02:12 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 02:01 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 02:01 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 02:01 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-16 02:01 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 02:01 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 02:01 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 02:01 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-11 00:52 . 2012-01-09 18:45 160768 ----a-w- c:\windows\SysWow64\unrar.dll
2012-12-09 20:31 . 2011-06-27 20:33 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-12-09 20:31 . 2011-06-27 17:18 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-12-09 20:31 . 2011-06-27 17:18 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-11-23 22:57 . 2011-06-27 17:17 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-11-16 02:01 . 2011-06-28 18:31 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-14 00:39 . 2012-04-01 02:00 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-14 00:39 . 2011-06-27 15:38 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-18 15:09 . 2012-10-20 11:15 237400 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-10-18 15:09 . 2012-10-18 15:09 131416 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-10-18 15:08 . 2012-10-20 11:14 119640 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-10-16 08:38 . 2012-11-27 22:53 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 22:53 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 22:53 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 22:18 . 2012-01-19 19:52 362 ----a-w- c:\users\Hjem\advanced_ip_scanner_MAC.bin
2012-10-03 13:50 . 2012-06-01 14:10 44344 ----a-w- c:\windows\system32\drivers\AntiLog64.sys
2012-10-02 22:21 . 2012-10-10 19:34 831848 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-10-02 22:21 . 2012-10-10 19:34 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-02 22:21 . 2012-10-10 19:34 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-02 22:21 . 2012-10-10 19:34 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-02 22:21 . 2012-10-10 19:34 247144 ----a-w- c:\windows\system32\nvinitx.dll
2012-10-02 22:21 . 2012-10-10 19:34 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-02 22:21 . 2012-10-10 19:34 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-02 22:21 . 2012-10-10 19:34 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-02 22:21 . 2012-10-10 19:34 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-02 22:21 . 2012-10-10 19:34 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-02 22:21 . 2012-10-10 19:34 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-02 22:21 . 2012-10-10 19:34 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-02 22:21 . 2012-10-10 19:34 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-02 22:21 . 2012-10-10 19:34 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-02 22:21 . 2012-10-10 19:34 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-02 22:21 . 2012-10-10 19:34 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-02 22:21 . 2012-10-10 19:34 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-10-02 22:21 . 2012-10-10 19:34 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-02 22:21 . 2012-08-28 09:42 973672 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-10-02 22:21 . 2012-08-28 09:42 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-02 22:21 . 2012-08-28 09:42 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-02 22:21 . 2012-08-28 09:42 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-02 22:21 . 2012-08-28 09:42 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-02 22:21 . 2012-08-28 09:42 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-02 22:21 . 2012-08-28 09:42 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-02 19:51 . 2012-09-24 14:35 3536817 ----a-w- c:\windows\system32\nvcoproc.bin
2012-10-02 19:51 . 2012-09-24 14:35 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2012-09-24 14:35 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2012-09-24 14:35 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2012-09-24 14:35 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2012-09-24 14:35 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 19:50 . 2012-09-24 14:35 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 11:15 . 2012-10-02 11:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-09-29 17:54 . 2011-06-27 20:44 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-24 21:16 . 2012-10-17 18:51 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-14 19:19 . 2012-10-10 18:42 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 18:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0D778FDC-FAD7-4B1D-AB88-7A76A562D65C}]
2012-12-06 23:26 590232 ----a-w- c:\programdata\Plugin\ISeekDeal.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9DFE2FE9-CF99-4ADF-A28E-9B5ADB8DC74F}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-04-10 668944]
"Spotify Web Helper"="d:\programmer\Spotify\Data\SpotifyWebHelper.exe" [2012-10-21 1199576]
"VueMinder"="c:\program files (x86)\VueSoft\VueMinder\VueMinder.exe" [2012-05-25 6946816]
"WLAN Optimizer"="d:\hjelpeprogram\Programmer\Tweaks\wlan optimizer\WLAN Optimizer.exe" [2009-08-07 109056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Hotkey Utility"="c:\program files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe" [2010-08-04 611872]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2012-05-01 1895424]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"SSS12 HotKeys"="c:\program files (x86)\Steganos Privacy Suite 12\SteganosHotKeyService.exe" [2011-08-18 84480]
"SSS12 File Redirection Starter"="c:\program files (x86)\Steganos Privacy Suite 12\fredirstarter.exe" [2011-08-18 17408]
"Ashampoo Core Tuner"="c:\program files (x86)\Ashampoo\Ashampoo Core Tuner\autostarter.exe" [2010-02-15 428376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"AntiLogger"="c:\program files (x86)\AntiLogger\AntiLogger.exe" [2012-09-28 12981744]
"Adobe"="c:\programdata\Adobe\FAB12A.vbe" [2012-10-02 7147]
"emsisoft anti-malware"="c:\program files (x86)\Emsisoft Anti-Malware\a2guard.exe" [2012-10-17 3364264]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNDA3100v2 Genie.lnk - c:\program files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2012-9-27 8453376]
Photo Frame.lnk - c:\program files (x86)\Northstar\Photo Frame\Photo Frame.exe [2010-10-21 516688]
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R3 a2acc;a2acc;c:\program files (x86)\MAMUTU\a2accx64.sys [x]
R3 AF9035HB;AF9035 Hybrid Device;c:\windows\system32\Drivers\AF9035HB.sys [2012-02-25 900096]
R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [2011-06-01 33888]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys [2006-11-30 556544]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2011-12-12 1256192]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 ksfmonsys;ksfmonsys;c:\program files (x86)\Kingsoft\PCDoctor\ksfmonsys64.sys [x]
R3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys [2010-09-29 62168]
R3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys [2010-09-29 377176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2009-11-18 446976]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [2009-10-01 1307648]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-10-18 131416]
R3 vpcuxd;Stubbtjeneste for USB-virtualisering;c:\windows\system32\drivers\vpcuxd.sys [2009-09-23 16384]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-01 1255736]
R3 WISOVD;WISOVD;c:\program files (x86)\WinISO Computing\WinISO\bin\driver\WISOVD_win7_x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2011-07-22 25056]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-07-03 867824]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]
S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2012-04-30 44688]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [2010-05-05 14720]
S1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys [2012-10-03 44344]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-22 48992]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 SLEE_17_DRIVER;Steganos Live Encryption Engine 17 [Driver];c:\windows\Sleen1764.sys [2010-02-17 12:21 108256]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys [2009-03-02 118888]
S1 STGMFEngine64;Steganos RAM Disk Engine 64 Bit [Driver];c:\windows\system32\drivers\STGMFEngine64.sys [2010-09-03 14:45 28576]
S1 WMDrive;WMDrive;c:\windows\SysWOW64\drivers\WMDrive.sys [2012-11-17 92536]
S2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-10-06 3084176]
S2 acthelper;Ashampoo CoreTuner Helper Service;c:\program files (x86)\Ashampoo\Ashampoo Core Tuner\ACTHelperService.exe [2010-02-15 902488]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-06-13 2321560]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [2012-12-11 51496]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [2012-11-09 1148664]
S2 Steganos Volatile Disk;Steganos Volatile Disk;c:\windows\system32\STGRAMDiskHandler64.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\programmer\tuneup utilities 2011\TuneUpUtilitiesService64.exe [2011-09-27 2027840]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]
S2 WSWNDA3100v2;WSWNDA3100v2;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2011-12-14 303360]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2010-12-24 29288]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [2011-06-01 33888]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-04-11 410184]
S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-04-11 341832]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\programmer\tuneup utilities 2011\TuneUpUtilitiesDriver64.sys [2011-07-07 11856]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2011-05-23 29288]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2011-05-23 29288]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2011-05-23 29288]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2011-05-23 29288]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2011-05-23 29288]
.
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
.
2012-12-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 00:39]
.
2012-12-11 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-06-29 15:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MountOverlayIcon]
@="{0F49CF41-FD97-4942-9F2A-35E8B489E7FB}"
[HKEY_CLASSES_ROOT\CLSID\{0F49CF41-FD97-4942-9F2A-35E8B489E7FB}]
2010-10-21 09:41 308736 ----a-w- c:\program files\WinMount\WinMTExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]
"Ashampoo Core Tuner"="c:\program files (x86)\Ashampoo\Ashampoo Core Tuner\autostarter.exe" [2010-02-15 428376]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2012-05-22 980920]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-07-24 6900024]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.google.no/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://packardbell.msn.com
mStart Page = hxxp://packardbell.msn.com
uInternet Settings,ProxyOverride = <-loopback>
IE: E&ksporter til Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd til OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Sothink SWF Catcher - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
Trusted Zone: microsoft.com\update
TCP: DhcpNameServer = 192.168.10.1 192.168.10.1
FF - ProfilePath - c:\users\Hjem\AppData\Roaming\Mozilla\Firefox\Profiles\pgcfjme8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.no/
FF - prefs.js: keyword.URL - hxxp://rs.mediapimp.com/s/?src=addrbar&browser=ff&category=web&partner_id=229&toolbar_id=7&toolbar_version=3.4&q=
FF - prefs.js: network.proxy.ftp - 81.44.251.148
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 80.194.50.123
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 81.44.251.148
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.ssl - 81.44.251.148
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-10-20 17:20; {0b457cAA-602d-484a-8fe7-c1d894a011ba}; c:\users\Hjem\AppData\Roaming\Mozilla\Firefox\Profiles\pgcfjme8.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
FF - ExtSQL: 2012-10-25 17:45; {F53C93F1-07D5-430c-86D4-C9531B27DFAF}; c:\program files (x86)\AVG\AVG2012\Firefox\DoNotTrack
FF - ExtSQL: 2012-10-28 12:16; battlefieldheroespatcher@ea.com; c:\users\Hjem\AppData\Roaming\Mozilla\Firefox\Profiles\pgcfjme8.default\extensions\battlefieldheroespatcher@ea.com
FF - ExtSQL: 2012-11-16 04:10; speeddns@gmail.com; c:\users\Hjem\AppData\Roaming\Mozilla\Firefox\Profiles\pgcfjme8.default\extensions\speeddns@gmail.com.xpi
FF - ExtSQL: 2012-11-16 04:13; jid1-uabu5A9hduqzCw@jetpack; c:\users\Hjem\AppData\Roaming\Mozilla\Firefox\Profiles\pgcfjme8.default\extensions\jid1-uabu5A9hduqzCw@jetpack
FF - ExtSQL: 2012-11-16 04:17; info@ovterion.com; c:\users\Hjem\AppData\Roaming\Mozilla\Firefox\Profiles\pgcfjme8.default\extensions\info@ovterion.com.xpi
FF - ExtSQL: 2012-12-07 00:26; iseekdeal@iseekdeal.com; c:\users\Hjem\AppData\Roaming\Mozilla\Firefox\Profiles\pgcfjme8.default\extensions\iseekdeal@iseekdeal.com.xpi
FF - ExtSQL: 2012-12-07 00:27; {10289AD8-241D-406C-8168-6508B4D257D6}; c:\program files (x86)\Mozilla Firefox\extensions\{10289AD8-241D-406C-8168-6508B4D257D6}
FF - user.js: network.proxy.gopher - 80.194.50.123
FF - user.js: network.proxy.gopher_port - 8080
FF - user.js: network.proxy.type - 0);user_pref(network.proxy.socks,
FF - user.js: network.proxy.socks_port - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: ui.submenuDelay - 16
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.pipelining.ssl - true
FF - user.js: network.http.pipelining.maxrequests - 8
.
- - - - TOMME PEKERE FJERNET - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-Fraps - e:\fraps\uninstall.exe
.
.
.
--------------------- LÅSTE REGISTERNØKLER ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManager10Deluxe.8.alb"
.
[HKEY_USERS\S-1-5-21-1878369753-3232272556-4142579333-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*4*í¦oU]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1878369753-3232272556-4142579333-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*4*í¦oU\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1878369753-3232272556-4142579333-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1878369753-3232272556-4142579333-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1878369753-3232272556-4142579333-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ӎ,_]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1878369753-3232272556-4142579333-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ӎ,_\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OOCC7.00.00.01PROSTATION"="A4C6F5CD4E5BDE188EB21807FBC4D3EB0A1F6B92367DD252113342BCF90CD1C88723CF71E36213391E928F163C467016047D79E7CC457AFD5FBD09730CBEE00128930C928FF4B360C2474C025DB9EC71F05704FD7D1F4B8314359B806443045BBB1849732D223A3E8553EB952100CE0B53CE42CA8DDA7B67C4FEF21EEF79BCF68973DC3AECF816A8067A3D7E1B7713103E4A24A416CAB1CF193F386F6BC58092F1304DEDD28E269A7547C5CF358829D457F2C94785C48A8A4DE3CA776A0EB795631AD67DB57B43B09A073E012B9B71CFDA380AD01EA41685329A3C9ED3BEBF07E4BF673BC05DB6AE504992E90F1E451B18CC6D45FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6171C11EC38DE3DA2D97226D213B555A6171C11EC38DE3DFB92C43E02CC8160DAC9B38BEE4FD527B5B6DA2BA9264AC8A30DA8BFAAC6CEF8F1B2853A0E1813052BA4A877BBE1B53B70EA31E76F47C9D622A214CC85DA2E875791D90219392C0427CF27567A39F4A742799C79EB2ADC2A57FA8272B221F46050E4C43076D8700EDA4F3F9B72205447B9D7DB4BFA5800E7F51E7D35C384811055643B028A63B7399FAF735E0024C95B37009DED0CA3E6980616003FDF36E108B14D295A510B1081A77C3AD910197E0571F00715241D78A7E0747D5B3EA9DA9D85E0EA3E58C33944F8C87F6BA812D04C722FAD185B9B4E67B5CADAFAAC97E28A436254D7C2C72744E9A8A196DE6B519D183EA1F35EBBB68987B2EEB40D7BA5EB351A2975469303A72A36F304DEC2C5C793ABDE48ECDCB5A82DC60940D49682C274D6A4092D692AF93890BDFC677AA8FC6A04DB58DA208040502769F88CEC0EF4F16874A7D4CCAB2769D7B96FCC38A5D6F75A000C11EE0230F0F644E251458E4CF122BB8CB0084D83E5B196EF756721CF68C6A6700D72593EE1DDC3A0D5AD00760BDE0F9347A885C4AC48F7B55DB42DC6BD6221B3DB1BD612C90884FA5DF39203A9F978C0327E83868CC8F41A1312167ECE4C322B259B8438232418E0C2AE29690F53F7389E20A645AAE6971CBAB6D72043A792CE206B1A213D6782617134DA814C51FCC5D1E482E400D45FDF8B1DA5369B1AEDB818C587A039083D326D22740AC9DBEED51FEB61AAD9CE40ABCE02E2B1A74FE42BED296E6F8F42352CC9D774A2455FA77B72943F42581220EB67E82AE28DF40C8816D9A6AA0BD6CBCBB0790ED2CCCC756AC9854B39EF60DAAC4517C803C7BE6959195DB8D1C907D5335F6EAA0345981A7E37A7EB81E9FD3F22EF17C0ADA2637A499100644A3F9C1DA527E4E380653BCBB5E0273872E2358F2305B7C662421CAE2833D09DDAB0625C8C6DCA897B39B1B4310176FDC64C5483AB338945839AA86BE9BEA28731B9A747F4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tidspunkt ferdig: 2012-12-11 10:09:13
ComboFix-quarantined-files.txt 2012-12-11 09:09
.
Pre-Run: 232 091 353 088 byte ledig
Post-Run: 231 733 145 600 byte ledig
.
- - End Of File - - 60C0B27D23FF33DD90B5249C90D2A39F

#8 SystemFailure

SystemFailure
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 11 December 2012 - 04:48 AM

Just another update.
It seems like i get a different message when restarting my computer now.
Screenshots of the new messages below :

Posted Image

Posted Image

Don't know if it helps that i'm posting this update, but i just thought you should know !

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:37 PM

Posted 11 December 2012 - 07:07 PM

yes thanks, we still have more work to do, so stick with me,

please run the following:

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.
Note: Further documentation can be found in the ReadMe.rtf file which is located in the Malwarebytes Anti-Rootkit folder.


NEXT


Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message


NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 SystemFailure

SystemFailure
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 12 December 2012 - 06:00 AM

yes thanks, we still have more work to do, so stick with me,

please run the following:

Please download Malwarebytes Anti-Rootkit and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.
Note: Further documentation can be found in the ReadMe.rtf file which is located in the Malwarebytes Anti-Rootkit folder.


NEXT


Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message


NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


Thx again for replying.
I will now start using your tools, however when downloading adwcleaner i got a virus message on my avg.
Here is the message i got :

Posted Image
So it's not possible to download it because my antivirus stops it ?

#11 SystemFailure

SystemFailure
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 12 December 2012 - 06:42 AM

I ran malwarebytes anti rootkit and it didn't find any threats :thumbup2:
At least that's good, right ?
I attached the 2 log files below this message !



I then ran junkware removal tool, and here is the log :
----------

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.0.8 (12.12.2012:1)
OS: Windows 7 Home Premium x64
Ran by Hjem on 12.12.2012 at 12:16:21.89
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\softonic"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\discoveryhelper.dll"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\gifanimator.dll"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\imtrprogress.dll"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\imweb.dll"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\wmhelper.dll"
Successfully deleted: [Registry Key] "hkey_local_machine\software\conduit"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\Hjem\AppData\Roaming\mozilla\firefox\profiles\pgcfjme8.default\user.js
Successfully deleted: [File] "C:\Users\Hjem\AppData\Roaming\mozilla\firefox\profiles\pgcfjme8.default\extensions\kwout-firefox@kwout.com.xpi"
Successfully deleted: [Folder] C:\Users\Hjem\AppData\Roaming\mozilla\firefox\profiles\pgcfjme8.default\extensions\jid1-uabu5A9hduqzCw@jetpack
Successfully deleted the following from C:\Users\Hjem\AppData\Roaming\mozilla\firefox\profiles\pgcfjme8.default\prefs.js

user_pref("extensions.jid1-uabu5A9hduqzCw@jetpack.install-event-fired", true);
user_pref("extensions.proxytool.referers", "www.google.com,google.com,yahoo.com,bing.com,ask.com,currate.com,alwaysmath.com,facebook.com,twitter.com,craigslist.org");
user_pref("extensions.skipscreen.hostMatchStr", "http://www.4shared.com/(get|audio|file|document|dir)/.*|http://.*depositfiles.com/(([a-z]{2})/files/|auth-).*|http://(www.)*di



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.12.2012 at 12:26:44.36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The third tool (adwcleaner) can't be downloaded beacuse avg antivirus stops it and puts it to vault.
I'm not sure if i dare to turn of antivirus and allow this file, when it stops it all the time ?
What do you think ?

Attached Files


Edited by SystemFailure, 12 December 2012 - 06:45 AM.


#12 SystemFailure

SystemFailure
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 12 December 2012 - 11:11 AM

Ok, after a few hours i decided to run the adwcleaner afterall..
I disabled my antivirus and run the program and here is the log :
--------------

# AdwCleaner v2.100 - Logfile created 12/12/2012 at 17:03:44
# Updated 09/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Hjem - HJEM-PC
# Boot Mode : Normal
# Running from : C:\Users\Hjem\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (nb-NO)

Profile name : default [Profil par défaut]
File : C:\Users\Hjem\AppData\Roaming\Mozilla\Firefox\Profiles\pgcfjme8.default\prefs.js

Deleted : user_pref("extensions.proxytool.referers", "www.google.com,google.com,yahoo.com,bing.com,ask.com,cur[...]
Deleted : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir[...]

Profile name : default
File : C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\pogx6uhz.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3634 octets] - [12/12/2012 17:03:13]
AdwCleaner[S1].txt - [3639 octets] - [12/12/2012 17:03:44]

########## EOF - C:\AdwCleaner[S1].txt - [3699 octets] ##########

#13 SystemFailure

SystemFailure
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 12 December 2012 - 11:14 AM

My computer seems to be a bit faster now, and i didn't get the virus message on reboot.
So it look pretty good :thumbup2:
However i think it's a bit too early to celebrate juts yet.
I have to use my computer a bit and see if anything is wrong, but at least i didn't get the virus message on reboot :thumbsup:

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:37 PM

Posted 12 December 2012 - 05:44 PM

Let's make sure there are no leftovers, please run the following:

Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 SystemFailure

SystemFailure
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 13 December 2012 - 02:46 AM

Let's make sure there are no leftovers, please run the following:

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

I tried this scan, but after a few hours of scanning i suddenly got a bluescreen.
What caused it may be either the screensaver or hibernation.
Either way, i'm just running a re-scan with this software right now, so i might have a log available in a few hours.
I hope you can wait ?




2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users