[Essexboy]

Attached both zip files

[Advertisements]

Thank you for the files, from what i see so far, most, if not all currently running processes were/are infected.
will hold you updated after i finish all steps, and thanks once again, for patience

[nabcake]

Thank you for the files, from what i see so far, most, if not all currently running processes were/are infected.
will hold you updated after i finish all steps, and thanks once again, for patience

[Essexboy]

I am just sorry itt was a sality infection... But on the bright side we may be able to repair the system

[Essexboy]

I am going off line now but I will look in first thing tomorrow

[nabcake]

the sality killer used extremely long time, so i just let it run all the night. i followed rest of the instructions, and so far everything seems to be ok, except some minor problems (creative sound driver doesn't work)

edit: i also ran OTL to send you a log of it to make sure everything is clean, then my AV detected virus in a file "c:\ppbjj.exe". Its flagged with the same malware as the cmrwx.exe was

Here is the Combofix log:

ComboFix 12-06-23.06 - N4bc4k3 06/24/2012 13:45:41.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.2046.1459 [GMT 2:00]
Running from: c:\documents and settings\N4bc4k3\Skrivebord\ComboFix.exe
AV: Outpost Security Suite Pro *Disabled/Updated* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
FW: Outpost Security Suite Pro *Disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
C:\xgok.pif
D:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AMSINT32
-------\Service_amsint32
.
.
((((((((((((((((((((((((( Files Created from 2012-05-24 to 2012-06-24 )))))))))))))))))))))))))))))))
.
.
2012-06-23 18:52 . 2012-06-23 21:25 33508 --sh--r- C:\ppbjj.exe
2012-06-23 14:48 . 2012-06-23 14:48 -------- d-----w- C:\_OTL
2012-06-23 11:00 . 2012-06-24 11:24 -------- d--h--r- c:\documents and settings\N4bc4k3\Siste
2012-06-23 01:46 . 2012-06-23 01:46 7475200 ----a-w- c:\windows\system32\rmslt.nt
2012-06-22 17:03 . 2012-06-22 17:03 -------- d-----w- c:\documents and settings\N4bc4k3\Programdata\Malwarebytes
2012-06-22 17:03 . 2012-06-22 17:03 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes
2012-06-22 17:03 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-21 17:38 . 2012-06-21 17:37 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-21 17:37 . 2012-06-21 17:37 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-21 17:36 . 2012-06-21 17:36 -------- d-----w- c:\documents and settings\All Users\Programdata\McAfee
2012-06-21 17:27 . 2012-06-21 17:27 -------- d-----w- c:\windows\system32\wbem\Repository
2012-06-21 17:05 . 2012-06-21 17:15 -------- d-----w- c:\programfiler\Emsisoft HiJackFree
2012-06-21 16:54 . 2012-06-21 17:16 -------- d-----w- c:\programfiler\Emsisoft Anti-Malware
2012-06-16 18:32 . 2012-06-16 18:32 -------- d-----w- c:\documents and settings\N4bc4k3\Programdata\Windows Search
2012-06-13 10:30 . 2012-05-13 11:01 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-09 23:12 . 2012-06-09 23:12 -------- d-----w- c:\documents and settings\N4bc4k3\Programdata\Leadertech
2012-06-07 14:51 . 2012-06-16 20:16 770384 ----a-w- c:\programfiler\Mozilla Firefox\msvcr100.dll
2012-06-07 14:51 . 2012-06-16 20:16 421200 ----a-w- c:\programfiler\Mozilla Firefox\msvcp100.dll
2012-06-06 23:01 . 2008-04-13 17:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2012-06-06 23:01 . 2008-04-13 17:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2012-06-06 23:01 . 2001-10-06 12:02 5632 ----a-w- c:\windows\system32\ptpusb.dll
2012-06-06 23:01 . 2008-04-14 15:22 159232 ----a-w- c:\windows\system32\ptpusd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-24 02:39 . 2010-03-18 18:17 19456 ----a-w- c:\windows\system32\CtHelper.exe
2012-06-21 17:37 . 2011-12-30 17:28 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-02 13:19 . 2011-12-30 00:46 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2011-12-30 00:46 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2011-12-30 00:46 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2011-12-30 00:46 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2011-12-30 00:46 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2011-12-30 00:27 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2003-04-25 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2011-12-30 00:46 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2011-12-30 00:46 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2011-12-30 00:46 23064 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2011-12-30 00:46 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2011-12-30 00:46 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2011-12-30 00:27 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2003-04-25 12:00 600064 ----a-w- c:\windows\system32\crypt32.dll
2012-05-20 11:47 . 2012-04-02 15:53 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-20 11:47 . 2011-12-30 12:46 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-16 15:09 . 2006-06-23 12:29 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:55 . 2003-04-25 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-13 11:01 . 2003-04-25 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-13 11:01 . 2003-04-25 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:39 . 2004-08-04 07:55 385024 ------w- c:\windows\system32\html.iec
2012-05-05 03:15 . 2003-04-25 12:00 2194432 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:15 . 2002-09-09 14:07 2070912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:47 . 2011-12-30 00:27 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-16 20:16 . 2012-04-06 12:03 85472 ----a-w- c:\programfiler\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-23_15.22.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-24 11:54 . 2012-06-24 11:54 16384 c:\windows\Temp\Perflib_Perfdata_3f4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\programfiler\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 08:49 176936 ----a-w- c:\programfiler\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\programfiler\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\programfiler\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost]
@="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
[HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}]
2011-07-13 19:22 287872 ----a-w- d:\programfiler\Agnitum\Outpost Security Suite Pro\op_shell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\programfiler\Steam\Steam.exe" [2012-06-23 1242448]
"DAEMON Tools Lite"="c:\programfiler\DAEMON Tools Lite\DTLite.exe" [2012-06-23 3514176]
"SpybotSD TeaTimer"="d:\programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-23 98304]
"ATICustomerCare"="c:\programfiler\ATI\ATICustomerCare\ATICustomerCare.exe" [2012-06-23 311296]
"NVRaidService"="c:\programfiler\NVIDIA Corporation\Raid\nvraidservice.exe" [2012-06-23 163944]
"WinampAgent"="d:\programfiler\Winamp\winampa.exe" [2012-06-23 74752]
"Adobe ARM"="c:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="d:\programfiler\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Windows Search.lnk]
path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
2010-09-07 16:40 1976920 ------w- c:\windows\system32\xRaidSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 22:25 59240 ----a-w- c:\programfiler\Fellesfiler\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Update Checker]
2012-06-23 21:27 121472 ----a-w- c:\programfiler\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-06-23 21:32 3514176 ----a-w- c:\programfiler\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-06-23 21:18 136176 ----atw- c:\documents and settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 05:31 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 00:36 421736 ----a-w- d:\programfiler\ITunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2010-09-07 16:40 43608 ------w- c:\windows\RaidTool\xInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-06-23 22:06 1987976 ----a-w- c:\programfiler\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostMonitor]
2011-08-10 12:22 3138632 ----a-w- d:\progra~1\Agnitum\OUTPOS~1\op_mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2003-04-25 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2003-04-25 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-06-23 22:12 17353352 ----a-r- c:\programfiler\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2012-06-23 21:22 9481904 ----a-w- c:\documents and settings\N4bc4k3\Programdata\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2012-05-03 13:17 932528 ----a-w- c:\documents and settings\N4bc4k3\Programdata\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"CTHelper"=CTHELPER.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programfiler\\Pando Networks\\Media Booster\\PMB.exe"=
"d:\\Programfiler\\vuze\\Azureus.exe"=
"c:\\Programfiler\\Skype\\Phone\\Skype.exe"=
"d:\\Programfiler\\steam\\Steam.exe"=
"d:\\Programfiler\\steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Documents and Settings\\N4bc4k3\\Programdata\\Spotify\\spotify.exe"=
"c:\\Documents and Settings\\All Users\\Programdata\\Electronic Arts\\Need For Speed World\\Data\\nfsw.exe"=
"c:\\Programfiler\\Java\\jre6\\bin\\javaw.exe"=
"d:\\Programfiler\\Winamp\\winamp.exe"=
"d:\\Programfiler\\vuze\\Support\\FIFA 11_code.exe"=
"d:\\Programfiler\\vuze\\Redistributable\\vcredist_x86_en.exe"=
"d:\\Programfiler\\Emsisoft HiJackFree\\a2hijackfree.exe"=
"c:\\WINDOWS\\system32\\CTHELPER.EXE"=
"c:\\Programfiler\\Spybot - Search & Destroy\\TeaTimer.exe"=
"c:\\Programfiler\\NVIDIA Corporation\\Raid\\nvraidservice.exe"=
"c:\\Programfiler\\Mozilla Firefox\\firefox.exe"=
"c:\\Programfiler\\DAEMON Tools Lite\\DTLite.exe"=
"c:\\Programfiler\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM.exe"=
"c:\\Programfiler\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"=
"c:\\Programfiler\\ATI Technologies\\ATI.ACE\\Core-Static\\ccc.exe"=
"c:\\Programfiler\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe"=
"d:\\Programfiler\\Spybot - Search & Destroy\\TeaTimer.exe"=
"c:\\Documents and Settings\\N4bc4k3\\Mine dokumenter\\Downloads\\OTL.exe"=
"d:\\Programfiler\\Malwarebytes' Anti-Malware\\mbamgui.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58455:TCP"= 58455:TCP:Pando Media Booster
"58455:UDP"= 58455:UDP:Pando Media Booster
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [12/30/2011 3:42 AM 764880]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [12/30/2011 3:03 AM 11448]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [1/15/2012 7:57 PM 239168]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [5/4/2012 12:36 PM 24328]
R2 MBAMService;MBAMService;d:\programfiler\Malwarebytes' Anti-Malware\mbamservice.exe [6/22/2012 7:03 PM 654408]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [12/30/2011 3:41 AM 32472]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [12/30/2011 3:42 AM 284632]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [12/30/2011 6:36 PM 100368]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 9:39 PM 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 9:39 PM 555096]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 9:39 PM 566360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/22/2012 7:03 PM 22344]
S1 JAMVOX_AA;Service for JamVOX Controller driver;c:\windows\system32\DRIVERS\JamDRV.sys --> c:\windows\system32\DRIVERS\JamDRV.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/2/2012 5:53 PM 257696]
S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [12/30/2011 3:42 AM 78656]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 9:39 PM 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\programfiler\Fellesfiler\Creative Labs Shared\Service\CTAELicensing.exe [12/30/2011 6:47 PM 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 9:39 PM 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 9:39 PM 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 9:39 PM 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 9:39 PM 566360]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [12/31/2011 1:05 AM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [12/31/2011 1:05 AM 8456]
S3 JAMVOX_01;Service for JamVOX Audio driver;c:\windows\system32\DRIVERS\JamWdm.sys --> c:\windows\system32\DRIVERS\JamWdm.sys [?]
S3 JamVOXUSBAudioSrv;CEntrance USB Audio Driver Service for JamVOX;c:\windows\system32\drivers\jamvox.sys [12/14/2011 5:13 PM 105416]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programfiler\Mozilla Maintenance Service\maintenanceservice.exe [4/27/2012 2:35 PM 113120]
S3 VBEngNT;VBEngNT;c:\windows\system32\drivers\VBEngNT.sys [12/30/2011 3:42 AM 242040]
S3 VBFilt;VBFilt;c:\windows\system32\Filt\VBFilt.dll [12/30/2011 3:42 AM 84312]
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 11:47]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.10.1 192.168.10.1
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\documents and settings\N4bc4k3\Programdata\Mozilla\Firefox\Profiles\3v9gbb6i.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-24 13:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1112)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2608)
d:\programfiler\Agnitum\Outpost Security Suite Pro\op_shell.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programfiler\Creative\Shared Files\CTAudSvc.exe
c:\programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\CTsvcCDA.exe
c:\programfiler\Java\jre6\bin\jqs.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2012-06-24 13:57:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-24 11:57
ComboFix2.txt 2012-06-23 18:55
ComboFix3.txt 2012-06-23 18:38
ComboFix4.txt 2012-06-23 15:27
.
Pre-Run: 10,927,050,752 byte ledig
Post-Run: 11,020,476,416 byte ledig
.
- - End Of File - - A8DB37C10BD4635C07C198ED53E0FA01


OTL:


OTL logfile created on: 6/24/2012 2:04:10 PM - Run 4
OTL by OldTimer - Version 3.2.52.0 Folder = C:\Documents and Settings\N4bc4k3\Mine dokumenter\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: USA | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 67.92% Memory free
3.85 Gb Paging File | 3.35 Gb Available in Paging File | 87.02% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programfiler
Drive C: | 29.29 Gb Total Space | 10.41 Gb Free Space | 35.55% Space Free | Partition Type: NTFS
Drive D: | 203.58 Gb Total Space | 23.74 Gb Free Space | 11.66% Space Free | Partition Type: NTFS
Drive E: | 2.83 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: N4B-C4K3 | User Name: N4bc4k3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/23 23:21:14 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\N4bc4k3\Mine dokumenter\Downloads\OTL.exe
PRC - [2012/06/23 23:08:31 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- D:\Programfiler\Winamp\winampa.exe
PRC - [2012/06/23 23:08:12 | 000,163,944 | ---- | M] (NVIDIA Corporation) -- C:\Programfiler\NVIDIA Corporation\Raid\nvraidservice.exe
PRC - [2012/06/16 22:16:55 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programfiler\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- d:\Programfiler\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- d:\Programfiler\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/10/24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Programfiler\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/04/14 18:22:49 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/16 22:16:54 | 002,042,848 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\mozjs.dll
MOD - [2012/06/14 15:54:34 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/14 11:35:42 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/14 11:35:32 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/14 02:01:49 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/05/10 15:38:28 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/10 15:38:22 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012/05/10 15:36:22 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/10 15:32:56 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/10 15:32:41 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/12/30 19:32:52 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_no_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2011/12/30 19:32:51 | 000,286,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_no_b77a5c561934e089\mscorlib.resources.dll
MOD - [2011/11/09 22:45:32 | 000,270,336 | ---- | M] () -- C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programfiler\Fellesfiler\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programfiler\Fellesfiler\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/16 13:22:12 | 000,014,848 | ---- | M] () -- C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/06/23 23:32:42 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programfiler\Fellesfiler\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012/06/16 22:16:55 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programfiler\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/20 13:47:31 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/19 18:03:24 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Programfiler\Fellesfiler\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- d:\Programfiler\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Programfiler\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\N4bc4k3\LOKALE~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\JamDRV.sys -- (JAMVOX_AA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\JamWdm.sys -- (JAMVOX_01)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/09 10:57:28 | 000,024,328 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2012/01/15 19:57:22 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/12/14 17:13:56 | 000,105,416 | ---- | M] (CEntrance, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jamvox.sys -- (JamVOXUSBAudioSrv)
DRV - [2011/11/10 05:42:12 | 007,493,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/10/17 19:40:22 | 000,100,368 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2011/07/29 14:54:56 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 14:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/06/15 15:22:28 | 000,284,632 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afwcore.sys -- (afwcore)
DRV - [2011/06/15 15:21:12 | 000,084,312 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Filt\VBFilt.dll -- (VBFilt)
DRV - [2011/06/15 15:21:10 | 000,078,656 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Filt\ASWFilt.dll -- (ASWFilt)
DRV - [2011/06/15 15:21:04 | 000,764,880 | ---- | M] (Agnitum Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SandBox.sys -- (SandBox)
DRV - [2011/05/19 16:55:28 | 000,103,512 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2011/03/28 19:55:54 | 000,032,472 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afw.sys -- (afw)
DRV - [2011/02/02 18:04:22 | 000,242,040 | ---- | M] (VirusBuster Kft.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBEngNT.sys -- (VBEngNT)
DRV - [2010/03/18 21:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2010/03/18 21:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010/03/18 21:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010/03/18 21:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/03/18 21:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/03/18 21:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/03/18 21:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/03/18 21:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/03/18 21:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2010/03/18 21:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/03/18 21:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)
DRV - [2010/03/18 21:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2010/03/18 21:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)
DRV - [2010/03/18 21:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2010/03/18 21:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)
DRV - [2010/03/18 21:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2010/03/18 21:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX.SYS)
DRV - [2010/03/18 21:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2009/08/04 11:28:18 | 000,011,296 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2009/07/06 11:48:02 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2008/11/12 17:58:38 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2008/04/13 20:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/10/12 17:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/09/12 04:45:38 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/09/12 04:45:36 | 000,057,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/08/22 03:24:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/13 11:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programfiler\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2504091
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programfiler\ITunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programfiler\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programfiler\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programfiler\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Programfiler\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programfiler\Mozilla Firefox\components [2012/06/16 22:16:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programfiler\Mozilla Firefox\plugins [2012/06/21 19:38:00 | 000,000,000 | ---D | M]

[2012/04/06 14:03:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\N4bc4k3\Programdata\Mozilla\Extensions
[2012/06/23 03:41:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\N4bc4k3\Programdata\Mozilla\Firefox\Profiles\3v9gbb6i.default\extensions
[2012/06/21 19:38:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programfiler\Mozilla Firefox\extensions
[2011/12/31 00:46:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programfiler\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/21 19:38:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Programfiler\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/06/23 03:41:12 | 000,017,212 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\N4BC4K3\PROGRAMDATA\MOZILLA\FIREFOX\PROFILES\3V9GBB6I.DEFAULT\EXTENSIONS\[email protected]
[2012/06/16 22:16:56 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programfiler\mozilla firefox\components\browsercomps.dll
[2011/12/09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programfiler\mozilla firefox\plugins\npwachk.dll
[2012/06/16 22:16:52 | 000,002,252 | ---- | M] () -- C:\Programfiler\mozilla firefox\searchplugins\bing.xml
[2012/06/16 22:16:52 | 000,002,040 | ---- | M] () -- C:\Programfiler\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programfiler\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Programfiler\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programfiler\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programfiler\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programfiler\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Java™ Platform SE 6 U33 (Enabled) = C:\Programfiler\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Programfiler\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Programfiler\ITunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/24 13:54:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Programfiler\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programfiler\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programfiler\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programfiler\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Programfiler\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Programfiler\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] d:\Programfiler\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\Programfiler\NVIDIA Corporation\Raid\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] d:\Programfiler\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programfiler\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] d:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] D:\Programfiler\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutoRun: NoDriveTypeAutoRun = 177
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Outpost Security Suite Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - d:\Programfiler\Agnitum\Outpost Security Suite Pro\ie_bar.dll (Agnitum Ltd.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programfiler\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programfiler\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\Programfiler\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programfiler\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{184F38BC-3F79-4D10-AC91-2C8313224FB3}: DhcpNameServer = 192.168.10.1 192.168.10.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programfiler\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Min gjeldende hjemmeside) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programfiler\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/30 02:29:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/24 14:04:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/06/24 13:42:46 | 004,566,424 | R--- | C] (Swearware) -- C:\Documents and Settings\N4bc4k3\Skrivebord\ComboFix.exe
[2012/06/23 22:24:37 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\N4bc4k3\Skrivebord\aswMBR.exe
[2012/06/23 17:13:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/06/23 17:12:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/06/23 17:12:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/06/23 17:12:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/06/23 17:12:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/06/23 17:11:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/23 17:11:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\N4bc4k3\Start-meny\Programmer\Administrative verktøy
[2012/06/23 17:11:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/06/23 16:48:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/23 13:00:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\N4bc4k3\Siste
[2012/06/23 12:16:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2012/06/23 02:15:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Programmer\Spybot - Search & Destroy
[2012/06/22 19:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N4bc4k3\Programdata\Malwarebytes
[2012/06/22 19:03:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Programmer\Malwarebytes' Anti-Malware
[2012/06/22 19:03:12 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/22 19:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Programdata\Malwarebytes
[2012/06/21 19:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Programdata\McAfee
[2012/06/21 19:05:07 | 000,000,000 | ---D | C] -- C:\Programfiler\Emsisoft HiJackFree
[2012/06/21 18:54:45 | 000,000,000 | ---D | C] -- C:\Programfiler\Emsisoft Anti-Malware
[2012/06/21 18:54:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N4bc4k3\Mine dokumenter\Anti-Malware
[2012/06/17 13:28:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N4bc4k3\Mine dokumenter\Thief - Deadly Shadows
[2012/06/17 13:27:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Programmer\Eidos
[2012/06/16 22:42:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N4bc4k3\Mine dokumenter\FIFA 10
[2012/06/16 20:32:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N4bc4k3\Programdata\Windows Search
[2012/06/10 01:37:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N4bc4k3\Mine dokumenter\FIFA 11
[2012/06/10 01:23:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Programmer\EA Sports
[2012/06/10 01:12:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N4bc4k3\Programdata\Leadertech
[2012/06/05 20:20:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N4bc4k3\Skrivebord\Ny mappe

========== Files - Modified Within 30 Days ==========

[2012/06/24 13:54:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/06/24 13:54:38 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/24 13:54:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/24 13:52:52 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000007-00001102-00000004-10071102}.rfx
[2012/06/24 13:52:52 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000007-00001102-00000004-10071102}.rfx
[2012/06/24 13:52:52 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000007-00001102-00000004-10071102}.rfx
[2012/06/24 13:52:52 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000007-00001102-00000004-10071102}.rfx
[2012/06/24 13:52:52 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000007-00001102-00000004-10071102}.rfx
[2012/06/24 13:43:08 | 004,566,424 | R--- | M] (Swearware) -- C:\Documents and Settings\N4bc4k3\Skrivebord\ComboFix.exe
[2012/06/24 13:24:57 | 000,678,758 | ---- | M] () -- C:\Documents and Settings\N4bc4k3\Skrivebord\Ny Punktgrafikkbilde.bmp
[2012/06/23 22:24:41 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\N4bc4k3\Skrivebord\aswMBR.exe
[2012/06/23 18:34:23 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000007-00001102-00000004-10071102}.CDF
[2012/06/23 17:13:07 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/06/23 16:45:04 | 000,001,076 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012/06/23 16:45:04 | 000,001,076 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012/06/23 03:46:05 | 007,475,200 | ---- | M] () -- C:\WINDOWS\System32\rmslt.nt
[2012/06/23 03:46:05 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\rmslt.lst
[2012/06/23 02:15:52 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\N4bc4k3\Skrivebord\Spybot - Search & Destroy.lnk
[2012/06/23 00:08:27 | 000,000,102 | ---- | M] () -- C:\index.ini
[2012/06/22 19:03:14 | 000,000,645 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Malwarebytes Anti-Malware.lnk
[2012/06/22 17:30:42 | 000,008,326 | ---- | M] () -- C:\Documents and Settings\N4bc4k3\.recently-used.xbel
[2012/06/21 18:35:25 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\housecall.guid.cache
[2012/06/16 22:38:17 | 000,436,824 | ---- | M] () -- C:\AnalysisLog.sr0
[2012/06/14 11:32:51 | 000,193,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/14 02:02:03 | 000,482,108 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/14 02:02:03 | 000,315,552 | ---- | M] () -- C:\WINDOWS\System32\perfh014.dat
[2012/06/14 02:02:03 | 000,080,056 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/14 02:02:03 | 000,044,398 | ---- | M] () -- C:\WINDOWS\System32\perfc014.dat
[2012/06/14 01:58:23 | 000,031,550 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2012/06/12 16:33:30 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/12 14:41:38 | 000,002,259 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Skype.lnk
[2012/06/05 20:13:07 | 000,000,459 | ---- | M] () -- C:\Documents and Settings\N4bc4k3\server.properties
[2012/06/01 20:52:37 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf

========== Files Created - No Company Name ==========

[2012/06/23 20:52:08 | 000,033,508 | RHS- | C] () -- C:\ppbjj.exe
[2012/06/23 20:22:01 | 000,678,758 | ---- | C] () -- C:\Documents and Settings\N4bc4k3\Skrivebord\Ny Punktgrafikkbilde.bmp
[2012/06/23 17:13:07 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/06/23 17:13:05 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/06/23 17:12:07 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/06/23 17:12:07 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/06/23 17:12:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/06/23 17:12:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/06/23 17:12:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/06/23 03:46:05 | 007,475,200 | ---- | C] () -- C:\WINDOWS\System32\rmslt.nt
[2012/06/23 03:46:05 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\rmslt.lst
[2012/06/23 02:15:52 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\N4bc4k3\Skrivebord\Spybot - Search & Destroy.lnk
[2012/06/22 19:03:13 | 000,000,645 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Malwarebytes Anti-Malware.lnk
[2012/06/22 17:30:42 | 000,008,326 | ---- | C] () -- C:\Documents and Settings\N4bc4k3\.recently-used.xbel
[2012/06/21 18:35:25 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\housecall.guid.cache
[2012/06/16 22:38:09 | 000,436,824 | ---- | C] () -- C:\AnalysisLog.sr0
[2012/06/14 01:58:23 | 000,031,550 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/04/20 19:52:23 | 000,013,195 | ---- | C] () -- C:\Documents and Settings\N4bc4k3\lol.jpg
[2012/04/15 20:43:46 | 000,000,084 | ---- | C] () -- C:\Documents and Settings\N4bc4k3\appletfile.props
[2012/04/02 00:35:07 | 000,000,030 | ---- | C] () -- C:\WINDOWS\CTWave32.ini
[2012/04/02 00:31:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2012/02/16 18:31:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/10 22:58:43 | 000,000,459 | ---- | C] () -- C:\Documents and Settings\N4bc4k3\server.properties
[2012/02/10 21:26:34 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/31 01:05:23 | 002,469,760 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2011/12/31 01:05:23 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2011/12/31 01:05:23 | 000,019,840 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2011/12/31 01:05:23 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2011/12/31 01:05:23 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2011/12/30 19:00:18 | 000,001,428 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2011/12/30 04:13:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/12/30 04:13:30 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/12/30 04:13:29 | 000,243,168 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/12/30 04:13:29 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/12/30 03:03:31 | 000,011,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsUpIO.sys
[2011/12/30 03:02:46 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/12/30 03:02:29 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2011/12/30 03:02:29 | 000,011,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2011/12/30 03:02:28 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2011/12/30 03:02:28 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2011/12/30 02:41:28 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\fusioncache.dat
[2011/12/30 02:31:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/12/30 02:28:07 | 000,021,704 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/12/30 02:20:31 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/12/30 02:19:17 | 000,193,776 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/15 05:22:14 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\jamvoxdevice.dll
[2011/11/09 23:39:44 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011/11/09 23:39:32 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll

========== LOP Check ==========

[2011/12/30 03:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Agnitum
[2011/12/30 04:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\DAEMON Tools Lite
[2011/12/30 19:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\DriverGenius
[2011/12/30 18:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Easy Driver Pro
[2012/04/12 19:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Electronic Arts
[2012/06/23 16:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\PMB Files
[2012/03/02 21:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\VOX
[2011/12/30 18:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/06/11 21:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\.minecraft
[2011/12/30 03:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\Agnitum
[2012/06/23 13:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\Azureus
[2012/06/23 13:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\DAEMON Tools Lite
[2012/04/25 21:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\foobar2000
[2012/06/16 15:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\gtk-2.0
[2012/03/24 18:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\Kalypso Media
[2012/06/10 01:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\Leadertech
[2011/12/30 21:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\LolClient
[2012/05/24 16:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\LolClient2
[2012/01/28 15:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\minecraft
[2012/04/12 20:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\Need for Speed World
[2012/02/14 20:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\OpenOffice.org
[2012/05/15 23:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\Spotify
[2012/02/01 19:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\Unity
[2012/04/21 01:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\VOX
[2011/12/30 19:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\Windows Desktop Search
[2012/06/16 20:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\Windows Search

========== Purity Check ==========



< End of report >

[Essexboy]

OK lets check it out ... You may need to reinstall some programmes once I am sure that the infection is dead. This run will clear all the old restore points to ensure that they are not being held there



Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot


Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  [2012/06/23 20:52:08 | 000,033,508 | RHS- | C] () -- C:\ppbjj.exe
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CLEARALLRESTOREPOINTS]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Re-run Sality killer, this time it should be a very fast run

NEXT

Delete aswMBR from the desktop
Download a fresh copy
Run aswMBR - is it still reporting Sality ?

[nabcake]

OTL custom fix log:

All processes killed
========== OTL ==========
C:\ppbjj.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP-konfigurasjon
DNS Resolver-bufferen ble tømt.
C:\Documents and Settings\N4bc4k3\Mine dokumenter\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\N4bc4k3\Mine dokumenter\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 0 bytes

User: N4bc4k3
->Temp folder emptied: 2001 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 50007369 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1258 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 48.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.0 log created on 06242012_144238

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL quick scan:

OTL logfile created on: 6/24/2012 2:50:50 PM - Run 5
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Documents and Settings\N4bc4k3\Mine dokumenter\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: USA | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.63% Memory free
3.85 Gb Paging File | 3.14 Gb Available in Paging File | 81.67% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programfiler
Drive C: | 29.29 Gb Total Space | 13.12 Gb Free Space | 44.78% Space Free | Partition Type: NTFS
Drive D: | 203.58 Gb Total Space | 26.62 Gb Free Space | 13.08% Space Free | Partition Type: NTFS
Drive E: | 2.83 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: N4B-C4K3 | User Name: N4bc4k3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/24 14:22:09 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\N4bc4k3\Mine dokumenter\Downloads\OTL.exe
PRC - [2012/06/23 23:08:31 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- D:\Programfiler\Winamp\winampa.exe
PRC - [2012/06/23 23:08:12 | 000,163,944 | ---- | M] (NVIDIA Corporation) -- C:\Programfiler\NVIDIA Corporation\Raid\nvraidservice.exe
PRC - [2012/06/23 23:04:26 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Programfiler\steam\Steam.exe
PRC - [2012/06/16 22:16:55 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programfiler\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- d:\Programfiler\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- d:\Programfiler\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/10/24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Programfiler\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- D:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 18:22:49 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/23 23:05:26 | 020,313,384 | ---- | M] () -- D:\Programfiler\steam\bin\libcef.dll
MOD - [2012/06/23 23:05:08 | 000,895,312 | ---- | M] () -- D:\Programfiler\steam\bin\chromehtml.dll
MOD - [2012/06/23 23:05:07 | 000,123,192 | ---- | M] () -- D:\Programfiler\steam\bin\avutil-51.dll
MOD - [2012/06/23 23:05:06 | 001,099,576 | ---- | M] () -- D:\Programfiler\steam\bin\avcodec-53.dll
MOD - [2012/06/23 23:05:06 | 000,190,776 | ---- | M] () -- D:\Programfiler\steam\bin\avformat-53.dll
MOD - [2012/06/16 22:16:54 | 002,042,848 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\mozjs.dll
MOD - [2012/06/14 15:54:34 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/14 11:35:42 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/14 11:35:32 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/14 02:01:49 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/05/10 15:38:28 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/10 15:38:22 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012/05/10 15:36:22 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/10 15:32:56 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/10 15:32:41 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/12/30 19:32:52 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_no_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2011/12/30 19:32:51 | 000,286,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_no_b77a5c561934e089\mscorlib.resources.dll
MOD - [2011/11/09 22:45:32 | 000,270,336 | ---- | M] () -- C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programfiler\Fellesfiler\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programfiler\Fellesfiler\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/16 13:22:12 | 000,014,848 | ---- | M] () -- C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/06/23 23:32:42 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programfiler\Fellesfiler\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012/06/16 22:16:55 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programfiler\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/20 13:47:31 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/19 18:03:24 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Programfiler\Fellesfiler\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- d:\Programfiler\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Programfiler\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\JamDRV.sys -- (JAMVOX_AA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\JamWdm.sys -- (JAMVOX_01)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/09 10:57:28 | 000,024,328 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2012/01/15 19:57:22 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/12/14 17:13:56 | 000,105,416 | ---- | M] (CEntrance, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jamvox.sys -- (JamVOXUSBAudioSrv)
DRV - [2011/11/10 05:42:12 | 007,493,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/10/17 19:40:22 | 000,100,368 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2011/07/29 14:54:56 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 14:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/06/15 15:22:28 | 000,284,632 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afwcore.sys -- (afwcore)
DRV - [2011/06/15 15:21:12 | 000,084,312 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Filt\VBFilt.dll -- (VBFilt)
DRV - [2011/06/15 15:21:10 | 000,078,656 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Filt\ASWFilt.dll -- (ASWFilt)
DRV - [2011/06/15 15:21:04 | 000,764,880 | ---- | M] (Agnitum Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SandBox.sys -- (SandBox)
DRV - [2011/05/19 16:55:28 | 000,103,512 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2011/03/28 19:55:54 | 000,032,472 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afw.sys -- (afw)
DRV - [2011/02/02 18:04:22 | 000,242,040 | ---- | M] (VirusBuster Kft.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBEngNT.sys -- (VBEngNT)
DRV - [2010/03/18 21:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2010/03/18 21:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010/03/18 21:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010/03/18 21:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/03/18 21:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/03/18 21:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/03/18 21:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/03/18 21:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/03/18 21:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2010/03/18 21:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/03/18 21:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)
DRV - [2010/03/18 21:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2010/03/18 21:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)
DRV - [2010/03/18 21:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2010/03/18 21:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)
DRV - [2010/03/18 21:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2010/03/18 21:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX.SYS)
DRV - [2010/03/18 21:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2009/08/04 11:28:18 | 000,011,296 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2009/07/06 11:48:02 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2008/11/12 17:58:38 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2008/04/13 20:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/10/12 17:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/09/12 04:45:38 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/09/12 04:45:36 | 000,057,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/08/22 03:24:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/13 11:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programfiler\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2504091
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programfiler\ITunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programfiler\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programfiler\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programfiler\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Programfiler\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programfiler\Mozilla Firefox\components [2012/06/16 22:16:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programfiler\Mozilla Firefox\plugins [2012/06/21 19:38:00 | 000,000,000 | ---D | M]

[2012/04/06 14:03:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\N4bc4k3\Programdata\Mozilla\Extensions
[2012/06/23 03:41:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\N4bc4k3\Programdata\Mozilla\Firefox\Profiles\3v9gbb6i.default\extensions
[2012/06/21 19:38:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programfiler\Mozilla Firefox\extensions
[2011/12/31 00:46:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programfiler\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/21 19:38:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Programfiler\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/06/23 03:41:12 | 000,017,212 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\N4BC4K3\PROGRAMDATA\MOZILLA\FIREFOX\PROFILES\3V9GBB6I.DEFAULT\EXTENSIONS\[email protected]
[2012/06/16 22:16:56 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programfiler\mozilla firefox\components\browsercomps.dll
[2011/12/09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programfiler\mozilla firefox\plugins\npwachk.dll
[2012/06/16 22:16:52 | 000,002,252 | ---- | M] () -- C:\Programfiler\mozilla firefox\searchplugins\bing.xml
[2012/06/16 22:16:52 | 000,002,040 | ---- | M] () -- C:\Programfiler\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programfiler\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Programfiler\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programfiler\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programfiler\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programfiler\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Java™ Platform SE 6 U33 (Enabled) = C:\Programfiler\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Programfiler\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Programfiler\ITunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/24 14:42:40 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Programfiler\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programfiler\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programfiler\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programfiler\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Programfiler\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Programfiler\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] d:\Programfiler\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\Programfiler\NVIDIA Corporation\Raid\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] d:\Programfiler\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programfiler\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] d:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] D:\Programfiler\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutoRun: NoDriveTypeAutoRun = 177
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Outpost Security Suite Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - d:\Programfiler\Agnitum\Outpost Security Suite Pro\ie_bar.dll (Agnitum Ltd.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programfiler\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programfiler\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\Programfiler\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programfiler\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{184F38BC-3F79-4D10-AC91-2C8313224FB3}: DhcpNameServer = 192.168.10.1 192.168.10.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programfiler\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Min gjeldende hjemmeside) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programfiler\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/30 02:29:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/24 14:04:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/06/24 13:42:46 | 004,566,424 | R--- | C] (Swearware) -- C:\Documents and Settings\N4bc4k3\Skrivebord\ComboFix.exe
[2012/06/23 22:24:37 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\N4bc4k3\Skrivebord\aswMBR.exe
[2012/06/23 17:13:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/06/23 17:12:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/06/23 17:12:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/06/23 17:12:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/06/23 17:12:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/06/23 17:11:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/23 17:11:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\N4bc4k3\Start-meny\Programmer\Administrative verktøy
[2012/06/23 17:11:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/06/23 16:48:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/23 13:00:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\N4bc4k3\Siste
[2012/06/23 12:16:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2012/06/23 02:15:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Programmer\Spybot - Search & Destroy
[2012/06/22 19:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N4bc4k3\Programdata\Malwarebytes
[2012/06/22 19:03:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Programmer\Malwarebytes' Anti-Malware
[2012/06/22 19:03:12 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/22 19:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Programdata\Malwarebytes
[2012/06/21 19:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Programdata\McAfee
[2012/06/21 19:05:07 | 000,000,000 | ---D | C] -- C:\Programfiler\Emsisoft HiJackFree
[2012/06/21 18:54:45 | 000,000,000 | ---D | C] -- C:\Programfiler\Emsisoft Anti-Malware
[2012/06/21 18:54:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N4bc4k3\Mine dokumenter\Anti-Malware
[2012/06/17 13:28:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N4bc4k3\Mine dokumenter\Thief - Deadly Shadows
[2012/06/17 13:27:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Programmer\Eidos
[2012/06/16 22:42:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N4bc4k3\Mine dokumenter\FIFA 10
[2012/06/16 20:32:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N4bc4k3\Programdata\Windows Search
[2012/06/10 01:37:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N4bc4k3\Mine dokumenter\FIFA 11
[2012/06/10 01:23:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Programmer\EA Sports
[2012/06/10 01:12:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N4bc4k3\Programdata\Leadertech
[2012/06/05 20:20:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N4bc4k3\Skrivebord\Ny mappe

========== Files - Modified Within 30 Days ==========

[2012/06/24 14:48:13 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/24 14:47:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/24 14:45:41 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000007-00001102-00000004-10071102}.rfx
[2012/06/24 14:45:41 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000007-00001102-00000004-10071102}.rfx
[2012/06/24 14:45:41 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000007-00001102-00000004-10071102}.rfx
[2012/06/24 14:45:41 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000007-00001102-00000004-10071102}.rfx
[2012/06/24 14:45:41 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000007-00001102-00000004-10071102}.rfx
[2012/06/24 14:42:40 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/06/24 14:23:15 | 000,164,134 | ---- | M] () -- C:\Documents and Settings\N4bc4k3\Skrivebord\salitykiller(2).zip
[2012/06/24 13:43:08 | 004,566,424 | R--- | M] (Swearware) -- C:\Documents and Settings\N4bc4k3\Skrivebord\ComboFix.exe
[2012/06/24 13:24:57 | 000,678,758 | ---- | M] () -- C:\Documents and Settings\N4bc4k3\Skrivebord\Ny Punktgrafikkbilde.bmp
[2012/06/23 22:24:41 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\N4bc4k3\Skrivebord\aswMBR.exe
[2012/06/23 18:34:23 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000007-00001102-00000004-10071102}.CDF
[2012/06/23 17:13:07 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/06/23 16:45:04 | 000,001,076 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012/06/23 16:45:04 | 000,001,076 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012/06/23 03:46:05 | 007,475,200 | ---- | M] () -- C:\WINDOWS\System32\rmslt.nt
[2012/06/23 03:46:05 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\rmslt.lst
[2012/06/23 02:15:52 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\N4bc4k3\Skrivebord\Spybot - Search & Destroy.lnk
[2012/06/23 00:08:27 | 000,000,102 | ---- | M] () -- C:\index.ini
[2012/06/22 19:03:14 | 000,000,645 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Malwarebytes Anti-Malware.lnk
[2012/06/22 17:30:42 | 000,008,326 | ---- | M] () -- C:\Documents and Settings\N4bc4k3\.recently-used.xbel
[2012/06/21 18:35:25 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\housecall.guid.cache
[2012/06/16 22:38:17 | 000,436,824 | ---- | M] () -- C:\AnalysisLog.sr0
[2012/06/14 11:32:51 | 000,193,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/14 02:02:03 | 000,482,108 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/14 02:02:03 | 000,315,552 | ---- | M] () -- C:\WINDOWS\System32\perfh014.dat
[2012/06/14 02:02:03 | 000,080,056 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/14 02:02:03 | 000,044,398 | ---- | M] () -- C:\WINDOWS\System32\perfc014.dat
[2012/06/14 01:58:23 | 000,031,550 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2012/06/12 16:33:30 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/12 14:41:38 | 000,002,259 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Skype.lnk
[2012/06/05 20:13:07 | 000,000,459 | ---- | M] () -- C:\Documents and Settings\N4bc4k3\server.properties
[2012/06/01 20:52:37 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf

========== Files Created - No Company Name ==========

[2012/06/24 14:23:14 | 000,164,134 | ---- | C] () -- C:\Documents and Settings\N4bc4k3\Skrivebord\salitykiller(2).zip
[2012/06/23 20:22:01 | 000,678,758 | ---- | C] () -- C:\Documents and Settings\N4bc4k3\Skrivebord\Ny Punktgrafikkbilde.bmp
[2012/06/23 17:13:07 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/06/23 17:13:05 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/06/23 17:12:07 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/06/23 17:12:07 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/06/23 17:12:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/06/23 17:12:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/06/23 17:12:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/06/23 03:46:05 | 007,475,200 | ---- | C] () -- C:\WINDOWS\System32\rmslt.nt
[2012/06/23 03:46:05 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\rmslt.lst
[2012/06/23 02:15:52 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\N4bc4k3\Skrivebord\Spybot - Search & Destroy.lnk
[2012/06/22 19:03:13 | 000,000,645 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Malwarebytes Anti-Malware.lnk
[2012/06/22 17:30:42 | 000,008,326 | ---- | C] () -- C:\Documents and Settings\N4bc4k3\.recently-used.xbel
[2012/06/21 18:35:25 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\housecall.guid.cache
[2012/06/16 22:38:09 | 000,436,824 | ---- | C] () -- C:\AnalysisLog.sr0
[2012/06/14 01:58:23 | 000,031,550 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/04/20 19:52:23 | 000,013,195 | ---- | C] () -- C:\Documents and Settings\N4bc4k3\lol.jpg
[2012/04/15 20:43:46 | 000,000,084 | ---- | C] () -- C:\Documents and Settings\N4bc4k3\appletfile.props
[2012/04/02 00:35:07 | 000,000,030 | ---- | C] () -- C:\WINDOWS\CTWave32.ini
[2012/04/02 00:31:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2012/02/16 18:31:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/10 22:58:43 | 000,000,459 | ---- | C] () -- C:\Documents and Settings\N4bc4k3\server.properties
[2012/02/10 21:26:34 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/31 01:05:23 | 002,469,760 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2011/12/31 01:05:23 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2011/12/31 01:05:23 | 000,019,840 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2011/12/31 01:05:23 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2011/12/31 01:05:23 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2011/12/30 19:00:18 | 000,001,428 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2011/12/30 04:13:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/12/30 04:13:30 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/12/30 04:13:29 | 000,243,168 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/12/30 04:13:29 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/12/30 03:03:31 | 000,011,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsUpIO.sys
[2011/12/30 03:02:46 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/12/30 03:02:29 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2011/12/30 03:02:29 | 000,011,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2011/12/30 03:02:28 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2011/12/30 03:02:28 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2011/12/30 02:41:28 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\fusioncache.dat
[2011/12/30 02:31:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/12/30 02:28:07 | 000,021,704 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/12/30 02:20:31 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/12/30 02:19:17 | 000,193,776 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/15 05:22:14 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\jamvoxdevice.dll
[2011/11/09 23:39:44 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011/11/09 23:39:32 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll

========== LOP Check ==========

[2011/12/30 03:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Agnitum
[2011/12/30 04:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\DAEMON Tools Lite
[2011/12/30 19:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\DriverGenius
[2011/12/30 18:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Easy Driver Pro
[2012/04/12 19:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Electronic Arts
[2012/06/23 16:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\PMB Files
[2012/03/02 21:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\VOX
[2011/12/30 18:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/06/11 21:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\.minecraft
[2011/12/30 03:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\Agnitum
[2012/06/23 13:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\Azureus
[2012/06/23 13:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\DAEMON Tools Lite
[2012/04/25 21:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\foobar2000
[2012/06/16 15:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\gtk-2.0
[2012/03/24 18:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\Kalypso Media
[2012/06/10 01:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\Leadertech
[2011/12/30 21:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\LolClient
[2012/05/24 16:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\LolClient2
[2012/01/28 15:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\minecraft
[2012/04/12 20:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\Need for Speed World
[2012/02/14 20:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\OpenOffice.org
[2012/05/15 23:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\Spotify
[2012/02/01 19:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\Unity
[2012/04/21 01:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\VOX
[2011/12/30 19:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\Windows Desktop Search
[2012/06/16 20:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N4bc4k3\Programdata\Windows Search

========== Purity Check ==========



< End of report >

[Essexboy]

Looking at that initial log I feel we may be at the repair stage now

So after the other two runs could you compile a list of problems and we will tackle them

[nabcake]

ok, here is the deal, i fear it might take a bit to fix the problems.

* I ran satilitykiller - all was clean
* I ran aswMBR it detected some satility infections, but before finishing it crashed, screen cap as attachment.
* CCleaner still gets the same error when running, screen cap attached

Partial aswrMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-24 15:34:10
-----------------------------
15:34:10.812 OS Version: Windows 5.1.2600 Service Pack 3
15:34:10.812 Number of processors: 1 586 0x4F02
15:34:10.828 ComputerName: N4B-C4K3 UserName: N4bc4k3
15:34:11.812 Initialize success
15:35:15.062 AVAST engine defs: 12062400
15:35:46.843 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
15:35:46.843 Disk 0 Vendor: SAMSUNG_SP2514N VF100-33 Size: 238475MB BusType: 3
15:35:46.859 Disk 0 MBR read successfully
15:35:46.859 Disk 0 MBR scan
15:35:46.906 Disk 0 Windows XP default MBR code
15:35:46.906 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 29996 MB offset 63
15:35:46.921 Disk 0 Partition - 00 0F Extended LBA 208468 MB offset 61432560
15:35:46.937 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 208468 MB offset 61432623
15:35:46.937 Disk 0 scanning sectors +488376000
15:35:47.046 Disk 0 scanning C:\WINDOWS\system32\drivers
15:35:58.218 Service scanning
15:36:13.328 Modules scanning
15:36:18.437 Disk 0 trace - called modules:
15:36:18.453 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:36:18.453 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a75aab8]
15:36:18.453 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\0000007d[0x8a6e3f18]
15:36:18.453 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-3[0x8a76cd98]
15:36:18.578 AVAST engine scan C:\WINDOWS
15:36:23.671 AVAST engine scan C:\WINDOWS\system32
15:39:39.015 AVAST engine scan C:\WINDOWS\system32\drivers
15:39:54.046 AVAST engine scan C:\Documents and Settings\N4bc4k3
15:40:11.906 File: C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\17.0.963.56\chrome_updater.exe **INFECTED** Win32:Sality
15:40:21.171 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\N4bc4k3\Skrivebord\MBR.dat"
15:40:21.312 The log file has been saved successfully to "C:\Documents and Settings\N4bc4k3\Skrivebord\aswMBR.txt"
15:40:40.718 File: C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Unity\WebPlayer\Uninstall.exe **INFECTED** Win32:Sality
15:41:49.250 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\N4bc4k3\Skrivebord\MBR.dat"
15:41:49.265 The log file has been saved successfully to "C:\Documents and Settings\N4bc4k3\Skrivebord\aswMBR.txt"

Attached Thumbnails

• 

Attached Files

•  aswrmbr error.bmp   324.9KB   190 downloads
•  ccleaner error.bmp   158.62KB   200 downloads

[Essexboy]

OK I will kill those that aswMBR found. You will need to reinstall CrapCleaner

Next we will run a file validity check, do you have a windows CD or is there a i386 folder on the c drive ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}
  C:\Documents and Settings\N4bc4k3\Lokale innstillinger\Programdata\Unity\WebPlayer
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[nabcake]

yes, i have windows cd somewhere, might take a bit to find it tho, and no i386 on c:\

here is the log form OTL fix

All processes killed
========== OTL ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP-konfigurasjon
DNS Resolver-bufferen ble tømt.
C:\Documents and Settings\N4bc4k3\Mine dokumenter\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\N4bc4k3\Mine dokumenter\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes

User: N4bc4k3
->Temp folder emptied: 74855534 bytes
->Temporary Internet Files folder emptied: 68185 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 40600765 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 566 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
RecycleBin emptied: 7816 bytes

Total Files Cleaned = 110.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.0 log created on 06242012_161141

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[Essexboy]

OK once you can grab a CD do the following

Go Start > Run

Type in the following command :

sfc /scannow

This will check the status of all windows files and if it needs to replace some it will ask for the CD. If you currently do not have the CD then make a note of the file names and I will get some copies from my VM

[nabcake]

sfc /scannow doesn't give any file names, just a message about inserting win xp disc. SO ill have to find that cd, it may take some time.

But it seems that all services, rootkits autoruns and registry keys are gone, i think i have the knowledge to fix the rest myself, so feel free to close this thread and help others who need it

Thank you again essexboy for all the help i got from you,i am quite impresses over your knowledge, was almost certain i had to reinstall windows, which would be quite troublesome (got a couple audio programs, and licensing may be hard to obtain from producer)
you're the man

Edited by nabcake, 24 June 2012 - 04:10 PM.

[Essexboy]

I will leave it open for a day or so in case you need any help. If it should be closed then just PM me

Below are the destructions for remove my tools cleanly. Sality Killer and aswMBR can just be deleted from the desktop

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :Commands
  [resethosts]
  [emptytemp]
  [CLEARALLRESTOREPOINTS]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

• Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
• In the Run box, type in ComboFix /Uninstall
  (Notice the space between the "x" and "/")
  then click OK
  
  
  
• Follow the prompts on the screen
• A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Do not show hidden files and folders.
• Click Yes to confirm.
• Click OK.

Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

• Go to this site and click Do I have Java
• It will check your current version and then offer to update to the latest version

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe

[Essexboy]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.