Google redirects (webhp?emsg=)

Inactive
By GuruX
Aug 6, 2011
Topic Status:
Not open for further replies.
  1. Hello!

    Here I go. Got that strange thing that redirects me back to Google search. Is there a name for this virus?

    Protection is Microsoft Security Essentials and Lavasoft Ad-aware

    --------------------------------------------------------------------------
    MALWAREBYTES (Yes, the malwarebytes scan is the latest one in time. But the first one was in my local language and not english. That's why I rescanned, same output though)


    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7393

    Windows 6.1.7600
    Internet Explorer 9.0.8112.16421

    2011-08-06 22:20:24
    mbam-log-2011-08-06 (22-20-24).txt

    Scan type: Quick scan
    Objects scanned: 201420
    Time elapsed: 52 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    ----------------------------------------------------------------------------------------------------------
    GMER

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-08-06 18:09:35
    Windows 6.1.7600
    Running: htubqnw6.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export ???w?????|???????????????????????????????e???????????????????????????????????????%?????e?%??255.0.0.0???text????????????????? ???????v???????????f??????????????????????system32\DRIVERS\intelsmb.sys????????v?????????????????????????????????????????????????v??????<??v????????h?????failover????Modem???????????text????tunnel?F-4??????????????????????????????????????????????? ???????n?????v?????v?0????????J???????s?????J??v?????????e????@%SystemRoot%\system32\samsrv.dll,-1??????4??v??????p???MS_WindowsLocalValidation??????v??????@??v????????h??????v??????????????%SystemRoot%\system32\lsass.exe???????J??v?????????n????@%SystemRoot%\system32\samsrv.dll,-2????RPCSS???????? ???v??????????????LocalSystem??????????????????????????????v??????????????????????t??????? ????????????v?v?v?v?v?v?v?v?v???????v???????????e??? ???????v???????????v?0????????????????????????????0????????????????`???????????????????? ????????????????????? ???????????????????? ???????n???????????u??????????T???????????????????????t??????????????????
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158315a1ef
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158315a1ef@00254869473f 0xBF 0x1C 0x5A 0x07 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158315a1ef@3cf72a2b0849 0x66 0x84 0x61 0xB5 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ????????Microsoft 6to4 Adapter Driver???? ???????????????????m??????????"??? ???????????? ??????? ??????????? "????????????8B4??ndis5_ip6_tunnel?3???????????}???????????????????h??????????*6to4mp??E??? ????????????????????????????????????????????s?????? ??!???????????x?????6?????????????16??Microsoft 6to4 Adapter #33?6?2???????????3???????0??? ?? ????????????8????6??????T??????3???Microsoft 6to4 Adapter #32?t#*???????????#???????8??????????????????????????????nettun.inf??????? ?????????????????????0??L????????? ???????????? ?????????????????????0????????????&???????????????????????? ?????????????????????0????????????????????????????? ???????????????????o?0?????????????????????????????????????l??wn??????????????????????machine.inf??C???????????????????????????????????????????????_?????????????Z?????????????????????????????????5??????????? ???????????????????k?0??????*?8??? ???????? ??????????????????????????Local Area Connection* 1080??D???????????d??????6_???????;)??????????????????????????j??????l?????`????
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ????????????????????????? ???w???e?????p????? ???y???t??????????Net?????????????????????????USB?e??????????????????????????????????????????{???{????v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|App=System|Name=@FirewallAPI.dll,-25352|Desc=@FirewallAPI.dll,-25358|EmbedCtxt=@FirewallAPI.dll,-25000|??????????????*6to4mp??&??????????tunnel?:6.????????????N?????? ????D?????*6to4mp??e???????a??????????????????????????*6to4mp??o????X?????????????v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=143:*|RA6=LocalSubnet|Name=@FirewallAPI.dll,-25076|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|?????????????ATDT*99#?????????????????????????????????????????B??????????????????????????????????????????tunnel?8}???????????????????? ???z???????????????z??????????????v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25304|Desc=@FirewallAPI.dll,-25306|EmbedCtxt=@FirewallAPI.dll,-25000|???v2.10|Action=Allow|Acti
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ????????input.inf???? ???????n?????s?????s????????$?`?????????????H??s?????????e????@%SystemRoot%\system32\kmsvc.dll,-6???????Z??s????????h?????%SystemRoot%\System32\svchost.exe -k netsvcs??????H??s?????????n????@%SystemRoot%\system32\kmsvc.dll,-7?????? ???s??????????????????????????????????????????????t??????s?????s?s?s?????? ????????????????s???????????e????,??s????????????????????????????????????`??s??????????????????SeChangeNotifyPrivilege?SeImpersonatePrivilege???????s?s?s?s?s?s?s?s?s?s?s??????????????????????????? ???????s???????????s?,??????,?@??? ???????????? @??s??????????????%SystemRoot%\system32\kmsvc.dll?????????????????????????????? ???????n?????s?????s????$???$???????????????r??????????s????????h?????%SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted?????P??s?????????n????@%SystemRoot%\System32\ListSvc.dll,-101??????????????????????????s???????????e???s?s?s?s?s??@%SystemRoot%\System32\ListSvc.dll,-100????????????????????????????? ????????????s?s?s??????????LanmanServer????? ???s?
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ??????????6??????1??????3?????X??????e??????????????????????????????int??????????????????????????????z???????e??????????Net?????tunnel??? ??8&109f0e1c&0?3????X??????????t????N???????????D??|???????_???s???????????????????????????????????????????????????????????????????????????????????W??????s????????????$???????n???????????????????????$????????????????????????????????N?????????????????{4d36e972-e325-11ce-bfc1-08002be10318}??????Type?:????????????????????X??????????t??? ???????????????????????????y????????:????????g????????????sb??????so???????k???7??s}??????90??????? ??????{745a17a0-74d3-11d0-b6fe-00a0c90f57da}\0009??????????????????????????????6??.7??{4d36e972-e325-11ce-bfc1-08002be10318}??????????????????$???4????? ??????? ??????????????????????????????????????????????????????? ??????????? ??????????? ??????????????? ???&????C???????B??????`????????????????????H???????????????????????????B???????????K???B?????????????????????????? ????F???F?????????? ??????????? ????????????F??????F??????,?????????n???????
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ????t?????@??{??? ????h?????viahduaa.sys?????????e???????e??????????Bluetooth????????????????????.???????????????????????z??????????????P???????????????z????{?{?{?{?????z??????????????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|Name=@FirewallAPI.dll,-29007|Desc=@FirewallAPI.dll,-29010|EmbedCtxt=@FirewallAPI.dll,-29002|????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|?????????????????t????z???????????????0???z???????|??*6to4mp?????????????MBRES???*PNP0600?????z??????S????????????z??????????????????????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|Name=@FirewallAPI.dll,-29003|Desc=@FirewallAPI.dll,-29006|EmbedCtxt=@FirewallAPI.dll,-29002|??????????z?????????
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ?????????????????????????I???O????2?????????????????????sun_VBoxNetFltmp????????????????????????????????????????ar????????????????????>????????g?????????????????????????0???????????g??????????? $??????"?????C32??9&aaa7c05&0??????????????????????????????????????????????f???????????????????n???e????x???????????h??????????????????????????k???????e???????????T?????s_{???????????????????????????????k????????X??????0???e??Logitech??????????????????*?????????????? &??????1?????7f6??????????????????????????????????????????eu?????f??????????????????N??????4?????D,4????????????????????N?????????????????????????????????????????????-5??? f?????????????????????6A????2??????????????????????1??????????????a???????6A????????????????????????????????2?????????????????????????????????????????????????????????.NT??????????????????????????????????????????|???????????????????e???????????v???\??????????????????????????????????????????????????????????????????????01???????????????????????????????f???????????????????-??d0?????????????
    Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Bind ????????? ??????????????x?H??????????2??12(?6.1.7600.16385??13 ??????????D??-AH??????????-??77(?6.1.7600.16385?13E???????-??77??Microsoft 6to4 Adapter????(?6.1.7600.16385????????????????????@???N??????????? ?????????????????Logitech????????l?????????????????????????????????????????????~??????7??77 ??????????????? ??????????8??3A ???.??????????????????????????????}????????????????????????????????????????????????????8?Microsoft 6to4 Adapter????H??????????2??12(?nettun.inf??????12??????????? ?????????????????????0????????????????????? ?????????????????????0?????????????????? ?????????? ??????????????? ?????????????????????0???????????????????????????????????e?e??? ?????????????????????0??????????????????@?Microsoft 6to4 Adapter??????ed??????????? ?????????????????????0????????????&???????????????????????? ?????????????????????0????????????????????????????? ?????????????????????0??????????????????@???~??????2??5D ??????????6??64??????????? ?????????????????????0????????????????????? ?????????????????????0???????
    Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Route ???2?3???????????,????????????<??,?????????? ???? ???????:???????????:???????????????????e?????,???:?????&??NetBIOS?????5532?????????????????????????????(??????P???????W????(??????P???????W??????????????????????????????? ??????????? ??????????? ??????????? ???????P???????W???????P???????W??????????:?,???????????????? ??(??????P???????W????(??????P???????W??????????????????????????????? ??????????? ??????????? ??????????? ????(??????P????????????(??????P????????????????????????????????,?????????????????????????? ??????????? ????????????????????????????????????????????(??????P????????????(??????P????????????????????????????????,???(??????P???gsrvctr.ini?????5660???????,?,???????????????? ??(??????P???????W????(??????P???????W??????????????????????????????? ??????????? ??????????? ??????????? ????(??????P????????????(??????P???????????????P???????W???????P???????W??????????,?,???????????????????(??????P???????W????(??????P???????W??????????????????????????????? ??????????? ??????????? ??????????? ??????????????
    Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Export ???????????????????????????6TO4 Adapteronnection* 15????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????,Microsoft 6to4 Adapter????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Bind ???k?s???????????D??????\i???f?k?k?k?????????????????????6&??????l?l????? ???????j?????d?????k????????????/? ???????I???????????????????????? ???????k??????????????????????N????????????? ??e???p???e???l?los???k???????????????3???k???????k???????????l?l???????????????????k?&??DiskDrive???????????? ???????????k??????s???LegacyDriver????????????????????????rdbss????????????????????????????????????k???k?k?k?k?????????k???k???????????????????k??Btcsrusb?????????????e??|N??mrxsmb???????????????o??In???k???k?????????????g???????????????????s`????l?l?k????????????>??k?????g?????????????????0????6??o??????????????????S????k?????????????????????????s?????????k???????e??Network?????????CC????????????X??????????}???????????????????????????????????????k????N??n???p?????Dev??.NT??g???k?k?k?k????????Ndi-Mp-Bh???? ???????j?????k?????k????????????0????????S????????????????????????? ???????k??????????????????????N???????????mrxsmb??????SbieDrv??????k???k??????????????????????????0????k?k?k?k?k???k???????????l?l???????k?&??tap
    Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Route ????2D????????????????????????8?????????????16??????????????s5???l????????N??????????????;??{4d36e96a-e325-11ce-bfc1-08002be10318}\0010??????h?W?r?w???h????????????@nettun.inf,%6to4mp.displayname%;Microsoft 6to4 Adapter?????Microsoft 6to4 Adapter???????????????n??sm??????er????????????N??????4?????D"????h?h?i?w???z?w??????????Microsoft 6to4 Adapter #76?6?2??????????????????????????PNP_TDI?????@nettun.inf,%6to4mp.displayname%;Microsoft 6to4 Adapter?pi??@nettun.inf,%6to4mp.displayname%;Microsoft 6to4 Adapter??f??? p?????????????????????????????????????????????????????????Microsoft???*6to4mp??2??nettun.inf???E??{4d36e972-e325-11ce-bfc1-08002be10318}?nst???????2??????????????7.??????ct???????????????u???????????????????E??????C9??@nettun.inf,%6to4mp.displayname%;Microsoft 6to4 Adapter?????????????.N??????????????????????????????????? ???|??????????????????so??????????????????16????????????:??????|?g?????????????????????????????3?????s57???????????"???e??????29??????????????????*isatap???????????????N??????C?????
    Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Export ?????????????w???????????????????????????e??????????????v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Public|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-32773|Desc=@FirewallAPI.dll,-32776|EmbedCtxt=@FirewallAPI.dll,-32752|?????v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-32777|Desc=@FirewallAPI.dll,-32780|EmbedCtxt=@FirewallAPI.dll,-32752|??????????????????????????????? ??????????????????????????????????????????????????usb.inf?31???????????????????s??????? ???????9?????}"?????????????????????????e?????????????????????????Type?????????????:?w?????????????????????????.??????@oem147.inf,%realtek%;Realtek?????*???????????????????????????????????????????????N???????????????????????X??????????e??????????? ?????????????????|???????????HIDClass?????????????????????????????????????e??????????????????????????????????????\\?\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1
    Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Bind ???k????? ???????i?????i??????????(????????????????????.?&??? ???????i?????i??????????4?????????????????????????? ???????i??????????????????????????????????????? ???????i???????????i????????"??????????f???????i ???????????rsas????????????????????????@???????????????@???????????????????????????????D???????????????D?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ???????? ??????????????? ? ????????????.??? ???i?????????????????????????@?????????D????????????????????? ??????? ????????? ???? ????? ? ????????????i????????? ???????i?????????????0??L????????? ??????EV_?????i???i???i????????? ???????i?????i???????0????????????&???????????????????????? ???????i?????????????0????????????????????? ???????i?????????????0????????????????????????md??????? ???????i?????????????0???????????????????????i???i???i???i????? ???????i?????????????0????????????????????? ???????i?????i???????0????????????&????????????????????8??? ???????i?????i???????0???????????
    Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Route ????!???6.1.7600.16385???????f?i?i?j?????t????????????????N??????F?????DE-????X?????????????????192.168.1.2??????????????????????????e??????Microsoft????????????????f?Z?i?z????????????????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}??????? p?????????????????????????????????*6to4mp?????????????????????????????@nettun.inf,%msft%;Microsoft????????????????????????????.NT?????*6to4mp????????i????????????????????? p??????1?????}?\??????????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?039????????????????????????????????N??????C?????Dni??{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?vic??????????????????????@nettun.inf,%msft%;Microsoft?C??????????? ??????????????x????????????????????????????1??????-A??Microsoft 6to4 Adapter #73?61D????8?????????????16?????????????????s15??????????????????????????????????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?64F??{4d36e972-e325-11ce-bfc1-08002be10318}????????:??????l?gs_??????6C??????????????????????????????????????????????????????????????????????????????????15????N??????_?????D_{??? ???????|?????s?|?
    Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Export ??????????B??????T???????????????e??oem80.inf???????????? ??????????????? ??????????????????????????????????????????????? ?????????????????????????????????? ???????&0??? ??????????????????????????????????????????????? ?????????????????????????????????? ???????&0??? ??????????????????????????????????????????????Generic USB Hub?????*6to4mp?????????????????????????????? ???????5????????????????"?????X???g????????????????????????????????????????????????????#??????????????????{00000000-0000-0000-0000-000000000000}??????4????????????r??????\M??6.1.7600.16385??????????????????????????????????? ?????????????????????0??????????????????????:??????&??????????????????????????????????? ?????????????????????0?????????????????????(N?????????????????????????????????????????? ???????-??????nC????:??????????????????????????????????????????e??????????????? ??????1???????????????????(0???????????????????????????????N?????????D???? ?????????????????????0????????????&????????????????????5??? ?????????????????????0???????????????
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBD 0xF1 0x76 0x6C ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC4 0x50 0xD1 0x7E ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3C 0x7C 0x42 0xC8 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Export ??????????????????????????????N?????????????????{CA7DBBF7-AFFC-4810-AB71-8CF8FF6FCE1D}?1?????????????????????????????????????s??@nettun.inf,%msft%;Microsoft??????6???????????????????:???????????????N???????????D??????????????????????????????????????s?u?y???????????????????????????????e???????l???"???e??Intel(R) 82801 PCI Bridge - 244E?????h?Z?i?i??????????????????8?????????????16??Microsoft?????N??????_?????D14??14??vpcbus???????????????}??01???????j??{4d36e972-e325-11ce-bfc1-08002be10318}?25C???????????????????????????????o????????N????????????D????????????Microsoft????????????????????5??????{4d36e96a-e325-11ce-bfc1-08002be10318}???????????????s???s??? ???????i?????nf:???t?t????????????ar??Microsoft 6to4 Adapter #24??????*6to4mp??|???????_??????????????????????????tunnel?1-0????????????????????:????????g??????:??????o?g?o??????????? ???????????????????????????s?????s.1???????????????????-??????02??MONITOR\DEL3016?????? ???s???7????????????N???????????D?X????????e??text?e??????????????????????9.??? ???_???,?
    Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export ???/?&????????????"???????????c????????? ????~??????????1???????????????intelppm???????????????? ???????????????0????t??Fi????N??/?????????????g????midi8?????p? V???????????/???????/?/?/???b?b?V??????????? ???????0?????/???????0???????????????????????7????1:Brightness=0.0,Contrast=1.0,Saturation=1.0,Gamma=0.0,Hue=0.0;2:Brightness=-3.0,Contrast=1.16,Saturation=1.25,Gamma=0.0,Hue=0.0;3:Brightness=-3.0,Contrast=1.07,Saturation=1.10,Gamma=0.0,Hue=0.0;4:Brightness=7.0,Contrast=1.25,Saturation=0.96,Gamma=0.0,Hue=0.0??????/?/?/???????????7?????????????g????MEDIA???????0???????????????100?????NO?64?????????????????????9??????:?:?????????????????.??????????? ???????.???????????.????????"?????????????? ?x?????????????????.?,??*??? ????? ??????????????? ??????????????/????????????????????????????? ?w?????/???????????.?,?????? ????? ???????ES?????? ????S??y???? ?x?????/?????/?????.?,?????? ?????????????????T-?????? ???????y??????? ??????????????? ???????y????????????????????????????n???/?????????????????e???????????????
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00158315a1ef (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00158315a1ef@00254869473f 0xBF 0x1C 0x5A 0x07 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00158315a1ef@3cf72a2b0849 0x66 0x84 0x61 0xB5 ...
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ???o?????????????&???o????????????????????????????4??o?????????e????RPCSS???????@%SystemRoot%\system32\qmgr.dll,-1000?????????????<??s????????h?????speedfan????@%SystemRoot%\system32\qmgr.dll,-1001????????????????????????????????e???????y??? ???????o?????o???????????????????? ???????????? ???????o????????'???????????L?????????????????????????t???????????????????????@%systemroot%\system32\browser.dll,-102?????????????????t????????????+???+???}?}?}???s?r?p????&??????????????e??NTDS????????????@%systemroot%\system32\browser.dll,-103?????CD/DVD File System Reader???cdrom.inf_amd64_neutral_8363d00ecae4322d?????????????p????2??o????????h???????????????????????"??o??????p???????????????Boot File System??????8??o????????h????????????????g??????R??o???????????d?????????????g?????????????????????o???????????????????????????????o?o?o?o?o?o??????4??o????????h??????????????????????????????????????????????????????????????????????p??????????????t???11???????q???q??Internal????????t??????????????????n????system32\DRIVERS\cd
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ???o????eF??6-21-2006????????t????D??o????????h???????????????????????????????????????????@??o?????????e????Disk Driver???????8??t???????????????????????{??System32\Drivers\dfsc.sys?????>??o?????????e??????"??s??????p????????????????s??system32\DRIVERS\CompositeBus.sys?siteBus.sys?????b??o?????????e??????4??o????????????????????(?????????p???????????????????????????????????t????????????g??????sy??????????????*6to4mp?????@%systemroot%\system32\drivers\dfsc.sys,-101????@%systemroot%\system32\drivers\dfsc.sys,-102????Brother RemovableDisk(U)?????????????????????????????????????????????{??????????????????COM25??????????o???o???o??????P??o?????????n????????????????e???system32\DRIVERS\cdfs.sys???????????????????system32\drivers\csc.sys??????????????????????????????D??p???????????e???????o???:???????????????????{??????????system32\DRIVERS\bowser.sys???????"??o??????p????????????i??t????????????????????????????????????????????????????????????????????????????????????o???????y???????????????????????????????&???o?????
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???k????????eF????0??s?????????e?????????????????????????????????q??????????????????????????????????disk?????k?k?o?s?s?l?o???????s???????????????????????????????{???y???q??????j????????u???q?q????? ???????p???????????q?,?????? ?F????????????????????????????????????q????F??q??????????????%systemroot%\system32\sdengin2.dll???????q?q????? ???????p???????????q???????? ?<????????????????g????<??q??????????????%SystemRoot%\System32\wer.dll????????????????????????q?q????? ???????p???????????q?,??????&?N?????????????????????N??q??????????????{CA4E628D-8567-4896-AB6B-835B221F373F}???????????????????????????q?q?q??? ??????????????t?????B??q?????????????e????%systemroot%\system32\tquery.dll?????q?q?q?q?q????B??q??????????????%systemroot%\system32\tquery.dll????? ???????p???????????q?,?????? ?N???+??????????????????????n??????N??q??????????????{FC6F77DD-769A-470E-BCF9-1B6555A118BE}????????????????????????????B??q??????????????%SystemRoot%\system32\wsepno.dll????? ???????p???????????q???????? ?N????????t????D??q?????????
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???k??????N??j????????????????X??k???&???&???j???m?m?k??fltmgr??????edit????{533c5b84-ec70-11d2-9505-00c04f79deaf}??????{533c5b84-ec70-11d2-9505-00c04f79deaf}\0000?????@volsnap.inf,%msft%;Microsoft???SW\{eeab7790-c514-11d1-b42b-00805fc1270e}???????? ??????????????s???{00000000-0000-0000-ffff-ffffffffffff}???????????????????j??????????? V??j??????????????enum??????N??j?????????D??????????????????????????N??k???p?????D????? ??W???????????o????????\??????s????????????:??????????????????{4d36e972-e325-11ce-bfc1-08002be10318}???????????????????j???n???k???????j???:???:??? l??m???????????????????j???????e??DiskDrive????????u??{00000000-0000-0000-0000-000000000000}????????????????<??k?????????e????????????????????????????? ???????-?????B5F??? ???????fs???????????????8??????? ?????????? ???????j?????j???????????????????????????????k?&??? ???????j?????j?? ???????"?????f????????????k?k?????????????????????k?k?????j?????j?&???????j??????????6.1.7600.16385??????????????????? ????2??j??????????Composite Bus Enumerator? ?
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ???n?????k???????????l?lNd?????k?&????t????????g????????????ms_agilevpnminiport?????{4d36e972-e325-11ce-bfc1-08002be10318}\0006??????????k???3????????????????????????????h??????????????k?l????@netavpna.inf,%msft%;Microsoft???????????e???????m???????????????????????????l??? ???????j?????k?????k????????????F??????????P???????????v??????|???? ???????k???????????k??????????b????????????????????????-??machine.inf??????-?????k?&??usbccgp??????????????????k???1???1??usbccgp??????l???????????????????k???????????????????????????????????3???????????????????????????k??????????7&3396f9b0&0?????????k???-??-2??????????6.1.7600.16385??6.????*??l???????????????????????l??????????Microsoft?????N??l????????D????????????????????s????? h??l???1?????1?1???k?l?????????????3??????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}???????k?f?k?k?i?k?l?l?k?l?l?????????m?????????#??? ???????l?????l???????0????????????&???????????????????????? ???????l?????l???????0????????????????????? ???????l???????????k?0?????????????????????????????5??????net
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???o?o???????????????<????????X?????????????????????????????????????????????????????????????? h??????B??????ot???????????????????????o??????p???????????????????????????????????system32\DRIVERS\HDAudBus.sys?DAudBus.sys?????<??s????????h??????????????????????????????????????????????????????????s?gro??*6to4mp?????????????????????????????t???Extended Base?????P??t?????????n????????????????????????????t???????????????????.NT?????????????{A05DABCF-DABF-4F82-8EC3-376408E16AEF}?ity??? ??????? ?????o?????g?5?????? ?N? ?????????????????????? ??W????:??????????????????????????????????????? ???????o?????o???????5???????????????i????? ???????o?????????????5???????????? ??????o?o??{AA4E204D-855B-4F95-9617-94C55270C8F6}?? ???? ?????????????9?????*??????????N?????????????X??????????e??? h??????:???????????o??? ???????n???????????o?,????????6?w?????4???system32\DRIVERS\EIO64.sys???????&???????p??????????????????????wpdfs.inf????????s??????????s????????????????o?????????e????????? ??????? ?????o?????f?5?????? ?N??????????????
    Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Bind ???q?q??*6to4mp??|???????????????q???????:?????k????????eF????0??s?????????e?????????????????????????????????q??????????????????????????????????disk?????k?k?o?s?s?l?o???????s???????????????????????????????{???y???q??????j????????u???q?q????? ???????p???????????q?,?????? ?F????????????????????????????????????q????F??q??????????????%systemroot%\system32\sdengin2.dll???????q?q????? ???????p???????????q???????? ?<????????????????g????<??q??????????????%SystemRoot%\System32\wer.dll????????????????????????q?q????? ???????p???????????q?,??????&?N?????????????????????N??q??????????????{CA4E628D-8567-4896-AB6B-835B221F373F}???????????????????????????q?q?q??? ??????????????t?????B??q?????????????e????%systemroot%\system32\tquery.dll?????q?q?q?q?q????B??q??????????????%systemroot%\system32\tquery.dll????? ???????p???????????q?,?????? ?N???+??????????????????????n??????N??q??????????????{FC6F77DD-769A-470E-BCF9-1B6555A118BE}????????????????????????????B??q??????????????%SystemRoot%\system32\wsepno.dll????? ???????p?????
    Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Route ????????{bf49bdee-48bb-11e0-aacb-806e6f6e6963}??st???????k??????????????????????? ????????????X??????D???t???????????????????????????????l??????????????{4d36e96b-e325-11ce-bfc1-08002be10318}\0010?????????????????????? p??????\?????t#*????B?????????????Microsoft????????????????????????????B??????????@bth.inf,%microsoft%;Microsoft??????????????? ???????b?????????????*??L???????????????????????tba???C:\ProgramData\Microsoft\Microsoft Security Client\Support\Application.etl??????{ebb5d2d1-897c-483c-a28d-0b02b8e5f4a5}?????????????????????e? ???????????????I???????????s??t????????????????????????????????????~?????b???b???b???b???b???c???c???????????d???d???d???d???d???d???d???d???d???d???d???d???d???d?C?????d???d???d????????????????????????????????????????????????????????????????????????????????????????????????????@oem61.inf,%intel%;Intel?;(Standard system devices)?????@machine.inf,%gendev_mfg%;(Standard system devices)???????:?????????????@nettun.inf,%6to4mp.displayname%;Microsoft 6to4 Adapter?????Microsoft 6to4
    Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Export ????????????? ???????Z?????????????0????????????&???????????????????????? ?????????????????????0??????*?8??? ???????{4??Local Area Connection* 1103?10????????????4Local Area Connection* 845???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????4Microsoft 6to4 Adapter #10????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Bind ???f?s??????????? .??f??????????????? ???h?????????yst???h?h?/???? ??e???M???????f?f?????????s??????????????????monitor?Wi???????h???/?????????n?/???????i???s?????????n-1???????????????????????????d???4???e???????????????????n??|A??????????????????????$???4????? ??????? ????H?????????? ??????????????????????????$|??e???????????????????????????$|??e??????????????????????????GenCdRom?????f?f????????????????????Base?????????????????????????7??{00000000-0000-0000-ffff-ffffffffffff}????????N??g????????D???????N??h???r?????DTh????N???????????D?????????????????????????????????Video????????????????????????d???????????e?e??????`??~???????v???????????$|??e??????????????????????????{4d36e97d-e325-11ce-bfc1-08002be10318}???????????????????????????A???9??????srv2?????????e??????s4??Net?oo?????????????????????g????????????? ?????????????????????,??L???.??????????????????????????????????8??? ???????f?????f?????????????????????????????????????-??25???f?f??????n??????????????????????????????????????f??? ???????f?????d???????
    Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Route ????N???????????VBoxNetFlt.ndi????????????????J??????t???????????????;??f???Modem?????????h?????H???@???????@???????H???????????????????????????? h??????0??????o???oem43.inf???????????????????Root\*6TO4MP\0063???????????????????????????\\?\Root#*6TO4MP#0058#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{969CCED3-61BB-4F28-9CD9-0B6262C9238C}?3E??Root\*6TO4MP\0062???????????Root\*6TO4MP\0061????????_???n??sm???????@???@??????\\?\USB#VID_058F&PID_6387#89BF6A3B#{a5dcbf10-6530-11d2-901f-00c04fb951ed}???\\?\PCI#VEN_10EC&DEV_8168&SUBSYS_83A31043&REV_03#4&61613ac&0&00E7#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{8E06BBE3-6C44-4D10-8ED4-81FB96D9F2B1}?9-??\\?\Root#*6TO4MP#0052#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{0B6D52E7-FB9F-48EC-A113-A0FB3AEB45BD}?B1??\\?\Root#*6TO4MP#0061#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{27E35669-ECC4-4A7B-8EB9-CC3CF0D744FB}?3B???????????6??????_{??Root\*6TO4MP\0066????????????E??????35??? ???????????????????0??????????h?????????????h?????H???@???????@???????H???????????????????????????? ??W??????
    Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Export ?????????????????A??????nd??@nettun.inf,%msft%;Microsoft?d??@nettun.inf,%msft%;Microsoft?2??????lt???????????i??ev??????????????????????????????????????? p?????????????????????????????????????{4d36e972-e325-11ce-bfc1-08002be10318}\0143?? ??{4d36e972-e325-11ce-bfc1-08002be10318}\0147???????6??????7??????1E???????????????????A??19??tunnel???B??6-21-2006?????????????????????~?????????6A??{4d36e972-e325-11ce-bfc1-08002be10318}?008??@nettun.inf,%msft%;Microsoft????Microsoft 6to4 Adapter #82????????6??????D??????{D??{D??????????????5.0.15.0?r??*6to4mp?0???????????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?mor??Microsoft 6to4 Adapter #84??????????????????????????{4d36e972-e325-11ce-bfc1-08002be10318}?-bf??? p??????9????????????????????????????????????????????????????????????N?????????????????????16??{4d36e972-e325-11ce-bfc1-08002be10318}\0088???????X??????????t??????????????????@nettun.inf,%msft%;Microsoft?|???????????w?????s?w??? ???????a??????ct???????t??*6to4mp??????????????s??????????dy????????????:??????o?ga???? p
    Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Bind ???k?v???g?g?f???f?f?f???g?on?????t??????????????????f????N??h???M?????D-1???h?h?i???t?v?v??????????????????? ???h???.??????????? ???????f?????f?????f????(???$? ?????????????s??????????f???????????????????????????????f???????????f?f????Microsoft???? ???????f?????f???????,??4?????????????????????0;?????f????? ???????f?????????????,?????????????????????y?????f????? ???????f???????????f????????"??????????f???f?fos??t????f????????????????L??????6??????????????????????????????? ???h??????????????*6to4mp?????? ???????f???????????f????????$?????????????????????????????? ??????????????? ???????f???????????e????????"??????????f?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????????????????????????????????????????????????? ????????????f??????????????????????????MBRES???t???? ???????f?????f???????0??L????????? ??????.76?????f???f???f?????????????f???????????????f??????????? ???????f?????f???????????????
    Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Route ???v??????<??v????????h?????failover????Modem???????????text????tunnel?F-4??????????????????????????????????????????????? ???????n?????v?????v?0????????J???????s?????J??v?????????e????@%SystemRoot%\system32\samsrv.dll,-1??????4??v??????p???MS_WindowsLocalValidation??????v??????@??v????????h??????v??????????????%SystemRoot%\system32\lsass.exe???????J??v?????????n????@%SystemRoot%\system32\samsrv.dll,-2????RPCSS???????? ???v??????????????LocalSystem??????????????????????????????v??????????????????????t??????? ????????????v?v?v?v?v?v?v?v?v???????v???????????e??? ???????v???????????v?0????????????????????????????0????????????????`???????????????????? ????????????????????? ???????????????????? ???????n???????????u??????????T???????????????????????t????????????????????v?v?v????????????????????????T??v????????h???????P??v???????????d??o???????????PlugPlay????\SystemRoot\system32\DRIVERS\sbp2port.sys???sbp2.inf_amd64_neutral_2fff12561375e45f???????????????????????X??????????t??????????????????????? ???????n?????v???
    Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Export ???m?v??? ??l???c?????6-4??????????????t?????X??????????t??? ???????l???????????????????????????????f??? ???????l?????l???????0??L????????? ??????????????l???l????? ???????l?????l???????0????????????&???????????????????????? ???????l?????l???????0????????????????????? ???????l???????????j?0????????????????????usbhub??????WAN Miniport (PPPOE)???????????l?????????l???r???e??6.1.7600.16385??6.???l??????????????{4d36e972-e325-11ce-bfc1-08002be10318}\0003?????????????????????Tcpip???????? ???????l?????l???????0????????????????????? ???????l???????????k?0????????????????????root\umbus??cr?????l????? ???????l?????l???????0???????????????????????l???l???l????????? ???????l???????????k?0????????????????????Microsoft????????????l?l?????????l???&?????l????? ???????l?????l???????0????????????&??????????????????????????l???l????? ???????l?????l???????0????????????????????? ???????l???????????k?0?????????????????????????l???????e???????g?????????????????????????????l????? ???????l?????l???????0?????????????????????m?mos?
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBD 0xF1 0x76 0x6C ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC4 0x50 0xD1 0x7E ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3C 0x7C 0x42 0xC8 ...
    Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Export ???l?y??????????????2????????????????????????????????????????????v???????????????????T?????? "??????????*6to4mp?????????????????? ???????n???????? ?????????????V???????????Intel(R) SMBus 2.0 Driver????????????4???????????y???????v???????y??????????????n???????????????????????????RapiMgr??E??disk.inf?????????????????????????v?????????? ????????????????????????????????B???????????????????????????????????????y???????????6??????????1.17.62.0????????????4?g-4??????of??????????????????????????*6to4mp??3??????????????t???5952?,??????????????t???????????????????????.NT??m??? ???????n???????????v??????????V?????????????????????????????????????????????????T??v????????h?????\SystemRoot\system32\DRIVERS\sermouse.sys?????(??v?????????e????Serial Mouse Driver??????????v??????p???Pointer Port?????v???????????????v?v?v?v?v?v?v????V??v???????????d??msmouse.inf_amd64_neutral_7a5f47d3150cc0eb??????? ???????n?????t????????????????????????????????????????? ???????v???????????v?????????????????????e?????????????????????s??? ???v?

    ---- EOF - GMER 1.0.15 ----
  2. GuruX

    GuruX Newcomer, in training Topic Starter

    PART 2 LOGS

    --------------------------------------------------------------------------------------------------------------

    DDS.txt

    .
    DDS (Ver_2011-06-23.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by Gustav at 22:25:27 on 2011-08-06
    Microsoft Windows 7 Professional 6.1.7600.0.1252.46.1033.18.4087.1998 [GMT 2:00]
    .
    AV: Lavasoft Ad-Watch Live! Antivirus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Sandboxie\SbieSvc.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\DU Meter\DUMeterSvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Tunngle\TnglCtrl.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
    C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\alg.exe
    C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    e:\installdir\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Windows\WindowsMobile\wmdcBase.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
    C:\Program Files\Sandboxie\SbieCtrl.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\Personal\bin\Personal.exe
    C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe
    C:\Program Files (x86)\ASUS\T Probe\TProbe.exe
    C:\Program Files\UltraMon\UltraMon.exe
    C:\Users\Gustav\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    C:\PROGRA~2\DUMETE~1\DUMeter.exe
    C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
    C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\UltraMon\UltraMonTaskbar.exe
    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
    C:\Program Files (x86)\ekort\ekort.exe
    C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    E:\Installdir\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\SysWOW64\OBroker.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\firefox.exe
    C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
    C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugin-container.exe
    C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugin-container.exe
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\prevhost.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\UltraMon\UltraMonUiAcc.exe
    C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: e-kort Helper Class: {9065e913-4f23-4b47-9b5d-b055d32db1f3} - C:\Program Files (x86)\ekort\EKortHelper.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: e-kort Toolbar: {8db2b2e8-579f-48a8-a496-18fefcf8f4df} - C:\Program Files (x86)\ekort\EKortToolbar.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
    uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [Google Update] "C:\Users\Gustav\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [RGSC] E:\Installdir\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
    uRun: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe
    uRun: [<NO NAME>]
    uRun: [DriverMax]
    uRun: [DriverMax_RESTART]
    mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun: [TurboV EVO] "C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -b
    mRun: [T Probe] "C:\Program Files (x86)\ASUS\T Probe\TProbe.exe" -b
    mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    mRun: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
    mRun: [adm_tray.exe] C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [e-kort] C:\PROGRA~2\ekort\ekort.exe /dontopenmycards /Autostart
    mRun: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Malwarebytes' Anti-Malware] "e:\installdir\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    StartupFolder: C:\Users\Gustav\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Gustav\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UltraMon.lnk - C:\Windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xportera till Microsoft Excel - E:\INSTAL~1\OFFICE~1\Office14\EXCEL.EXE/3000
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: Interfaces\{8E06BBE3-6C44-4D10-8ED4-81FB96D9F2B1} : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{CD46C4F6-9CBB-49B8-BAFF-C9B5F75C707D} : NameServer = 8.8.8.8
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    AppInit_DLLs: acaptuser32.dll
    SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
    STS: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
    BHO-X64: Virtual Storage Mount Notification - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: e-kort Helper Class: {9065E913-4F23-4B47-9B5D-B055D32DB1F3} - C:\Program Files (x86)\ekort\EKortHelper.dll
    BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: SmartSelect - No File
    TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB-X64: e-kort Toolbar: {8DB2B2E8-579F-48A8-A496-18FEFCF8F4DF} - C:\Program Files (x86)\ekort\EKortToolbar.dll
    mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun-x64: [TurboV EVO] "C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -b
    mRun-x64: [T Probe] "C:\Program Files (x86)\ASUS\T Probe\TProbe.exe" -b
    mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    mRun-x64: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
    mRun-x64: [adm_tray.exe] C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
    mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [e-kort] C:\PROGRA~2\ekort\ekort.exe /dontopenmycards /Autostart
    mRun-x64: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "e:\installdir\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    AppInit_DLLs-X64: acaptuser32.dll
    SSODL-X64: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
    STS-X64: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Gustav\AppData\Roaming\Mozilla\Firefox\Profiles\y6z65qyn.default\
    FF - component: C:\Program Files (x86)\Google\Google Gears\Firefox\lib\ff36\gears.dll
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl.dll
    FF - plugin: C:\Users\Gustav\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Gustav\AppData\Roaming\Mozilla\Firefox\Profiles\y6z65qyn.default\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}\plugins\npqbc.dll
    FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - plugin: E:\installdir\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
    FF - plugin: E:\Installdir\Opera\program\plugins\npqtplugin.dll
    FF - plugin: E:\Installdir\Opera\program\plugins\npqtplugin2.dll
    FF - plugin: E:\Installdir\Opera\program\plugins\npqtplugin3.dll
    FF - plugin: E:\Installdir\Opera\program\plugins\npqtplugin4.dll
    FF - plugin: E:\Installdir\Opera\program\plugins\npqtplugin5.dll
    FF - plugin: E:\Installdir\Opera\program\plugins\npqtplugin6.dll
    FF - plugin: E:\Installdir\Opera\program\plugins\npqtplugin7.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 cbfs3;cbfs3;\??\C:\Windows\system32\drivers\cbfs3.sys --> C:\Windows\system32\drivers\cbfs3.sys [?]
    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 20992]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-2-10 90112]
    R2 DUMeterSvc;DU Meter Service;C:\Program Files (x86)\DU Meter\DUMeterSvc.exe [2011-5-25 1412488]
    R2 IOCBIOS;IOCBIOS;C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\iOCbios.sys [2009-7-9 27096]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-8-12 2151640]
    R2 MBAMService;MBAMService;E:\Installdir\Malwarebytes' Anti-Malware\mbamservice.exe [2011-8-6 366640]
    R2 MSSQL$VISMA;SQL Server (VISMA);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-6-2 2214504]
    R2 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2010-12-11 718072]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
    R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
    R2 XTUService;Intel(R) Extreme Tuning Utility;C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2009-8-6 30944]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-8-12 17152]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
    R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2010-10-18 145512]
    R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\system32\DRIVERS\seehcri.sys --> C:\Windows\system32\DRIVERS\seehcri.sys [?]
    R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys --> C:\Windows\system32\DRIVERS\tap0901t.sys [?]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 GtDetectSc;GtDetectSc;"C:\Program Files\Option\Driver Installer\GtDetectSc.exe" --> C:\Program Files\Option\Driver Installer\GtDetectSc.exe [?]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-10 135664]
    S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\androidusb.sys --> C:\Windows\system32\Drivers\androidusb.sys [?]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    S3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\system32\DRIVERS\BthAvrcp.sys --> C:\Windows\system32\DRIVERS\BthAvrcp.sys [?]
    S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys --> C:\Windows\system32\DRIVERS\ggflt.sys [?]
    S3 GT72UBUS;GT 72 U BUS;C:\Windows\system32\DRIVERS\gt72ubus.sys --> C:\Windows\system32\DRIVERS\gt72ubus.sys [?]
    S3 gupdatem;Tjänsten Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-10 135664]
    S3 hwusbfake;Huawei DataCard USB Fake;C:\Windows\system32\DRIVERS\ewusbfake.sys --> C:\Windows\system32\DRIVERS\ewusbfake.sys [?]
    S3 Installer Service;Installer Service;C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{94490075-155F-4D08-B92D-4FE592F98591}\Installer\InstallerService.exe [2011-7-16 119296]
    S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;C:\Windows\system32\drivers\massfilter_hs.sys --> C:\Windows\system32\drivers\massfilter_hs.sys [?]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
    S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);C:\Windows\system32\DRIVERS\s0016bus.sys --> C:\Windows\system32\DRIVERS\s0016bus.sys [?]
    S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s0016mdfl.sys --> C:\Windows\system32\DRIVERS\s0016mdfl.sys [?]
    S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s0016mdm.sys --> C:\Windows\system32\DRIVERS\s0016mdm.sys [?]
    S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s0016mgmt.sys --> C:\Windows\system32\DRIVERS\s0016mgmt.sys [?]
    S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s0016obex.sys --> C:\Windows\system32\DRIVERS\s0016obex.sys [?]
    S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);C:\Windows\system32\DRIVERS\s0016unic.sys --> C:\Windows\system32\DRIVERS\s0016unic.sys [?]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys --> C:\Windows\system32\Drivers\VBoxUSB.sys [?]
    S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\system32\DRIVERS\vpcuxd.sys --> C:\Windows\system32\DRIVERS\vpcuxd.sys [?]
    S3 zghsdiag;ZTE General Handset Diagnostic Port;C:\Windows\system32\DRIVERS\zghsdiag.sys --> C:\Windows\system32\DRIVERS\zghsdiag.sys [?]
    S3 zghsmdm;ZTE General Handset USB Modem Proprietary;C:\Windows\system32\DRIVERS\zghsmdm.sys --> C:\Windows\system32\DRIVERS\zghsmdm.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-08-06 16:09:07 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BB87F8E9-83FE-4CA4-B920-2CA08A3AED19}\mpengine.dll
    2011-08-06 15:29:35 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-08-06 15:17:08 -------- d-----w- C:\Program Files (x86)\ESET
    2011-08-02 16:24:25 -------- d-----w- C:\Program Files (x86)\FileZilla Server
    2011-08-02 15:17:39 -------- d-----w- C:\Users\Gustav\AppData\Roaming\XBMC
    2011-08-01 00:17:24 -------- d-----w- C:\Users\Gustav\AppData\Local\Plex Media Server
    2011-08-01 00:15:16 -------- d-----w- C:\Program Files\Bonjour
    2011-08-01 00:15:16 -------- d-----w- C:\Program Files (x86)\Bonjour
    2011-07-31 19:09:11 -------- d-----w- C:\Temp
    2011-07-31 10:39:03 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
    2011-07-21 15:07:45 -------- d-sh--w- C:\ProgramData\DSS
    2011-07-21 15:07:44 -------- d-----w- C:\ProgramData\Codemasters
    2011-07-21 15:03:44 19087360 ----a-w- C:\Windows\SysWow64\mkl_blueripple.dll
    2011-07-21 15:03:43 1417216 ----a-w- C:\Windows\SysWow64\rapture3d_oal.dll
    2011-07-21 15:03:43 -------- d-----w- C:\Program Files (x86)\BRS
    2011-07-21 15:03:40 809496 ----a-r- C:\Windows\SysWow64\tmp89D.tmp
    2011-07-21 12:59:17 219440 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
    2011-07-21 12:59:16 44848 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
    2011-07-21 12:59:12 -------- d-----w- C:\Program Files\Oracle
    2011-07-15 15:30:44 46384 ----a-w- C:\Windows\System32\drivers\VBoxUSB.sys
    2011-07-15 15:30:44 164656 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
    2011-07-15 15:30:44 144688 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
    2011-07-15 15:30:42 320816 ----a-w- C:\Windows\System32\VBoxNetFltNotify.dll
    .
    ==================== Find3M ====================
    .
    2011-07-21 15:03:40 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
    2011-07-21 15:03:40 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
    2011-07-21 15:03:40 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
    2011-07-21 15:03:40 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
    2011-07-06 17:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-07-04 15:04:57 478 ----a-w- C:\Windows\SysWow64\zdlcsv.ds.dll
    2011-07-04 14:59:45 65536 ----a-w- C:\Windows\SysWow64\Encrypt.dll
    2011-07-03 17:47:46 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
    2011-06-11 02:56:44 3134464 ----a-w- C:\Windows\System32\win32k.sys
    2011-06-02 06:45:22 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2011-06-02 06:45:22 243200 ----a-w- C:\Windows\System32\wow64.dll
    2011-06-02 06:45:22 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2011-06-02 06:44:54 214528 ----a-w- C:\Windows\System32\winsrv.dll
    2011-06-02 06:42:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2011-06-02 06:39:54 422400 ----a-w- C:\Windows\System32\KernelBase.dll
    2011-06-02 06:35:56 338944 ----a-w- C:\Windows\System32\conhost.exe
    2011-06-02 05:59:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2011-06-02 05:56:28 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2011-06-02 05:56:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2011-06-02 05:54:51 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2011-06-02 05:54:50 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2011-06-02 03:51:00 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2011-06-02 03:50:59 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2011-06-02 03:45:49 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-06-02 03:45:49 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-06-02 03:45:49 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-06-02 03:45:49 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2011-05-24 11:21:59 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
    2011-05-24 10:34:20 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
    2011-05-24 10:34:20 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
    2011-05-24 10:34:00 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
    2011-05-24 10:32:46 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
    2011-05-18 12:32:15 921 ----a-w- C:\Windows\QSFVExit.bat
    2011-05-18 08:15:26 166912 ----a-w- C:\Windows\System32\ccdcmbwux64.dll
    2011-05-18 08:15:16 640000 ----a-w- C:\Windows\System32\nmwcdcoclsx64.dll
    2011-05-18 08:15:04 57856 ----a-w- C:\Windows\System32\nmwcdclsx64.dll
    2011-05-18 08:14:20 9216 ----a-w- C:\Windows\System32\drivers\usbser_lowerfltx64.sys
    2011-05-18 08:14:16 27136 ----a-w- C:\Windows\System32\drivers\ccdcmbox64.sys
    2011-05-18 08:14:12 19968 ----a-w- C:\Windows\System32\drivers\ccdcmbx64.sys
    2011-05-18 08:09:48 1721576 ----a-w- C:\Windows\System32\wdfcoinstaller01009.dll
    2011-05-11 09:39:50 16432 ----a-w- C:\Windows\System32\lsdelete.exe
    .
    ============= FINISH: 22:25:46,37 ===============
    ----------------------------------------------------------------------------------------------------------
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume3
    Install Date: 2010-02-09 20:22:55
    System Uptime: 2011-08-06 22:04:56 (0 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P7P55D PRO
    Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz | LGA1156 | 2731/160mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 37 GiB total, 0,722 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 932 GiB total, 31,972 GiB free.
    F: is CDROM ()
    G: is FIXED (NTFS) - 932 GiB total, 475,451 GiB free.
    H: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Acronis Drive Monitor
    Activision(R)
    Ad-Aware
    Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
    Adobe Acrobat 9.4.5 - CPSID_83708
    Adobe AIR
    Adobe Community Help
    Adobe Connect Add-in
    Adobe Creative Suite 5 Master Collection
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Reader X (10.1.0) - Svenska
    Akamai NetSession Interface
    Android SDK Tools
    Apple Application Support
    Apple Software Update
    µTorrent
    AviSynth 2.5
    BankID Security Application 4.17.0
    Blur(TM)
    Borderlands
    Call of Duty(R) 4 - Modern Warfare(TM)
    Call of Juarez - Bound in Blood
    Catalyst Control Center InstallProxy
    ColorPic
    cwRsync (remove only)
    DAEMON Tools Lite
    DiRT 3
    DriverMax 5
    Dropbox
    DU Meter
    e-kort
    Elasto Mania
    eReg
    ESET Online Scanner v3
    Exact Audio Copy 0.99pb5
    ffdshow [rev 2527] [2008-12-19]
    FileZilla Client 3.5.0
    FileZilla Server
    Google Chrome
    Google Update Helper
    Gordon's Gate Flash Driver 2.2.0.1
    Grand Theft Auto IV
    GTK+ Runtime 2.14.7 rev a (enbart för avinstallation)
    GuildFTPd FTP Deamon
    High-Definition Video Playback 10
    Huawei modem
    ImagXpress
    Intel Extreme Tuning Utility
    Intel® Solid-State Drive Toolbox
    Java Auto Updater
    Java(TM) 6 Update 18
    Java(TM) 6 Update 26
    JGoodies JDiskReport 1.3.2
    LOSI 0.4.5
    Malwarebytes' Anti-Malware version 1.51.1.1800
    Metal Assault
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft Report Viewer Redistributable 2008 (KB971118)
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (VISMA)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Setup Support Files (English)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Mobile Connect
    Mobile Partner
    Mozilla Firefox 5.0.1 (x86 sv-SE)
    MSVC80_x86_v2
    MSVC90_x86
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Need for Speed(TM) Hot Pursuit
    Nero 10 Menu TemplatePack Basic
    Nero 10 Movie ThemePack Basic
    Nero Burning ROM 10
    Nero Control Center 10
    Nero Core Components 10
    Nero CoverDesigner 10
    Nero Dolby Files 10
    Nero Multimedia Suite 10
    Nero Update
    Nokia Connectivity Cable Driver
    Nokia Ovi Suite
    Nokia Ovi Suite Software Updater
    Nokia Software Updater
    Notepad++
    NVIDIA PhysX
    O&K Printer Viewer Pro 2.3
    OpenAL
    OpenOffice.org 3.2
    OpenVPN 2.1.4
    Ovi Desktop Sync Engine
    OviMPlatform
    PC Connectivity Solution
    PDF Settings CS5
    Pidgin
    Pidgin-Encryption Plugin (remove only)
    Platform
    Plex Media Server
    Portal 2
    PxMergeModule
    Qt SDK
    QuickTime
    Rapture3D 2.4.8 Game
    Realtek 8136 8168 8169 Ethernet Driver
    Replay Music
    Roadkil's Unstoppable Copier Version 5.2
    Sales_MultiDL_MSM7227_V1.00.01
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    SendSpace Wizard
    Sibelius Scorch (Firefox, Opera, Netscape only)
    Skype™ 5.3
    SpeedFan (remove only)
    Spotify
    SSC Service Utility v4.30
    StarCraft II
    Steam
    Steinberg Cubase 5
    Steinberg Drum Loop Expansion 01
    Steinberg Groove Agent ONE Content
    Steinberg HALionOne
    Steinberg HALionOne Additional Content Set 01
    Steinberg HALionOne Expression Set
    Steinberg HALionOne GM Drum Set
    Steinberg HALionOne GM Set
    Steinberg HALionOne Pro Set
    Steinberg HALionOne Studio Drum Set
    Steinberg HALionOne Studio Set
    Steinberg LoopMash Content
    Steinberg REVerence Content 01
    Synergy
    Tales of Monkey Island - Lair of the Leviathan
    TightVNC 2.0.3
    Torrent Episode Downloader
    Tunngle beta
    VIA Plattform för enhetshanterare
    Windows Updates Downloader
    Virus Guard - powered by BitDefender
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VLC media player 1.1.11
    Wuala
    Wuala CBFS
    Wuala OverlayIcons
    XBMC
    XviD MPEG-4 Video Codec
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2011-08-06 22:21:33, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
    2011-08-06 22:05:41, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.20, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
    2011-08-06 22:05:21, Error: Application Popup [1060] - \SystemRoot\SysWow64\drivers\tandpl.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    2011-08-06 18:11:49, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.
    2011-08-06 18:08:15, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
    2011-08-05 11:15:01, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 10.0.2.2, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
    2011-08-04 00:19:55, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{8E06BBE3-6C44-4D10-8ED4-81FB96D9F2B1} because another computer on the network has the same name. The server could not start.
    2011-08-04 00:19:26, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{CD46C4F6-9CBB-49B8-BAFF-C9B5F75C707D} because another computer on the network has the same name. The server could not start.
    2011-08-03 11:32:11, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    2011-08-02 18:24:28, Error: Service Control Manager [7030] - The FileZilla Server FTP server service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    2011-08-02 16:38:04, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Akamai service.
    .
    ==== End Of File ===========================
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot! There are some hidden objects that need to be dealt with. They are a part of the networking and not necessarily malware. So first, I'd like you to go through the following:

    How to disable certain Internet Protocol version 6 (IPv6) components in Windows Vista, Windows 7, and Windows Server 2008
    You can do it yourself, or let Microsoft "Fix It."

    Corresponding to the entries in GMER, this is observed in this entry from the Event Viewer:
    2011-08-06 22:21:33, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
    ==========================================
    When you have completed that, reboot and go on to the following:
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ======================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
    Please leave Combofix log in your next reply.
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Regarding the (webhp?emsg=). This appears to be specific to the Chrome browser. It's not the 'usual Google redirect' which sends you to a different site other than the one you select from a Google search.

    You can put the term (webhp?emsg=) in a Google Search and you will meet the other Chrome users who are experiencing the same thing!

    About your question> "Is there a name for this virus.?" As explained, what you are experiencing is not what you seeing in many posts about the 'Google Redirect.' Actually, it has been fondly named that because most people use Google for their search engine- therefore Google is getting blamed. But it's not Google doing the redirecting- it's whatever malware is on the system causing it. So there is not a 'name' for it and it can be caused by many different kinds of malware.
  5. GuruX

    GuruX Newcomer, in training Topic Starter

    Here is the ComboFix log:

    ComboFix 11-08-06.02 - Gustav 2011-08-07 0:19.2.4 - x64
    Microsoft Windows 7 Professional 6.1.7600.0.1252.46.1033.18.4087.1977 [GMT 2:00]
    Körs från: g:\downloads\ComboFix.exe
    AV: Lavasoft Ad-Watch Live! Antivirus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Skapade en ny återställningspunkt
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Gustav\AppData\Local\Temp\NOSEventMessages.dll
    .
    .
    (((((((((((((((((((((((( Filer skapade från 2011-07-06 till 2011-08-06 ))))))))))))))))))))))))))))))
    .
    .
    2011-08-06 22:23 . 2011-08-06 22:23 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2011-08-06 22:23 . 2011-08-06 22:23 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2011-08-06 22:23 . 2011-08-06 22:23 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-08-06 22:14 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A3210E3F-7213-4D00-BC5D-217E1F244159}\mpengine.dll
    2011-08-06 15:29 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-08-06 15:17 . 2011-08-06 15:17 -------- d-----w- c:\program files (x86)\ESET
    2011-08-02 16:24 . 2011-08-02 16:24 -------- d-----w- c:\program files (x86)\FileZilla Server
    2011-08-02 15:17 . 2011-08-02 15:50 -------- d-----w- c:\users\Gustav\AppData\Roaming\XBMC
    2011-08-01 14:23 . 2011-08-01 14:23 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-08-01 00:17 . 2011-08-01 00:22 -------- d-----w- c:\users\Gustav\AppData\Local\Plex Media Server
    2011-08-01 00:15 . 2011-08-01 00:15 -------- d-----w- c:\program files\Bonjour
    2011-08-01 00:15 . 2011-08-01 00:15 -------- d-----w- c:\program files (x86)\Bonjour
    2011-07-31 19:09 . 2011-07-31 19:09 -------- d-----w- C:\Temp
    2011-07-31 10:39 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
    2011-07-21 15:07 . 2011-07-21 15:07 -------- d-sh--w- c:\programdata\DSS
    2011-07-21 15:07 . 2011-07-21 15:07 -------- d-----w- c:\programdata\Codemasters
    2011-07-21 15:03 . 2010-09-22 11:12 19087360 ----a-w- c:\windows\SysWow64\mkl_blueripple.dll
    2011-07-21 15:03 . 2011-07-21 15:03 -------- d-----w- c:\program files (x86)\BRS
    2011-07-21 15:03 . 2011-03-19 13:16 1417216 ----a-w- c:\windows\SysWow64\rapture3d_oal.dll
    2011-07-21 15:03 . 2011-04-15 23:40 809496 ----a-r- c:\windows\SysWow64\tmp89D.tmp
    2011-07-21 12:59 . 2011-07-15 15:30 219440 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
    2011-07-21 12:59 . 2011-07-15 15:30 44848 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
    2011-07-21 12:59 . 2011-07-21 12:59 -------- d-----w- c:\program files\Oracle
    2011-07-15 15:30 . 2011-07-15 15:30 46384 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys
    2011-07-15 15:30 . 2011-07-15 15:30 164656 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
    2011-07-15 15:30 . 2011-07-15 15:30 144688 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
    2011-07-15 15:30 . 2011-07-15 15:30 320816 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-21 15:03 . 2010-12-16 14:36 466456 ----a-w- c:\windows\system32\wrap_oal.dll
    2011-07-21 15:03 . 2010-12-16 14:36 122904 ----a-w- c:\windows\system32\OpenAL32.dll
    2011-07-21 15:03 . 2010-12-16 14:36 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
    2011-07-21 15:03 . 2010-12-16 14:36 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
    2011-07-13 04:53 . 2010-12-13 09:42 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-07-06 17:52 . 2010-12-12 09:29 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-04 14:59 . 2011-05-09 17:25 65536 ----a-w- c:\windows\SysWow64\Encrypt.dll
    2011-07-03 17:47 . 2010-11-16 09:08 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-06-02 05:56 . 2011-07-23 09:06 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2011-05-25 06:09 . 2011-06-02 13:10 29288 ----a-w- c:\windows\system32\nvhdap64.dll
    2011-05-25 06:09 . 2011-06-02 13:10 174184 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
    2011-05-25 06:09 . 2011-06-02 13:10 1426536 ----a-w- c:\windows\system32\nvhdagenco642040.dll
    2011-05-25 06:09 . 2011-06-02 13:11 1016936 ----a-w- c:\windows\system32\nvvsvc.exe
    2011-05-25 06:09 . 2011-06-02 13:11 61544 ----a-w- c:\windows\system32\nvshext.dll
    2011-05-25 06:09 . 2011-06-02 13:11 3040872 ----a-w- c:\windows\system32\nvsvc64.dll
    2011-05-25 06:09 . 2011-06-02 13:11 117864 ----a-w- c:\windows\system32\nvmctray.dll
    2011-05-25 06:09 . 2011-06-02 13:11 739432 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
    2011-05-25 06:09 . 2011-06-02 13:11 6300776 ----a-w- c:\windows\system32\nvcpl.dll
    2011-05-25 06:09 . 2011-06-02 13:10 8863336 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2011-05-25 06:09 . 2011-06-02 13:10 67176 ----a-w- c:\windows\system32\OpenCL.dll
    2011-05-25 06:09 . 2011-06-02 13:10 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2011-05-25 06:09 . 2011-06-02 13:10 6555240 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2011-05-25 06:09 . 2011-06-02 13:10 22286952 ----a-w- c:\windows\system32\nvoglv64.dll
    2011-05-25 06:09 . 2011-06-02 13:10 16456296 ----a-w- c:\windows\SysWow64\nvoglv32.dll
    2011-05-25 06:09 . 2011-06-02 13:10 2943592 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-05-25 06:09 . 2011-06-02 13:10 2804328 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2011-05-25 06:09 . 2011-06-02 13:10 15223912 ----a-w- c:\windows\system32\nvd3dumx.dll
    2011-05-25 06:09 . 2011-06-02 13:10 1496168 ----a-w- c:\windows\system32\nvdispco6420150.dll
    2011-05-25 06:09 . 2011-06-02 13:10 1427048 ----a-w- c:\windows\system32\nvgenco642090.dll
    2011-05-25 06:09 . 2011-06-02 13:10 13206120 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2011-05-25 06:09 . 2011-06-02 13:10 11992680 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2011-05-25 06:09 . 2011-06-02 13:10 7123560 ----a-w- c:\windows\system32\nvcuda.dll
    2011-05-25 06:09 . 2011-06-02 13:10 5301352 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2011-05-25 06:09 . 2011-06-02 13:10 2644584 ----a-w- c:\windows\system32\nvapi64.dll
    2011-05-25 06:09 . 2011-06-02 13:10 2335848 ----a-w- c:\windows\SysWow64\nvapi.dll
    2011-05-25 06:09 . 2011-06-02 13:10 2212968 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-05-25 06:09 . 2011-06-02 13:10 2082408 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
    2011-05-25 06:09 . 2011-06-02 13:10 18583144 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-05-25 06:09 . 2011-06-02 13:10 13011560 ----a-w- c:\windows\SysWow64\nvcompiler.dll
    2011-05-24 11:21 . 2011-07-05 08:46 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
    2011-05-24 10:34 . 2011-07-05 08:46 64512 ----a-w- c:\windows\SysWow64\devobj.dll
    2011-05-24 10:34 . 2011-07-05 08:46 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
    2011-05-24 10:34 . 2011-07-05 08:46 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
    2011-05-24 10:32 . 2011-07-05 08:46 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
    2011-05-18 12:32 . 2011-05-18 12:32 921 ----a-w- c:\windows\QSFVExit.bat
    2011-05-18 08:15 . 2011-05-18 08:15 166912 ----a-w- c:\windows\system32\ccdcmbwux64.dll
    2011-05-18 08:15 . 2011-05-18 08:15 640000 ----a-w- c:\windows\system32\nmwcdcoclsx64.dll
    2011-05-18 08:15 . 2010-02-12 13:32 57856 ----a-w- c:\windows\system32\nmwcdclsx64.dll
    2011-05-18 08:14 . 2011-05-18 08:14 9216 ----a-w- c:\windows\system32\drivers\usbser_lowerfltx64.sys
    2011-05-18 08:14 . 2011-05-18 08:14 27136 ----a-w- c:\windows\system32\drivers\ccdcmbox64.sys
    2011-05-18 08:14 . 2011-05-18 08:14 19968 ----a-w- c:\windows\system32\drivers\ccdcmbx64.sys
    2011-05-18 08:09 . 2011-05-18 08:09 1721576 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
    2011-05-11 09:39 . 2010-09-04 10:01 16432 ----a-w- c:\windows\system32\lsdelete.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-08-06_22.10.18 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-14 04:54 . 2011-08-06 22:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2011-08-06 22:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2011-08-06 22:17 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-08-06 22:03 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2011-08-06 22:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2011-08-06 22:03 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 05:10 . 2011-08-06 22:05 41810 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2011-08-06 22:19 41810 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2010-02-09 19:49 . 2011-08-06 22:19 25072 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-922719257-4210637346-1707227776-1001_UserData.bin
    - 2011-08-06 22:03 . 2011-08-06 22:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-08-06 22:17 . 2011-08-06 22:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-08-06 22:03 . 2011-08-06 22:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-08-06 22:17 . 2011-08-06 22:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2010-02-09 22:16 . 2011-08-06 22:19 146128 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2009-07-14 05:01 . 2011-08-06 22:02 575996 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2011-08-06 22:17 575996 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2010-08-17 00:09 . 2011-08-06 22:17 35995004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-922719257-4210637346-1707227776-1001-8192.dat
    .
    (((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Not* tomma poster & legitima standardposter visas inte.
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Gustav\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Gustav\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Gustav\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
    @="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
    [HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
    2011-01-17 10:24 155416 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    "NokiaOviSuite2"="c:\program files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-06-22 967736]
    "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-10-17 590056]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
    "DU Meter"="c:\program files (x86)\DU Meter\DUMeter.exe" [2011-01-14 2942856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-02-09 36864]
    "TurboV EVO"="c:\program files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-01-19 9900672]
    "T Probe"="c:\program files (x86)\ASUS\T Probe\TProbe.exe" [2009-10-20 4010496]
    "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-21 2583040]
    "QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2009-11-16 604672]
    "adm_tray.exe"="c:\program files (x86)\Acronis\DriveMonitor\adm_tray.exe" [2010-06-04 530784]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
    "e-kort"="c:\progra~2\ekort\ekort.exe" [2008-12-11 377856]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "Malwarebytes' Anti-Malware"="e:\installdir\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
    .
    c:\users\Gustav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Gustav\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    BankID Security Application.lnk - c:\program files (x86)\Personal\bin\Personal.exe [2011-1-24 1086288]
    UltraMon.lnk - c:\windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico [2010-7-7 29310]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ lsdelete
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    .
    R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 GtDetectSc;GtDetectSc;c:\program files\Option\Driver Installer\GtDetectSc.exe [x]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-10 135664]
    R3 ALSysIO;ALSysIO;c:\users\Gustav\AppData\Local\Temp\ALSysIO64.sys [x]
    R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
    R3 cpuz130;cpuz130;c:\users\Gustav\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
    R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\program files (x86)\DU Meter 5\DUMETR64.SYS [x]
    R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
    R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [x]
    R3 gupdatem;Tjänsten Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-10 135664]
    R3 gwiopm;gwiopm;c:\program files (x86)\Unknown Device Identifier\gwiopm.sys [x]
    R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
    R3 Installer Service;Installer Service;c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{94490075-155F-4D08-B92D-4FE592F98591}\Installer\InstallerService.exe [2011-07-16 119296]
    R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
    R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]
    R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
    R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [x]
    R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [x]
    R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [x]
    R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [x]
    R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [x]
    R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [x]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
    R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [x]
    R3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\DRIVERS\zghsdiag.sys [x]
    R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys [x]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
    S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [x]
    S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
    S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]
    S2 DUMeterSvc;DU Meter Service;c:\program files (x86)\DU Meter\DUMeterSvc.exe [2011-01-14 1412488]
    S2 IOCBIOS;IOCBIOS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.SYS [2009-07-09 27096]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-06-28 2151640]
    S2 MBAMService;MBAMService;e:\installdir\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
    S2 MSSQL$VISMA;SQL Server (VISMA);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
    S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2010-11-22 718072]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
    S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
    S2 XTUService;Intel(R) Extreme Tuning Utility;c:\program files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2009-08-06 30944]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-05-11 17152]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]
    S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
    S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
    S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Innehåll i mappen 'Schemalagda aktiviteter':
    .
    2011-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-10 17:03]
    .
    2011-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-10 17:03]
    .
    2011-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-922719257-4210637346-1707227776-1001Core.job
    - c:\users\Gustav\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-18 13:05]
    .
    2011-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-922719257-4210637346-1707227776-1001UA.job
    - c:\users\Gustav\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-18 13:05]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon1]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2011-05-26 14:11 592384 ----a-w- c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon2]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2011-05-26 14:11 592384 ----a-w- c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon3]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2011-05-26 14:11 592384 ----a-w- c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon4]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2011-05-26 14:11 592384 ----a-w- c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\Gustav\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\Gustav\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\Gustav\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\Gustav\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
    @="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
    [HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
    2011-01-17 10:24 188696 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-10-27 462328]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1609296]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
    .
    ------- Extra genomsökning -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xportera till Microsoft Excel - e:\instal~1\OFFICE~1\Office14\EXCEL.EXE/3000
    TCP: Interfaces\{8E06BBE3-6C44-4D10-8ED4-81FB96D9F2B1}: NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{CD46C4F6-9CBB-49B8-BAFF-C9B5F75C707D}: NameServer = 8.8.8.8
    FF - ProfilePath - c:\users\Gustav\AppData\Roaming\Mozilla\Firefox\Profiles\y6z65qyn.default\
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DUMeterSvc]
    "ImagePath"="c:\program files (x86)\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
    .
    --------------------- LÅSTA REGISTERNYCKLAR ---------------------
    .
    [HKEY_USERS\S-1-5-21-922719257-4210637346-1707227776-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    "??"=hex:11,e1,21,59,e3,62,03,46,17,c3,9f,95,c5,0d,b3,cb,68,52,e2,0a,a9,62,21,
    63,e1,03,25,cc,4e,2f,ee,d1,72,8c,90,4b,62,98,56,cc,88,be,13,58,4e,47,aa,c6,\
    "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
    .
    [HKEY_USERS\S-1-5-21-922719257-4210637346-1707227776-1001\Software\SecuROM\License information*]
    "datasecu"=hex:bf,67,dc,06,69,29,12,04,70,56,34,1b,e4,15,e1,d6,fa,89,c9,9d,06,
    4b,04,38,b7,51,1e,4a,28,71,f4,6d,ae,a4,d7,10,c4,ed,6c,33,40,9a,ab,52,40,f6,\
    "rkeysecu"=hex:be,d8,2a,ff,10,5a,79,d9,72,ad,5d,d7,b6,63,f0,40
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Sluttid: 2011-08-07 00:24:56
    ComboFix-quarantined-files.txt 2011-08-06 22:24
    ComboFix2.txt 2011-08-06 22:11
    .
    Före genomsökningen: 822*341*632 bytes free
    Efter genomsökningen: 716*754*944 bytes free
    .
    - - End Of File - - 21277716078983A7C23EA9F1EB7E3798

    ------------------------------------------------------------------------------------------------------------
    Thank you very much!


    Problem still exists after running the fix.
    The problem only appears in Firefox. Chrome and internet explorer are both fine. It might be an issue in Firefox then? I recently upgraded to FF 6 beta. I think this is when the problem started. Downgraded to FF5 but no luck. This was before posting at TechSpot.
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Did you handle this from my Reply #3?
    If not, please do it.
    ===========================================
    Regarding Firefox:
    "I recently upgraded to FF 6 beta. I think this is when the problem started. Downgraded to FF5 but no luck."
    DDS log show FF version is 4.0 Beta 7
    The DDS attach.txt show FF version is Mozilla Firefox 5.0.1 (x86 sv-SE)

    I see Firefox settings in the DDS log for this profile:
    FF - ProfilePath - C:\Users\Gustav\AppData\Roaming\Mozilla\Firefox\Profiles\y6z65qyn.default\
    C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7
    -----------------------------------------
    SOP for browsers: Unless you are a Beta Tester, stay away from Beta versions. Beta means bugs. Give new versions a chance to remove the rest of the bugs. Even after Final Release, it's best to wait for a bit. Beta doesn't mean better and new doesn't always mean good!

    You need to get Firefox back to last Final Release and uninstall all the beta versions.
    ----------------------------------------
    Therea re a multitude of Google Updates on the system. I haven't ever seen a lit of update like this. I would suggest that you uninstall Google- Toolbar/Program/Search Engine, then reinstall new with the most current update.
    And this component:
    FF - component: C:\Program Files (x86)\Google\Google Gears\Firefox\lib\ff36\gears.dll
    (A Firefox and Internet Explorer extension that allows to navigate on compatible websites offline and synchronize when going back online)
    I also see these Google Updates:
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Gustav\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll

    Maybe Google UUpdates don't over write like Java doesn't and you end up with multiple versions in Firefox. I know in the Java instance, that it can affect how Firefox works.

    I also see these plugins for Opera:
    FF - plugin: E:\Installdir\Opera\program\plugins\npqtplugin.dll
    FF - plugin: E:\Installdir\Opera\program\plugins\npqtplugin2.dll
    FF - plugin: E:\Installdir\Opera\program\plugins\npqtplugin3.dll
    FF - plugin: E:\Installdir\Opera\program\plugins\npqtplugin4.dll
    FF - plugin: E:\Installdir\Opera\program\plugins\npqtplugin5.dll
    FF - plugin: E:\Installdir\Opera\program\plugins\npqtplugin6.dll
    FF - plugin: E:\Installdir\Opera\program\plugins\npqtplugin7.dll
    FF - plugin: E:\Installdir\Opera\program\plugins\npqtplugin.dll
    Maybe these don't overwrite either.
    --------------------------------------
    But in the Combofix log, all I see for Firefox is:
    FF - ProfilePath - c:\users\Gustav\AppData\Roaming\Mozilla\Firefox\Profiles\y6z65qyn.default\
    ============================================
    Do what you have to do to get one version of Firefox and the most current Google- whateveritis-on the system. After doing that, reboot the system and empty the recycle bin
    =============================================
    See if that makes any difference.
  7. GuruX

    GuruX Newcomer, in training Topic Starter

    Yes, I did run the MS FixIt to disable IPv6. Uninstalled Google updater, Google Chrome and Firefox. Rebooted and emptied recycle bin. Reinstalled Firefox stable to a new directory. Still no luck.

    One thing that I did notice is that if I use the search box in FF, I get to this page.
    http://www.google.se/search?q=techs...s=org.mozilla:sv-SE:official&client=firefox-a
    Clicking a search result link on that page takes me to the webhp?=emsg page with no search results.
    If I instead click the search button on the Google page. I go to:
    http://www.google.se/search?q=techs..._gc.r_pw.&fp=6bf9734daa4e880&biw=1262&bih=917
    If I then click a search result link, Google takes me to what looks like the same search result page:
    http://www.google.se/search?sclient...917&emsg=NCSR&noj=1&ei=wgJJToT_LY_G-Qa63Jn0Bg
    Now when I a search result link on that page, I go to the actual link.
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay, you need to get the language setting fixed. All 3 of the links you left are for searches on TechSpot pages.Since you mentioned this
    It appears that Google doesn't know which language to search in. One of the links had:
    Clicking on Inställningar allowed me to choose the language I wanted and I got the search in English.

    A second language on a system can cause some problems. But since all 3 links bring up the same TechSpot searches, it would appear that your problem is internal.

    Click on The Control Panel (Category View)> choose 'Date, Time, Language & Regional Options'> make any adjustments for the language here.

    If you're using the Google Toolbar, click on the wrench at the top right and in the Search section, Check the ''Search predictions as you type' box and set the 'Use In' in dialog box to USA
  9. GuruX

    GuruX Newcomer, in training Topic Starter

    I'm running an english version of Win 7, but my regional settings are all set to swedish. Also google search settings are set to swedish. Google toolbar isn't installed.

    One thing that I did try was to deactivate google instant. Now it works like it's supposed to do. I think I'll settle with this fix for now. I don't care that much for google instant. A clean install of Win is coming up anyway soon. Hopefully the problem won't come back with the new install.

    Thanks a lot for you help!
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I've used the Google Toolbar since the beginning of time! But I find it has become too intrusive when I search. And I have to do a lot of searching to ID some entries. It searches instead for the way it thinks something should be spelled. While this is helpful in case of a typo, that is way less frequent that the weird spelling being the one I want!

    I don't know how different it would be without the toolbar because I'm referring to search features only. Anyway, if you have this quirky thing working okay, we'll leave it at that.

    There is an entry I had set up for removal> it's a file from a Fraudulent Security Program:
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\windows\SysWow64\tmp89D.tmp
    Folder::
    c:\users\UpdatusUser\AppData\Local\temp
    c:\users\Guest\AppData\Local\temp
    c:\users\Default\AppData\Local\temp
    c:\programdata\DSS
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Did you set these?
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    =========================================
    We also need to get an online virus scan:
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ===============================
    After I check these logs, I'll have you remove the cleaning tools we used.
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Since you have not addressed my last instructions in over a week, I am closing the thread.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.