Inactive Google redirects (webhp?emsg=)

GuruX · Aug 6, 2011

Hello!

Here I go. Got that strange thing that redirects me back to Google search. Is there a name for this virus?

Protection is Microsoft Security Essentials and Lavasoft Ad-aware

--------------------------------------------------------------------------
MALWAREBYTES (Yes, the malwarebytes scan is the latest one in time. But the first one was in my local language and not english. That's why I rescanned, same output though)

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7393

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

2011-08-06 22:20:24
mbam-log-2011-08-06 (22-20-24).txt

Scan type: Quick scan
Objects scanned: 201420
Time elapsed: 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

----------------------------------------------------------------------------------------------------------
GMER

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-06 18:09:35
Windows 6.1.7600
Running: htubqnw6.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export ???w?????|???????????????????????????????e???????????????????????????????????????%?????e?%??255.0.0.0???text????????????????? ???????v???????????f??????????????????????system32\DRIVERS\intelsmb.sys????????v?????????????????????????????????????????????????v??????<??v????????h?????failover????Modem???????????text????tunnel?F-4??????????????????????????????????????????????? ???????n?????v?????v?0????????J???????s?????J??v?????????e????@%SystemRoot%\system32\samsrv.dll,-1??????4??v??????p???MS_WindowsLocalValidation??????v??????@??v????????h??????v??????????????%SystemRoot%\system32\lsass.exe???????J??v?????????n????@%SystemRoot%\system32\samsrv.dll,-2????RPCSS???????? ???v??????????????LocalSystem??????????????????????????????v??????????????????????t??????? ????????????v?v?v?v?v?v?v?v?v???????v???????????e??? ???????v???????????v?0????????????????????????????0????????????????`???????????????????? ????????????????????? ???????????????????? ???????n???????????u??????????T???????????????????????t??????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158315a1ef
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158315a1ef@00254869473f 0xBF 0x1C 0x5A 0x07 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158315a1ef@3cf72a2b0849 0x66 0x84 0x61 0xB5 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ????????Microsoft 6to4 Adapter Driver???? ???????????????????m??????????"??? ???????????? ??????? ??????????? "????????????8B4??ndis5_ip6_tunnel?3???????????}???????????????????h??????????*6to4mp??E??? ????????????????????????????????????????????s?????? ??!???????????x?????6?????????????16??Microsoft 6to4 Adapter #33?6?2???????????3???????0??? ?? ????????????8????6??????T??????3???Microsoft 6to4 Adapter #32?t#*???????????#???????8??????????????????????????????nettun.inf??????? ?????????????????????0??L????????? ???????????? ?????????????????????0????????????&???????????????????????? ?????????????????????0????????????????????????????? ???????????????????o?0?????????????????????????????????????l??wn??????????????????????machine.inf??C???????????????????????????????????????????????_?????????????Z?????????????????????????????????5??????????? ???????????????????k?0??????*?8??? ???????? ??????????????????????????Local Area Connection* 1080??D???????????d??????6_???????

??????????????????????????j??????l?????`????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ????????????????????????? ???w???e?????p????? ???y???t??????????Net?????????????????????????USB?e??????????????????????????????????????????{???{????v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|App=System|Name=@FirewallAPI.dll,-25352|Desc=@FirewallAPI.dll,-25358|EmbedCtxt=@FirewallAPI.dll,-25000|??????????????*6to4mp??&??????????tunnel?:6.????????????N?????? ????D?????*6to4mp??e???????a??????????????????????????*6to4mp??o????X?????????????v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=143:*|RA6=LocalSubnet|Name=@FirewallAPI.dll,-25076|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|?????????????ATDT*99#?????????????????????????????????????????B??????????????????????????????????????????tunnel?8}???????????????????? ???z???????????????z??????????????v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25304|Desc=@FirewallAPI.dll,-25306|EmbedCtxt=@FirewallAPI.dll,-25000|???v2.10|Action=Allow|Acti
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ????????input.inf???? ???????n?????s?????s????????$?`?????????????H??s?????????e????@%SystemRoot%\system32\kmsvc.dll,-6???????Z??s????????h?????%SystemRoot%\System32\svchost.exe -k netsvcs??????H??s?????????n????@%SystemRoot%\system32\kmsvc.dll,-7?????? ???s??????????????????????????????????????????????t??????s?????s?s?s?????? ????????????????s???????????e????,??s????????????????????????????????????`??s??????????????????SeChangeNotifyPrivilege?SeImpersonatePrivilege???????s?s?s?s?s?s?s?s?s?s?s??????????????????????????? ???????s???????????s?,??????,?@??? ???????????? @??s??????????????%SystemRoot%\system32\kmsvc.dll?????????????????????????????? ???????n?????s?????s????$???$???????????????r??????????s????????h?????%SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted?????P??s?????????n????@%SystemRoot%\System32\ListSvc.dll,-101??????????????????????????s???????????e???s?s?s?s?s??@%SystemRoot%\System32\ListSvc.dll,-100????????????????????????????? ????????????s?s?s??????????LanmanServer????? ???s?
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ??????????6??????1??????3?????X??????e??????????????????????????????int??????????????????????????????z???????e??????????Net?????tunnel??? ??8&109f0e1c&0?3????X??????????t????N???????????D??|???????_???s???????????????????????????????????????????????????????????????????????????????????W??????s????????????$???????n???????????????????????$????????????????????????????????N?????????????????{4d36e972-e325-11ce-bfc1-08002be10318}??????Type?:????????????????????X??????????t??? ???????????????????????????y????????:????????g????????????sb??????so???????k???7??s}??????90??????? ??????{745a17a0-74d3-11d0-b6fe-00a0c90f57da}\0009??????????????????????????????6??.7??{4d36e972-e325-11ce-bfc1-08002be10318}??????????????????$???4????? ??????? ??????????????????????????????????????????????????????? ??????????? ??????????? ??????????????? ???&????C???????B??????`????????????????????H???????????????????????????B???????????K???B?????????????????????????? ????F???F?????????? ??????????? ????????????F??????F??????,?????????n???????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ????t?????@??{??? ????h?????viahduaa.sys?????????e???????e??????????Bluetooth????????????????????.???????????????????????z??????????????P???????????????z????{?{?{?{?????z??????????????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|Name=@FirewallAPI.dll,-29007|Desc=@FirewallAPI.dll,-29010|EmbedCtxt=@FirewallAPI.dll,-29002|????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|?????????????????t????z???????????????0???z???????|??*6to4mp?????????????MBRES???*PNP0600?????z??????S????????????z??????????????????????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|Name=@FirewallAPI.dll,-29003|Desc=@FirewallAPI.dll,-29006|EmbedCtxt=@FirewallAPI.dll,-29002|??????????z?????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ?????????????????????????I???O????2?????????????????????sun_VBoxNetFltmp????????????????????????????????????????ar????????????????????>????????g?????????????????????????0???????????g??????????? $??????"?????C32??9&aaa7c05&0??????????????????????????????????????????????f???????????????????n???e????x???????????h??????????????????????????k???????e???????????T?????s_{???????????????????????????????k????????X??????0???e??Logitech??????????????????*?????????????? &??????1?????7f6??????????????????????????????????????????eu?????f??????????????????N??????4?????D,4????????????????????N?????????????????????????????????????????????-5??? f?????????????????????6A????2??????????????????????1??????????????a???????6A????????????????????????????????2?????????????????????????????????????????????????????????.NT??????????????????????????????????????????|???????????????????e???????????v???\??????????????????????????????????????????????????????????????????????01???????????????????????????????f???????????????????-??d0?????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Bind ????????? ??????????????x?H??????????2??12(?6.1.7600.16385??13 ??????????D??-AH??????????-??77(?6.1.7600.16385?13E???????-??77??Microsoft 6to4 Adapter????(?6.1.7600.16385????????????????????@???N??????????? ?????????????????Logitech????????l?????????????????????????????????????????????~??????7??77 ??????????????? ??????????8??3A ???.??????????????????????????????}????????????????????????????????????????????????????8?Microsoft 6to4 Adapter????H??????????2??12(?nettun.inf??????12??????????? ?????????????????????0????????????????????? ?????????????????????0?????????????????? ?????????? ??????????????? ?????????????????????0???????????????????????????????????e?e??? ?????????????????????0??????????????????@?Microsoft 6to4 Adapter??????ed??????????? ?????????????????????0????????????&???????????????????????? ?????????????????????0????????????????????????????? ?????????????????????0??????????????????@???~??????2??5D ??????????6??64??????????? ?????????????????????0????????????????????? ?????????????????????0???????
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Route ???2?3???????????,????????????<??,?????????? ???? ???????:???????????:???????????????????e?????,???:?????&??NetBIOS?????5532?????????????????????????????(??????P???????W????(??????P???????W??????????????????????????????? ??????????? ??????????? ??????????? ???????P???????W???????P???????W??????????:?,???????????????? ??(??????P???????W????(??????P???????W??????????????????????????????? ??????????? ??????????? ??????????? ????(??????P????????????(??????P????????????????????????????????,?????????????????????????? ??????????? ????????????????????????????????????????????(??????P????????????(??????P????????????????????????????????,???(??????P???gsrvctr.ini?????5660???????,?,???????????????? ??(??????P???????W????(??????P???????W??????????????????????????????? ??????????? ??????????? ??????????? ????(??????P????????????(??????P???????????????P???????W???????P???????W??????????,?,???????????????????(??????P???????W????(??????P???????W??????????????????????????????? ??????????? ??????????? ??????????? ??????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Export ???????????????????????????6TO4 Adapteronnection* 15????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????,Microsoft 6to4 Adapter????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Bind ???k?s???????????D??????\i???f?k?k?k?????????????????????6&??????l?l????? ???????j?????d?????k????????????/? ???????I???????????????????????? ???????k??????????????????????N????????????? ??e???p???e???l?los???k???????????????3???k???????k???????????l?l???????????????????k?&??DiskDrive???????????? ???????????k??????s???LegacyDriver????????????????????????rdbss????????????????????????????????????k???k?k?k?k?????????k???k???????????????????k??Btcsrusb?????????????e??|N??mrxsmb???????????????o??In???k???k?????????????g???????????????????s`????l?l?k????????????>??k?????g?????????????????0????6??o??????????????????S????k?????????????????????????s?????????k???????e??Network?????????CC????????????X??????????}???????????????????????????????????????k????N??n???p?????Dev??.NT??g???k?k?k?k????????Ndi-Mp-Bh???? ???????j?????k?????k????????????0????????S????????????????????????? ???????k??????????????????????N???????????mrxsmb??????SbieDrv??????k???k??????????????????????????0????k?k?k?k?k???k???????????l?l???????k?&??tap
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Route ????2D????????????????????????8?????????????16??????????????s5???l????????N??????????????;??{4d36e96a-e325-11ce-bfc1-08002be10318}\0010??????h?W?r?w???h????????????@nettun.inf,%6to4mp.displayname%;Microsoft 6to4 Adapter?????Microsoft 6to4 Adapter???????????????n??sm??????er????????????N??????4?????D"????h?h?i?w???z?w??????????Microsoft 6to4 Adapter #76?6?2??????????????????????????PNP_TDI?????@nettun.inf,%6to4mp.displayname%;Microsoft 6to4 Adapter?pi??@nettun.inf,%6to4mp.displayname%;Microsoft 6to4 Adapter??f??? p?????????????????????????????????????????????????????????Microsoft???*6to4mp??2??nettun.inf???E??{4d36e972-e325-11ce-bfc1-08002be10318}?nst???????2??????????????7.??????ct???????????????u???????????????????E??????C9??@nettun.inf,%6to4mp.displayname%;Microsoft 6to4 Adapter?????????????.N??????????????????????????????????? ???|??????????????????so??????????????????16????????????:??????|?g?????????????????????????????3?????s57???????????"???e??????29??????????????????*isatap???????????????N??????C?????
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Export ?????????????w???????????????????????????e??????????????v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Public|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-32773|Desc=@FirewallAPI.dll,-32776|EmbedCtxt=@FirewallAPI.dll,-32752|?????v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-32777|Desc=@FirewallAPI.dll,-32780|EmbedCtxt=@FirewallAPI.dll,-32752|??????????????????????????????? ??????????????????????????????????????????????????usb.inf?31???????????????????s??????? ???????9?????}"?????????????????????????e?????????????????????????Type?????????????:?w?????????????????????????.??????@oem147.inf,%realtek%;Realtek?????*???????????????????????????????????????????????N???????????????????????X??????????e??????????? ?????????????????|???????????HIDClass?????????????????????????????????????e??????????????????????????????????????\\?\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1
Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Bind ???k????? ???????i?????i??????????(????????????????????.?&??? ???????i?????i??????????4?????????????????????????? ???????i??????????????????????????????????????? ???????i???????????i????????"??????????f???????i ???????????rsas????????????????????????@???????????????@???????????????????????????????D???????????????D?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ???????? ??????????????? ? ????????????.??? ???i?????????????????????????@?????????D????????????????????? ??????? ????????? ???? ????? ? ????????????i????????? ???????i?????????????0??L????????? ??????EV_?????i???i???i????????? ???????i?????i???????0????????????&???????????????????????? ???????i?????????????0????????????????????? ???????i?????????????0????????????????????????md??????? ???????i?????????????0???????????????????????i???i???i???i????? ???????i?????????????0????????????????????? ???????i?????i???????0????????????&????????????????????8??? ???????i?????i???????0???????????
Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Route ????!???6.1.7600.16385???????f?i?i?j?????t????????????????N??????F?????DE-????X?????????????????192.168.1.2??????????????????????????e??????Microsoft????????????????f?Z?i?z????????????????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}??????? p?????????????????????????????????*6to4mp?????????????????????????????@nettun.inf,%msft%;Microsoft????????????????????????????.NT?????*6to4mp????????i????????????????????? p??????1?????}?\??????????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?039????????????????????????????????N??????C?????Dni??{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?vic??????????????????????@nettun.inf,%msft%;Microsoft?C??????????? ??????????????x????????????????????????????1??????-A??Microsoft 6to4 Adapter #73?61D????8?????????????16?????????????????s15??????????????????????????????????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?64F??{4d36e972-e325-11ce-bfc1-08002be10318}????????:??????l?gs_??????6C??????????????????????????????????????????????????????????????????????????????????15????N??????_?????D_{??? ???????|?????s?|?
Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Export ??????????B??????T???????????????e??oem80.inf???????????? ??????????????? ??????????????????????????????????????????????? ?????????????????????????????????? ???????&0??? ??????????????????????????????????????????????? ?????????????????????????????????? ???????&0??? ??????????????????????????????????????????????Generic USB Hub?????*6to4mp?????????????????????????????? ???????5????????????????"?????X???g????????????????????????????????????????????????????#??????????????????{00000000-0000-0000-0000-000000000000}??????4????????????r??????\M??6.1.7600.16385??????????????????????????????????? ?????????????????????0??????????????????????:??????&??????????????????????????????????? ?????????????????????0?????????????????????(N?????????????????????????????????????????? ???????-??????nC????:??????????????????????????????????????????e??????????????? ??????1???????????????????(0???????????????????????????????N?????????D???? ?????????????????????0????????????&????????????????????5??? ?????????????????????0???????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBD 0xF1 0x76 0x6C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC4 0x50 0xD1 0x7E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3C 0x7C 0x42 0xC8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Export ??????????????????????????????N?????????????????{CA7DBBF7-AFFC-4810-AB71-8CF8FF6FCE1D}?1?????????????????????????????????????s??@nettun.inf,%msft%;Microsoft??????6???????????????????:???????????????N???????????D??????????????????????????????????????s?u?y???????????????????????????????e???????l???"???e??Intel(R) 82801 PCI Bridge - 244E?????h?Z?i?i??????????????????8?????????????16??Microsoft?????N??????_?????D14??14??vpcbus???????????????}??01???????j??{4d36e972-e325-11ce-bfc1-08002be10318}?25C???????????????????????????????o????????N????????????D????????????Microsoft????????????????????5??????{4d36e96a-e325-11ce-bfc1-08002be10318}???????????????s???s??? ???????i?????nf:???t?t????????????ar??Microsoft 6to4 Adapter #24??????*6to4mp??|???????_??????????????????????????tunnel?1-0????????????????????:????????g??????:??????o?g?o??????????? ???????????????????????????s?????s.1???????????????????-??????02??MONITOR\DEL3016?????? ???s???7????????????N???????????D?X????????e??text?e??????????????????????9.??? ???_???,?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export ???/?&????????????"???????????c????????? ????~??????????1???????????????intelppm???????????????? ???????????????0????t??Fi????N??/?????????????g????midi8?????p? V???????????/???????/?/?/???b?b?V??????????? ???????0?????/???????0???????????????????????7????1:Brightness=0.0,Contrast=1.0,Saturation=1.0,Gamma=0.0,Hue=0.0;2:Brightness=-3.0,Contrast=1.16,Saturation=1.25,Gamma=0.0,Hue=0.0;3:Brightness=-3.0,Contrast=1.07,Saturation=1.10,Gamma=0.0,Hue=0.0;4:Brightness=7.0,Contrast=1.25,Saturation=0.96,Gamma=0.0,Hue=0.0??????/?/?/???????????7?????????????g????MEDIA???????0???????????????100?????NO?64?????????????????????9??????:?:?????????????????.??????????? ???????.???????????.????????"?????????????? ?x?????????????????.?,??*??? ????? ??????????????? ??????????????/????????????????????????????? ?w?????/???????????.?,?????? ????? ???????ES?????? ????S??y???? ?x?????/?????/?????.?,?????? ?????????????????T-?????? ???????y??????? ??????????????? ???????y????????????????????????????n???/?????????????????e???????????????
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00158315a1ef (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00158315a1ef@00254869473f 0xBF 0x1C 0x5A 0x07 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00158315a1ef@3cf72a2b0849 0x66 0x84 0x61 0xB5 ...
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ???o?????????????&???o????????????????????????????4??o?????????e????RPCSS???????@%SystemRoot%\system32\qmgr.dll,-1000?????????????<??s????????h?????speedfan????@%SystemRoot%\system32\qmgr.dll,-1001????????????????????????????????e???????y??? ???????o?????o???????????????????? ???????????? ???????o????????'???????????L?????????????????????????t???????????????????????@%systemroot%\system32\browser.dll,-102?????????????????t????????????+???+???}?}?}???s?r?p????&??????????????e??NTDS????????????@%systemroot%\system32\browser.dll,-103?????CD/DVD File System Reader???cdrom.inf_amd64_neutral_8363d00ecae4322d?????????????p????2??o????????h???????????????????????"??o??????p???????????????Boot File System??????8??o????????h????????????????g??????R??o???????????d?????????????g?????????????????????o???????????????????????????????o?o?o?o?o?o??????4??o????????h??????????????????????????????????????????????????????????????????????p??????????????t???11???????q???q??Internal????????t??????????????????n????system32\DRIVERS\cd
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ???o????eF??6-21-2006????????t????D??o????????h???????????????????????????????????????????@??o?????????e????Disk Driver???????8??t???????????????????????{??System32\Drivers\dfsc.sys?????>??o?????????e??????"??s??????p????????????????s??system32\DRIVERS\CompositeBus.sys?siteBus.sys?????b??o?????????e??????4??o????????????????????(?????????p???????????????????????????????????t????????????g??????sy??????????????*6to4mp?????@%systemroot%\system32\drivers\dfsc.sys,-101????@%systemroot%\system32\drivers\dfsc.sys,-102????Brother RemovableDisk(U)?????????????????????????????????????????????{??????????????????COM25??????????o???o???o??????P??o?????????n????????????????e???system32\DRIVERS\cdfs.sys???????????????????system32\drivers\csc.sys??????????????????????????????D??p???????????e???????o???:???????????????????{??????????system32\DRIVERS\bowser.sys???????"??o??????p????????????i??t????????????????????????????????????????????????????????????????????????????????????o???????y???????????????????????????????&???o?????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???k????????eF????0??s?????????e?????????????????????????????????q??????????????????????????????????disk?????k?k?o?s?s?l?o???????s???????????????????????????????{???y???q??????j????????u???q?q????? ???????p???????????q?,?????? ?F????????????????????????????????????q????F??q??????????????%systemroot%\system32\sdengin2.dll???????q?q????? ???????p???????????q???????? ?<????????????????g????<??q??????????????%SystemRoot%\System32\wer.dll????????????????????????q?q????? ???????p???????????q?,??????&?N?????????????????????N??q??????????????{CA4E628D-8567-4896-AB6B-835B221F373F}???????????????????????????q?q?q??? ??????????????t?????B??q?????????????e????%systemroot%\system32\tquery.dll?????q?q?q?q?q????B??q??????????????%systemroot%\system32\tquery.dll????? ???????p???????????q?,?????? ?N???+??????????????????????n??????N??q??????????????{FC6F77DD-769A-470E-BCF9-1B6555A118BE}????????????????????????????B??q??????????????%SystemRoot%\system32\wsepno.dll????? ???????p???????????q???????? ?N????????t????D??q?????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???k??????N??j????????????????X??k???&???&???j???m?m?k??fltmgr??????edit????{533c5b84-ec70-11d2-9505-00c04f79deaf}??????{533c5b84-ec70-11d2-9505-00c04f79deaf}\0000?????@volsnap.inf,%msft%;Microsoft???SW\{eeab7790-c514-11d1-b42b-00805fc1270e}???????? ??????????????s???{00000000-0000-0000-ffff-ffffffffffff}???????????????????j??????????? V??j??????????????enum??????N??j?????????D??????????????????????????N??k???p?????D????? ??W???????????o????????\??????s????????????:??????????????????{4d36e972-e325-11ce-bfc1-08002be10318}???????????????????j???n???k???????j???:???:??? l??m???????????????????j???????e??DiskDrive????????u??{00000000-0000-0000-0000-000000000000}????????????????<??k?????????e????????????????????????????? ???????-?????B5F??? ???????fs???????????????8??????? ?????????? ???????j?????j???????????????????????????????k?&??? ???????j?????j?? ???????"?????f????????????k?k?????????????????????k?k?????j?????j?&???????j??????????6.1.7600.16385??????????????????? ????2??j??????????Composite Bus Enumerator? ?
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ???n?????k???????????l?lNd?????k?&????t????????g????????????ms_agilevpnminiport?????{4d36e972-e325-11ce-bfc1-08002be10318}\0006??????????k???3????????????????????????????h??????????????k?l????@netavpna.inf,%msft%;Microsoft???????????e???????m???????????????????????????l??? ???????j?????k?????k????????????F??????????P???????????v??????|???? ???????k???????????k??????????b????????????????????????-??machine.inf??????-?????k?&??usbccgp??????????????????k???1???1??usbccgp??????l???????????????????k???????????????????????????????????3???????????????????????????k??????????7&3396f9b0&0?????????k???-??-2??????????6.1.7600.16385??6.????*??l???????????????????????l??????????Microsoft?????N??l????????D????????????????????s????? h??l???1?????1?1???k?l?????????????3??????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}???????k?f?k?k?i?k?l?l?k?l?l?????????m?????????#??? ???????l?????l???????0????????????&???????????????????????? ???????l?????l???????0????????????????????? ???????l???????????k?0?????????????????????????????5??????net
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???o?o???????????????<????????X?????????????????????????????????????????????????????????????? h??????B??????ot???????????????????????o??????p???????????????????????????????????system32\DRIVERS\HDAudBus.sys?DAudBus.sys?????<??s????????h??????????????????????????????????????????????????????????s?gro??*6to4mp?????????????????????????????t???Extended Base?????P??t?????????n????????????????????????????t???????????????????.NT?????????????{A05DABCF-DABF-4F82-8EC3-376408E16AEF}?ity??? ??????? ?????o?????g?5?????? ?N? ?????????????????????? ??W????:??????????????????????????????????????? ???????o?????o???????5???????????????i????? ???????o?????????????5???????????? ??????o?o??{AA4E204D-855B-4F95-9617-94C55270C8F6}?? ???? ?????????????9?????*??????????N?????????????X??????????e??? h??????:???????????o??? ???????n???????????o?,????????6?w?????4???system32\DRIVERS\EIO64.sys???????&???????p??????????????????????wpdfs.inf????????s??????????s????????????????o?????????e????????? ??????? ?????o?????f?5?????? ?N??????????????
Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Bind ???q?q??*6to4mp??|???????????????q???????:?????k????????eF????0??s?????????e?????????????????????????????????q??????????????????????????????????disk?????k?k?o?s?s?l?o???????s???????????????????????????????{???y???q??????j????????u???q?q????? ???????p???????????q?,?????? ?F????????????????????????????????????q????F??q??????????????%systemroot%\system32\sdengin2.dll???????q?q????? ???????p???????????q???????? ?<????????????????g????<??q??????????????%SystemRoot%\System32\wer.dll????????????????????????q?q????? ???????p???????????q?,??????&?N?????????????????????N??q??????????????{CA4E628D-8567-4896-AB6B-835B221F373F}???????????????????????????q?q?q??? ??????????????t?????B??q?????????????e????%systemroot%\system32\tquery.dll?????q?q?q?q?q????B??q??????????????%systemroot%\system32\tquery.dll????? ???????p???????????q?,?????? ?N???+??????????????????????n??????N??q??????????????{FC6F77DD-769A-470E-BCF9-1B6555A118BE}????????????????????????????B??q??????????????%SystemRoot%\system32\wsepno.dll????? ???????p?????
Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Route ????????{bf49bdee-48bb-11e0-aacb-806e6f6e6963}??st???????k??????????????????????? ????????????X??????D???t???????????????????????????????l??????????????{4d36e96b-e325-11ce-bfc1-08002be10318}\0010?????????????????????? p??????\?????t#*????B?????????????Microsoft????????????????????????????B??????????@bth.inf,%microsoft%;Microsoft??????????????? ???????b?????????????*??L???????????????????????tba???C:\ProgramData\Microsoft\Microsoft Security Client\Support\Application.etl??????{ebb5d2d1-897c-483c-a28d-0b02b8e5f4a5}?????????????????????e? ???????????????I???????????s??t????????????????????????????????????~?????b???b???b???b???b???c???c???????????d???d???d???d???d???d???d???d???d???d???d???d???d???d?C?????d???d???d????????????????????????????????????????????????????????????????????????????????????????????????????@oem61.inf,%intel%;Intel?;(Standard system devices)?????@machine.inf,%gendev_mfg%;(Standard system devices)???????:?????????????@nettun.inf,%6to4mp.displayname%;Microsoft 6to4 Adapter?????Microsoft 6to4
Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Export ????????????? ???????Z?????????????0????????????&???????????????????????? ?????????????????????0??????*?8??? ???????{4??Local Area Connection* 1103?10????????????4Local Area Connection* 845???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????4Microsoft 6to4 Adapter #10????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Bind ???f?s??????????? .??f??????????????? ???h?????????yst???h?h?/???? ??e???M???????f?f?????????s??????????????????monitor?Wi???????h???/?????????n?/???????i???s?????????n-1???????????????????????????d???4???e???????????????????n??|A??????????????????????$???4????? ??????? ????H?????????? ??????????????????????????$|??e???????????????????????????$|??e??????????????????????????GenCdRom?????f?f????????????????????Base?????????????????????????7??{00000000-0000-0000-ffff-ffffffffffff}????????N??g????????D???????N??h???r?????DTh????N???????????D?????????????????????????????????Video????????????????????????d???????????e?e??????`??~???????v???????????$|??e??????????????????????????{4d36e97d-e325-11ce-bfc1-08002be10318}???????????????????????????A???9??????srv2?????????e??????s4??Net?oo?????????????????????g????????????? ?????????????????????,??L???.??????????????????????????????????8??? ???????f?????f?????????????????????????????????????-??25???f?f??????n??????????????????????????????????????f??? ???????f?????d???????
Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Route ????N???????????VBoxNetFlt.ndi????????????????J??????t???????????????;??f???Modem?????????h?????H???@???????@???????H???????????????????????????? h??????0??????o???oem43.inf???????????????????Root\*6TO4MP\0063???????????????????????????\\?\Root#*6TO4MP#0058#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{969CCED3-61BB-4F28-9CD9-0B6262C9238C}?3E??Root\*6TO4MP\0062???????????Root\*6TO4MP\0061????????_???n??sm???????@???@??????\\?\USB#VID_058F&PID_6387#89BF6A3B#{a5dcbf10-6530-11d2-901f-00c04fb951ed}???\\?\PCI#VEN_10EC&DEV_8168&SUBSYS_83A31043&REV_03#4&61613ac&0&00E7#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{8E06BBE3-6C44-4D10-8ED4-81FB96D9F2B1}?9-??\\?\Root#*6TO4MP#0052#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{0B6D52E7-FB9F-48EC-A113-A0FB3AEB45BD}?B1??\\?\Root#*6TO4MP#0061#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{27E35669-ECC4-4A7B-8EB9-CC3CF0D744FB}?3B???????????6??????_{??Root\*6TO4MP\0066????????????E??????35??? ???????????????????0??????????h?????????????h?????H???@???????@???????H???????????????????????????? ??W??????
Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Export ?????????????????A??????nd??@nettun.inf,%msft%;Microsoft?d??@nettun.inf,%msft%;Microsoft?2??????lt???????????i??ev??????????????????????????????????????? p?????????????????????????????????????{4d36e972-e325-11ce-bfc1-08002be10318}\0143?? ??{4d36e972-e325-11ce-bfc1-08002be10318}\0147???????6??????7??????1E???????????????????A??19??tunnel???B??6-21-2006?????????????????????~?????????6A??{4d36e972-e325-11ce-bfc1-08002be10318}?008??@nettun.inf,%msft%;Microsoft????Microsoft 6to4 Adapter #82????????6??????D??????{D??{D??????????????5.0.15.0?r??*6to4mp?0???????????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?mor??Microsoft 6to4 Adapter #84??????????????????????????{4d36e972-e325-11ce-bfc1-08002be10318}?-bf??? p??????9????????????????????????????????????????????????????????????N?????????????????????16??{4d36e972-e325-11ce-bfc1-08002be10318}\0088???????X??????????t??????????????????@nettun.inf,%msft%;Microsoft?|???????????w?????s?w??? ???????a??????ct???????t??*6to4mp??????????????s??????????dy????????????:??????o?ga???? p
Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Bind ???k?v???g?g?f???f?f?f???g?on?????t??????????????????f????N??h???M?????D-1???h?h?i???t?v?v??????????????????? ???h???.??????????? ???????f?????f?????f????(???$? ?????????????s??????????f???????????????????????????????f???????????f?f????Microsoft???? ???????f?????f???????,??4?????????????????????0;?????f????? ???????f?????????????,?????????????????????y?????f????? ???????f???????????f????????"??????????f???f?fos??t????f????????????????L??????6??????????????????????????????? ???h??????????????*6to4mp?????? ???????f???????????f????????$?????????????????????????????? ??????????????? ???????f???????????e????????"??????????f?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????????????????????????????????????????????????? ????????????f??????????????????????????MBRES???t???? ???????f?????f???????0??L????????? ??????.76?????f???f???f?????????????f???????????????f??????????? ???????f?????f???????????????
Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Route ???v??????<??v????????h?????failover????Modem???????????text????tunnel?F-4??????????????????????????????????????????????? ???????n?????v?????v?0????????J???????s?????J??v?????????e????@%SystemRoot%\system32\samsrv.dll,-1??????4??v??????p???MS_WindowsLocalValidation??????v??????@??v????????h??????v??????????????%SystemRoot%\system32\lsass.exe???????J??v?????????n????@%SystemRoot%\system32\samsrv.dll,-2????RPCSS???????? ???v??????????????LocalSystem??????????????????????????????v??????????????????????t??????? ????????????v?v?v?v?v?v?v?v?v???????v???????????e??? ???????v???????????v?0????????????????????????????0????????????????`???????????????????? ????????????????????? ???????????????????? ???????n???????????u??????????T???????????????????????t????????????????????v?v?v????????????????????????T??v????????h???????P??v???????????d??o???????????PlugPlay????\SystemRoot\system32\DRIVERS\sbp2port.sys???sbp2.inf_amd64_neutral_2fff12561375e45f???????????????????????X??????????t??????????????????????? ???????n?????v???
Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Export ???m?v??? ??l???c?????6-4??????????????t?????X??????????t??? ???????l???????????????????????????????f??? ???????l?????l???????0??L????????? ??????????????l???l????? ???????l?????l???????0????????????&???????????????????????? ???????l?????l???????0????????????????????? ???????l???????????j?0????????????????????usbhub??????WAN Miniport (PPPOE)???????????l?????????l???r???e??6.1.7600.16385??6.???l??????????????{4d36e972-e325-11ce-bfc1-08002be10318}\0003?????????????????????Tcpip???????? ???????l?????l???????0????????????????????? ???????l???????????k?0????????????????????root\umbus??cr?????l????? ???????l?????l???????0???????????????????????l???l???l????????? ???????l???????????k?0????????????????????Microsoft????????????l?l?????????l???&?????l????? ???????l?????l???????0????????????&??????????????????????????l???l????? ???????l?????l???????0????????????????????? ???????l???????????k?0?????????????????????????l???????e???????g?????????????????????????????l????? ???????l?????l???????0?????????????????????m?mos?
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBD 0xF1 0x76 0x6C ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC4 0x50 0xD1 0x7E ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3C 0x7C 0x42 0xC8 ...
Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Export ???l?y??????????????2????????????????????????????????????????????v???????????????????T?????? "??????????*6to4mp?????????????????? ???????n???????? ?????????????V???????????Intel(R) SMBus 2.0 Driver????????????4???????????y???????v???????y??????????????n???????????????????????????RapiMgr??E??disk.inf?????????????????????????v?????????? ????????????????????????????????B???????????????????????????????????????y???????????6??????????1.17.62.0????????????4?g-4??????of??????????????????????????*6to4mp??3??????????????t???5952?,??????????????t???????????????????????.NT??m??? ???????n???????????v??????????V?????????????????????????????????????????????????T??v????????h?????\SystemRoot\system32\DRIVERS\sermouse.sys?????(??v?????????e????Serial Mouse Driver??????????v??????p???Pointer Port?????v???????????????v?v?v?v?v?v?v????V??v???????????d??msmouse.inf_amd64_neutral_7a5f47d3150cc0eb??????? ???????n?????t????????????????????????????????????????? ???????v???????????v?????????????????????e?????????????????????s??? ???v?

---- EOF - GMER 1.0.15 ----

GuruX · Aug 6, 2011

PART 2 LOGS

--------------------------------------------------------------------------------------------------------------

DDS.txt

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Gustav at 22:25:27 on 2011-08-06
Microsoft Windows 7 Professional 6.1.7600.0.1252.46.1033.18.4087.1998 [GMT 2:00]
.
AV: Lavasoft Ad-Watch Live! Antivirus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\DU Meter\DUMeterSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Tunngle\TnglCtrl.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\alg.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
e:\installdir\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Personal\bin\Personal.exe
C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe
C:\Program Files (x86)\ASUS\T Probe\TProbe.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Users\Gustav\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\PROGRA~2\DUMETE~1\DUMeter.exe
C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files (x86)\ekort\ekort.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
E:\Installdir\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\SysWOW64\OBroker.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\firefox.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugin-container.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\prevhost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\UltraMon\UltraMonUiAcc.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: e-kort Helper Class: {9065e913-4f23-4b47-9b5d-b055d32db1f3} - C:\Program Files (x86)\ekort\EKortHelper.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: e-kort Toolbar: {8db2b2e8-579f-48a8-a496-18fefcf8f4df} - C:\Program Files (x86)\ekort\EKortToolbar.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Google Update] "C:\Users\Gustav\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [RGSC] E:\Installdir\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
uRun: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe
uRun: [<NO NAME>]
uRun: [DriverMax]
uRun: [DriverMax_RESTART]
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [TurboV EVO] "C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -b
mRun: [T Probe] "C:\Program Files (x86)\ASUS\T Probe\TProbe.exe" -b
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
mRun: [adm_tray.exe] C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [e-kort] C:\PROGRA~2\ekort\ekort.exe /dontopenmycards /Autostart
mRun: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "e:\installdir\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Gustav\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Gustav\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UltraMon.lnk - C:\Windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportera till Microsoft Excel - E:\INSTAL~1\OFFICE~1\Office14\EXCEL.EXE/3000
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{8E06BBE3-6C44-4D10-8ED4-81FB96D9F2B1} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{CD46C4F6-9CBB-49B8-BAFF-C9B5F75C707D} : NameServer = 8.8.8.8
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
AppInit_DLLs: acaptuser32.dll
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
BHO-X64: Virtual Storage Mount Notification - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: e-kort Helper Class: {9065E913-4F23-4B47-9B5D-B055D32DB1F3} - C:\Program Files (x86)\ekort\EKortHelper.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: e-kort Toolbar: {8DB2B2E8-579F-48A8-A496-18FEFCF8F4DF} - C:\Program Files (x86)\ekort\EKortToolbar.dll
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [TurboV EVO] "C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -b
mRun-x64: [T Probe] "C:\Program Files (x86)\ASUS\T Probe\TProbe.exe" -b
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
mRun-x64: [adm_tray.exe] C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [e-kort] C:\PROGRA~2\ekort\ekort.exe /dontopenmycards /Autostart
mRun-x64: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "e:\installdir\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
AppInit_DLLs-X64: acaptuser32.dll
SSODL-X64: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
STS-X64: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Gustav\AppData\Roaming\Mozilla\Firefox\Profiles\y6z65qyn.default\
FF - component: C:\Program Files (x86)\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl.dll
FF - plugin: C:\Users\Gustav\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Users\Gustav\AppData\Roaming\Mozilla\Firefox\Profiles\y6z65qyn.default\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}\plugins\npqbc.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: E:\installdir\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: E:\Installdir\Opera\program\plugins\npqtplugin.dll
FF - plugin: E:\Installdir\Opera\program\plugins\npqtplugin2.dll
FF - plugin: E:\Installdir\Opera\program\plugins\npqtplugin3.dll
FF - plugin: E:\Installdir\Opera\program\plugins\npqtplugin4.dll
FF - plugin: E:\Installdir\Opera\program\plugins\npqtplugin5.dll
FF - plugin: E:\Installdir\Opera\program\plugins\npqtplugin6.dll
FF - plugin: E:\Installdir\Opera\program\plugins\npqtplugin7.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 cbfs3;cbfs3;\??\C:\Windows\system32\drivers\cbfs3.sys --> C:\Windows\system32\drivers\cbfs3.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 20992]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-2-10 90112]
R2 DUMeterSvc;DU Meter Service;C:\Program Files (x86)\DU Meter\DUMeterSvc.exe [2011-5-25 1412488]
R2 IOCBIOS;IOCBIOS;C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\iOCbios.sys [2009-7-9 27096]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-8-12 2151640]
R2 MBAMService;MBAMService;E:\Installdir\Malwarebytes' Anti-Malware\mbamservice.exe [2011-8-6 366640]
R2 MSSQL$VISMA;SQL Server (VISMA);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-6-2 2214504]
R2 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2010-12-11 718072]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
R2 XTUService;Intel(R) Extreme Tuning Utility;C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2009-8-6 30944]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-8-12 17152]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2010-10-18 145512]
R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\system32\DRIVERS\seehcri.sys --> C:\Windows\system32\DRIVERS\seehcri.sys [?]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys --> C:\Windows\system32\DRIVERS\tap0901t.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 GtDetectSc;GtDetectSc;"C:\Program Files\Option\Driver Installer\GtDetectSc.exe" --> C:\Program Files\Option\Driver Installer\GtDetectSc.exe [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-10 135664]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\androidusb.sys --> C:\Windows\system32\Drivers\androidusb.sys [?]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
S3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\system32\DRIVERS\BthAvrcp.sys --> C:\Windows\system32\DRIVERS\BthAvrcp.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys --> C:\Windows\system32\DRIVERS\ggflt.sys [?]
S3 GT72UBUS;GT 72 U BUS;C:\Windows\system32\DRIVERS\gt72ubus.sys --> C:\Windows\system32\DRIVERS\gt72ubus.sys [?]
S3 gupdatem;Tjänsten Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-10 135664]
S3 hwusbfake;Huawei DataCard USB Fake;C:\Windows\system32\DRIVERS\ewusbfake.sys --> C:\Windows\system32\DRIVERS\ewusbfake.sys [?]
S3 Installer Service;Installer Service;C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{94490075-155F-4D08-B92D-4FE592F98591}\Installer\InstallerService.exe [2011-7-16 119296]
S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;C:\Windows\system32\drivers\massfilter_hs.sys --> C:\Windows\system32\drivers\massfilter_hs.sys [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);C:\Windows\system32\DRIVERS\s0016bus.sys --> C:\Windows\system32\DRIVERS\s0016bus.sys [?]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s0016mdfl.sys --> C:\Windows\system32\DRIVERS\s0016mdfl.sys [?]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s0016mdm.sys --> C:\Windows\system32\DRIVERS\s0016mdm.sys [?]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s0016mgmt.sys --> C:\Windows\system32\DRIVERS\s0016mgmt.sys [?]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s0016obex.sys --> C:\Windows\system32\DRIVERS\s0016obex.sys [?]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);C:\Windows\system32\DRIVERS\s0016unic.sys --> C:\Windows\system32\DRIVERS\s0016unic.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys --> C:\Windows\system32\Drivers\VBoxUSB.sys [?]
S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\system32\DRIVERS\vpcuxd.sys --> C:\Windows\system32\DRIVERS\vpcuxd.sys [?]
S3 zghsdiag;ZTE General Handset Diagnostic Port;C:\Windows\system32\DRIVERS\zghsdiag.sys --> C:\Windows\system32\DRIVERS\zghsdiag.sys [?]
S3 zghsmdm;ZTE General Handset USB Modem Proprietary;C:\Windows\system32\DRIVERS\zghsmdm.sys --> C:\Windows\system32\DRIVERS\zghsmdm.sys [?]
.
=============== Created Last 30 ================
.
2011-08-06 16:09:07 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BB87F8E9-83FE-4CA4-B920-2CA08A3AED19}\mpengine.dll
2011-08-06 15:29:35 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-06 15:17:08 -------- d-----w- C:\Program Files (x86)\ESET
2011-08-02 16:24:25 -------- d-----w- C:\Program Files (x86)\FileZilla Server
2011-08-02 15:17:39 -------- d-----w- C:\Users\Gustav\AppData\Roaming\XBMC
2011-08-01 00:17:24 -------- d-----w- C:\Users\Gustav\AppData\Local\Plex Media Server
2011-08-01 00:15:16 -------- d-----w- C:\Program Files\Bonjour
2011-08-01 00:15:16 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-07-31 19:09:11 -------- d-----w- C:\Temp
2011-07-31 10:39:03 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-21 15:07:45 -------- d-sh--w- C:\ProgramData\DSS
2011-07-21 15:07:44 -------- d-----w- C:\ProgramData\Codemasters
2011-07-21 15:03:44 19087360 ----a-w- C:\Windows\SysWow64\mkl_blueripple.dll
2011-07-21 15:03:43 1417216 ----a-w- C:\Windows\SysWow64\rapture3d_oal.dll
2011-07-21 15:03:43 -------- d-----w- C:\Program Files (x86)\BRS
2011-07-21 15:03:40 809496 ----a-r- C:\Windows\SysWow64\tmp89D.tmp
2011-07-21 12:59:17 219440 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2011-07-21 12:59:16 44848 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2011-07-21 12:59:12 -------- d-----w- C:\Program Files\Oracle
2011-07-15 15:30:44 46384 ----a-w- C:\Windows\System32\drivers\VBoxUSB.sys
2011-07-15 15:30:44 164656 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2011-07-15 15:30:44 144688 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2011-07-15 15:30:42 320816 ----a-w- C:\Windows\System32\VBoxNetFltNotify.dll
.
==================== Find3M ====================
.
2011-07-21 15:03:40 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-07-21 15:03:40 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-07-21 15:03:40 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-07-21 15:03:40 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-07-06 17:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-04 15:04:57 478 ----a-w- C:\Windows\SysWow64\zdlcsv.ds.dll
2011-07-04 14:59:45 65536 ----a-w- C:\Windows\SysWow64\Encrypt.dll
2011-07-03 17:47:46 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-06-11 02:56:44 3134464 ----a-w- C:\Windows\System32\win32k.sys
2011-06-02 06:45:22 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-02 06:45:22 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-02 06:45:22 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-02 06:44:54 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-02 06:42:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-02 06:39:54 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-02 06:35:56 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-02 05:59:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-02 05:56:28 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-02 05:56:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-02 05:54:51 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-06-02 05:54:50 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-02 03:51:00 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-06-02 03:50:59 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-06-02 03:45:49 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-02 03:45:49 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 03:45:49 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 03:45:49 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-24 11:21:59 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:34:20 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:34:20 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:34:00 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32:46 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-18 12:32:15 921 ----a-w- C:\Windows\QSFVExit.bat
2011-05-18 08:15:26 166912 ----a-w- C:\Windows\System32\ccdcmbwux64.dll
2011-05-18 08:15:16 640000 ----a-w- C:\Windows\System32\nmwcdcoclsx64.dll
2011-05-18 08:15:04 57856 ----a-w- C:\Windows\System32\nmwcdclsx64.dll
2011-05-18 08:14:20 9216 ----a-w- C:\Windows\System32\drivers\usbser_lowerfltx64.sys
2011-05-18 08:14:16 27136 ----a-w- C:\Windows\System32\drivers\ccdcmbox64.sys
2011-05-18 08:14:12 19968 ----a-w- C:\Windows\System32\drivers\ccdcmbx64.sys
2011-05-18 08:09:48 1721576 ----a-w- C:\Windows\System32\wdfcoinstaller01009.dll
2011-05-11 09:39:50 16432 ----a-w- C:\Windows\System32\lsdelete.exe
.
============= FINISH: 22:25:46,37 ===============
----------------------------------------------------------------------------------------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 2010-02-09 20:22:55
System Uptime: 2011-08-06 22:04:56 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P7P55D PRO
Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz | LGA1156 | 2731/160mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 37 GiB total, 0,722 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 932 GiB total, 31,972 GiB free.
F: is CDROM ()
G: is FIXED (NTFS) - 932 GiB total, 475,451 GiB free.
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Acronis Drive Monitor
Activision(R)
Ad-Aware
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe Acrobat 9.4.5 - CPSID_83708
Adobe AIR
Adobe Community Help
Adobe Connect Add-in
Adobe Creative Suite 5 Master Collection
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader X (10.1.0) - Svenska
Akamai NetSession Interface
Android SDK Tools
Apple Application Support
Apple Software Update
µTorrent
AviSynth 2.5
BankID Security Application 4.17.0
Blur(TM)
Borderlands
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Juarez - Bound in Blood
Catalyst Control Center InstallProxy
ColorPic
cwRsync (remove only)
DAEMON Tools Lite
DiRT 3
DriverMax 5
Dropbox
DU Meter
e-kort
Elasto Mania
eReg
ESET Online Scanner v3
Exact Audio Copy 0.99pb5
ffdshow [rev 2527] [2008-12-19]
FileZilla Client 3.5.0
FileZilla Server
Google Chrome
Google Update Helper
Gordon's Gate Flash Driver 2.2.0.1
Grand Theft Auto IV
GTK+ Runtime 2.14.7 rev a (enbart för avinstallation)
GuildFTPd FTP Deamon
High-Definition Video Playback 10
Huawei modem
ImagXpress
Intel Extreme Tuning Utility
Intel® Solid-State Drive Toolbox
Java Auto Updater
Java(TM) 6 Update 18
Java(TM) 6 Update 26
JGoodies JDiskReport 1.3.2
LOSI 0.4.5
Malwarebytes' Anti-Malware version 1.51.1.1800
Metal Assault
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Primary Interoperability Assemblies 2005
Microsoft Report Viewer Redistributable 2008 (KB971118)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (VISMA)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Setup Support Files (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mobile Connect
Mobile Partner
Mozilla Firefox 5.0.1 (x86 sv-SE)
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Need for Speed(TM) Hot Pursuit
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero Burning ROM 10
Nero Control Center 10
Nero Core Components 10
Nero CoverDesigner 10
Nero Dolby Files 10
Nero Multimedia Suite 10
Nero Update
Nokia Connectivity Cable Driver
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Nokia Software Updater
Notepad++
NVIDIA PhysX
O&K Printer Viewer Pro 2.3
OpenAL
OpenOffice.org 3.2
OpenVPN 2.1.4
Ovi Desktop Sync Engine
OviMPlatform
PC Connectivity Solution
PDF Settings CS5
Pidgin
Pidgin-Encryption Plugin (remove only)
Platform
Plex Media Server
Portal 2
PxMergeModule
Qt SDK
QuickTime
Rapture3D 2.4.8 Game
Realtek 8136 8168 8169 Ethernet Driver
Replay Music
Roadkil's Unstoppable Copier Version 5.2
Sales_MultiDL_MSM7227_V1.00.01
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
SendSpace Wizard
Sibelius Scorch (Firefox, Opera, Netscape only)
Skype™ 5.3
SpeedFan (remove only)
Spotify
SSC Service Utility v4.30
StarCraft II
Steam
Steinberg Cubase 5
Steinberg Drum Loop Expansion 01
Steinberg Groove Agent ONE Content
Steinberg HALionOne
Steinberg HALionOne Additional Content Set 01
Steinberg HALionOne Expression Set
Steinberg HALionOne GM Drum Set
Steinberg HALionOne GM Set
Steinberg HALionOne Pro Set
Steinberg HALionOne Studio Drum Set
Steinberg HALionOne Studio Set
Steinberg LoopMash Content
Steinberg REVerence Content 01
Synergy
Tales of Monkey Island - Lair of the Leviathan
TightVNC 2.0.3
Torrent Episode Downloader
Tunngle beta
VIA Plattform för enhetshanterare
Windows Updates Downloader
Virus Guard - powered by BitDefender
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.11
Wuala
Wuala CBFS
Wuala OverlayIcons
XBMC
XviD MPEG-4 Video Codec
.
==== Event Viewer Messages From Past Week ========
.
2011-08-06 22:21:33, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
2011-08-06 22:05:41, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.20, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
2011-08-06 22:05:21, Error: Application Popup [1060] - \SystemRoot\SysWow64\drivers\tandpl.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
2011-08-06 18:11:49, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.
2011-08-06 18:08:15, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
2011-08-05 11:15:01, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 10.0.2.2, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
2011-08-04 00:19:55, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{8E06BBE3-6C44-4D10-8ED4-81FB96D9F2B1} because another computer on the network has the same name. The server could not start.
2011-08-04 00:19:26, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{CD46C4F6-9CBB-49B8-BAFF-C9B5F75C707D} because another computer on the network has the same name. The server could not start.
2011-08-03 11:32:11, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
2011-08-02 18:24:28, Error: Service Control Manager [7030] - The FileZilla Server FTP server service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
2011-08-02 16:38:04, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Akamai service.
.
==== End Of File ===========================

Bobbye · Aug 6, 2011

Welcome to TechSpot! There are some hidden objects that need to be dealt with. They are a part of the networking and not necessarily malware. So first, I'd like you to go through the following:

How to disable certain Internet Protocol version 6 (IPv6) components in Windows Vista, Windows 7, and Windows Server 2008
You can do it yourself, or let Microsoft "Fix It."

Corresponding to the entries in GMER, this is observed in this entry from the Event Viewer:
2011-08-06 22:21:33, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
==========================================
When you have completed that, reboot and go on to the following:
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

Click START> then RUN
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

Double click combofix.exe & follow the prompts.
ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
.Click on Yes, to continue scanning for malware
.If Combofix asks you to update the program, allow
.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
.Close any open browsers.
.Double click combofix.exe

& follow the prompts to run.
When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
======================================
My Guidelines: please read and follow:

Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
Read my instructions carefully. If you don't understand or have a problem, ask me.
If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
Follow the order of the tasks I give you. Order is crucial in cleaning process.
File sharing programs should be uninstalled or disabled during the cleaning process..
Observe these:
[o] Don't use any other cleaning programs or scans while I'm helping you.
[o] Don't use a Registry cleaner or make any changes in the Registry.
[o] Don't download and install new programs- except those I give you.
Please let me know if there is any change in the system.

If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
Please leave Combofix log in your next reply.

Bobbye · Aug 6, 2011

Got that strange thing that redirects me back to Google search. Is there a name for this virus?

Regarding the (webhp?emsg=). This appears to be specific to the Chrome browser. It's not the 'usual Google redirect' which sends you to a different site other than the one you select from a Google search.

You can put the term (webhp?emsg=) in a Google Search and you will meet the other Chrome users who are experiencing the same thing!

About your question> "Is there a name for this virus.?" As explained, what you are experiencing is not what you seeing in many posts about the 'Google Redirect.' Actually, it has been fondly named that because most people use Google for their search engine- therefore Google is getting blamed. But it's not Google doing the redirecting- it's whatever malware is on the system causing it. So there is not a 'name' for it and it can be caused by many different kinds of malware.

GuruX · Aug 6, 2011

Here is the ComboFix log:

ComboFix 11-08-06.02 - Gustav 2011-08-07 0:19.2.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.46.1033.18.4087.1977 [GMT 2:00]
Körs från: g:\downloads\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Antivirus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Skapade en ny återställningspunkt
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Gustav\AppData\Local\Temp\NOSEventMessages.dll
.
.
(((((((((((((((((((((((( Filer skapade från 2011-07-06 till 2011-08-06 ))))))))))))))))))))))))))))))
.
.
2011-08-06 22:23 . 2011-08-06 22:23 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-08-06 22:23 . 2011-08-06 22:23 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-08-06 22:23 . 2011-08-06 22:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-06 22:14 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A3210E3F-7213-4D00-BC5D-217E1F244159}\mpengine.dll
2011-08-06 15:29 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-06 15:17 . 2011-08-06 15:17 -------- d-----w- c:\program files (x86)\ESET
2011-08-02 16:24 . 2011-08-02 16:24 -------- d-----w- c:\program files (x86)\FileZilla Server
2011-08-02 15:17 . 2011-08-02 15:50 -------- d-----w- c:\users\Gustav\AppData\Roaming\XBMC
2011-08-01 14:23 . 2011-08-01 14:23 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-08-01 00:17 . 2011-08-01 00:22 -------- d-----w- c:\users\Gustav\AppData\Local\Plex Media Server
2011-08-01 00:15 . 2011-08-01 00:15 -------- d-----w- c:\program files\Bonjour
2011-08-01 00:15 . 2011-08-01 00:15 -------- d-----w- c:\program files (x86)\Bonjour
2011-07-31 19:09 . 2011-07-31 19:09 -------- d-----w- C:\Temp
2011-07-31 10:39 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-21 15:07 . 2011-07-21 15:07 -------- d-sh--w- c:\programdata\DSS
2011-07-21 15:07 . 2011-07-21 15:07 -------- d-----w- c:\programdata\Codemasters
2011-07-21 15:03 . 2010-09-22 11:12 19087360 ----a-w- c:\windows\SysWow64\mkl_blueripple.dll
2011-07-21 15:03 . 2011-07-21 15:03 -------- d-----w- c:\program files (x86)\BRS
2011-07-21 15:03 . 2011-03-19 13:16 1417216 ----a-w- c:\windows\SysWow64\rapture3d_oal.dll
2011-07-21 15:03 . 2011-04-15 23:40 809496 ----a-r- c:\windows\SysWow64\tmp89D.tmp
2011-07-21 12:59 . 2011-07-15 15:30 219440 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-07-21 12:59 . 2011-07-15 15:30 44848 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-07-21 12:59 . 2011-07-21 12:59 -------- d-----w- c:\program files\Oracle
2011-07-15 15:30 . 2011-07-15 15:30 46384 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys
2011-07-15 15:30 . 2011-07-15 15:30 164656 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-07-15 15:30 . 2011-07-15 15:30 144688 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-07-15 15:30 . 2011-07-15 15:30 320816 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-21 15:03 . 2010-12-16 14:36 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2011-07-21 15:03 . 2010-12-16 14:36 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-07-21 15:03 . 2010-12-16 14:36 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-07-21 15:03 . 2010-12-16 14:36 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-07-13 04:53 . 2010-12-13 09:42 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-06 17:52 . 2010-12-12 09:29 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-04 14:59 . 2011-05-09 17:25 65536 ----a-w- c:\windows\SysWow64\Encrypt.dll
2011-07-03 17:47 . 2010-11-16 09:08 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-02 05:56 . 2011-07-23 09:06 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-25 06:09 . 2011-06-02 13:10 29288 ----a-w- c:\windows\system32\nvhdap64.dll
2011-05-25 06:09 . 2011-06-02 13:10 174184 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2011-05-25 06:09 . 2011-06-02 13:10 1426536 ----a-w- c:\windows\system32\nvhdagenco642040.dll
2011-05-25 06:09 . 2011-06-02 13:11 1016936 ----a-w- c:\windows\system32\nvvsvc.exe
2011-05-25 06:09 . 2011-06-02 13:11 61544 ----a-w- c:\windows\system32\nvshext.dll
2011-05-25 06:09 . 2011-06-02 13:11 3040872 ----a-w- c:\windows\system32\nvsvc64.dll
2011-05-25 06:09 . 2011-06-02 13:11 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 06:09 . 2011-06-02 13:11 739432 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-05-25 06:09 . 2011-06-02 13:11 6300776 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 06:09 . 2011-06-02 13:10 8863336 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-05-25 06:09 . 2011-06-02 13:10 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-25 06:09 . 2011-06-02 13:10 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-05-25 06:09 . 2011-06-02 13:10 6555240 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-05-25 06:09 . 2011-06-02 13:10 22286952 ----a-w- c:\windows\system32\nvoglv64.dll
2011-05-25 06:09 . 2011-06-02 13:10 16456296 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-05-25 06:09 . 2011-06-02 13:10 2943592 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-25 06:09 . 2011-06-02 13:10 2804328 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-05-25 06:09 . 2011-06-02 13:10 15223912 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-05-25 06:09 . 2011-06-02 13:10 1496168 ----a-w- c:\windows\system32\nvdispco6420150.dll
2011-05-25 06:09 . 2011-06-02 13:10 1427048 ----a-w- c:\windows\system32\nvgenco642090.dll
2011-05-25 06:09 . 2011-06-02 13:10 13206120 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-05-25 06:09 . 2011-06-02 13:10 11992680 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-05-25 06:09 . 2011-06-02 13:10 7123560 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-25 06:09 . 2011-06-02 13:10 5301352 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-05-25 06:09 . 2011-06-02 13:10 2644584 ----a-w- c:\windows\system32\nvapi64.dll
2011-05-25 06:09 . 2011-06-02 13:10 2335848 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-05-25 06:09 . 2011-06-02 13:10 2212968 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-25 06:09 . 2011-06-02 13:10 2082408 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-05-25 06:09 . 2011-06-02 13:10 18583144 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-25 06:09 . 2011-06-02 13:10 13011560 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-05-24 11:21 . 2011-07-05 08:46 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:34 . 2011-07-05 08:46 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:34 . 2011-07-05 08:46 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:34 . 2011-07-05 08:46 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32 . 2011-07-05 08:46 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-05-18 12:32 . 2011-05-18 12:32 921 ----a-w- c:\windows\QSFVExit.bat
2011-05-18 08:15 . 2011-05-18 08:15 166912 ----a-w- c:\windows\system32\ccdcmbwux64.dll
2011-05-18 08:15 . 2011-05-18 08:15 640000 ----a-w- c:\windows\system32\nmwcdcoclsx64.dll
2011-05-18 08:15 . 2010-02-12 13:32 57856 ----a-w- c:\windows\system32\nmwcdclsx64.dll
2011-05-18 08:14 . 2011-05-18 08:14 9216 ----a-w- c:\windows\system32\drivers\usbser_lowerfltx64.sys
2011-05-18 08:14 . 2011-05-18 08:14 27136 ----a-w- c:\windows\system32\drivers\ccdcmbox64.sys
2011-05-18 08:14 . 2011-05-18 08:14 19968 ----a-w- c:\windows\system32\drivers\ccdcmbx64.sys
2011-05-18 08:09 . 2011-05-18 08:09 1721576 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2011-05-11 09:39 . 2010-09-04 10:01 16432 ----a-w- c:\windows\system32\lsdelete.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-06_22.10.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-08-06 22:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-08-06 22:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-08-06 22:17 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-06 22:03 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-06 22:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-06 22:03 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 05:10 . 2011-08-06 22:05 41810 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-08-06 22:19 41810 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-09 19:49 . 2011-08-06 22:19 25072 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-922719257-4210637346-1707227776-1001_UserData.bin
- 2011-08-06 22:03 . 2011-08-06 22:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-06 22:17 . 2011-08-06 22:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-06 22:03 . 2011-08-06 22:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-06 22:17 . 2011-08-06 22:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-02-09 22:16 . 2011-08-06 22:19 146128 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:01 . 2011-08-06 22:02 575996 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-08-06 22:17 575996 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-08-17 00:09 . 2011-08-06 22:17 35995004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-922719257-4210637346-1707227776-1001-8192.dat
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Gustav\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Gustav\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Gustav\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2011-01-17 10:24 155416 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"NokiaOviSuite2"="c:\program files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-06-22 967736]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-10-17 590056]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"DU Meter"="c:\program files (x86)\DU Meter\DUMeter.exe" [2011-01-14 2942856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-02-09 36864]
"TurboV EVO"="c:\program files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-01-19 9900672]
"T Probe"="c:\program files (x86)\ASUS\T Probe\TProbe.exe" [2009-10-20 4010496]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-21 2583040]
"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2009-11-16 604672]
"adm_tray.exe"="c:\program files (x86)\Acronis\DriveMonitor\adm_tray.exe" [2010-06-04 530784]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"e-kort"="c:\progra~2\ekort\ekort.exe" [2008-12-11 377856]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="e:\installdir\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\users\Gustav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Gustav\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BankID Security Application.lnk - c:\program files (x86)\Personal\bin\Personal.exe [2011-1-24 1086288]
UltraMon.lnk - c:\windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico [2010-7-7 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ lsdelete
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 GtDetectSc;GtDetectSc;c:\program files\Option\Driver Installer\GtDetectSc.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-10 135664]
R3 ALSysIO;ALSysIO;c:\users\Gustav\AppData\Local\Temp\ALSysIO64.sys [x]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 cpuz130;cpuz130;c:\users\Gustav\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\program files (x86)\DU Meter 5\DUMETR64.SYS [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [x]
R3 gupdatem;Tjänsten Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-10 135664]
R3 gwiopm;gwiopm;c:\program files (x86)\Unknown Device Identifier\gwiopm.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 Installer Service;Installer Service;c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{94490075-155F-4D08-B92D-4FE592F98591}\Installer\InstallerService.exe [2011-07-16 119296]
R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [x]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [x]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [x]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [x]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [x]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [x]
R3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\DRIVERS\zghsdiag.sys [x]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]
S2 DUMeterSvc;DU Meter Service;c:\program files (x86)\DU Meter\DUMeterSvc.exe [2011-01-14 1412488]
S2 IOCBIOS;IOCBIOS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.SYS [2009-07-09 27096]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-06-28 2151640]
S2 MBAMService;MBAMService;e:\installdir\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 MSSQL$VISMA;SQL Server (VISMA);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2010-11-22 718072]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
S2 XTUService;Intel(R) Extreme Tuning Utility;c:\program files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2009-08-06 30944]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-05-11 17152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2011-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-10 17:03]
.
2011-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-10 17:03]
.
2011-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-922719257-4210637346-1707227776-1001Core.job
- c:\users\Gustav\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-18 13:05]
.
2011-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-922719257-4210637346-1707227776-1001UA.job
- c:\users\Gustav\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-18 13:05]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon1]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2011-05-26 14:11 592384 ----a-w- c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon2]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2011-05-26 14:11 592384 ----a-w- c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon3]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2011-05-26 14:11 592384 ----a-w- c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon4]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2011-05-26 14:11 592384 ----a-w- c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Gustav\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Gustav\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Gustav\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Gustav\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2011-01-17 10:24 188696 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-10-27 462328]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1609296]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Extra genomsökning -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportera till Microsoft Excel - e:\instal~1\OFFICE~1\Office14\EXCEL.EXE/3000
TCP: Interfaces\{8E06BBE3-6C44-4D10-8ED4-81FB96D9F2B1}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{CD46C4F6-9CBB-49B8-BAFF-C9B5F75C707D}: NameServer = 8.8.8.8
FF - ProfilePath - c:\users\Gustav\AppData\Roaming\Mozilla\Firefox\Profiles\y6z65qyn.default\
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DUMeterSvc]
"ImagePath"="c:\program files (x86)\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_USERS\S-1-5-21-922719257-4210637346-1707227776-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:11,e1,21,59,e3,62,03,46,17,c3,9f,95,c5,0d,b3,cb,68,52,e2,0a,a9,62,21,
63,e1,03,25,cc,4e,2f,ee,d1,72,8c,90,4b,62,98,56,cc,88,be,13,58,4e,47,aa,c6,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-922719257-4210637346-1707227776-1001\Software\SecuROM\License information*]
"datasecu"=hex:bf,67,dc,06,69,29,12,04,70,56,34,1b,e4,15,e1,d6,fa,89,c9,9d,06,
4b,04,38,b7,51,1e,4a,28,71,f4,6d,ae,a4,d7,10,c4,ed,6c,33,40,9a,ab,52,40,f6,\
"rkeysecu"=hex:be,d8,2a,ff,10,5a,79,d9,72,ad,5d,d7,b6,63,f0,40
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Sluttid: 2011-08-07 00:24:56
ComboFix-quarantined-files.txt 2011-08-06 22:24
ComboFix2.txt 2011-08-06 22:11
.
Före genomsökningen: 822*341*632 bytes free
Efter genomsökningen: 716*754*944 bytes free
.
- - End Of File - - 21277716078983A7C23EA9F1EB7E3798

------------------------------------------------------------------------------------------------------------
Thank you very much!

Problem still exists after running the fix.
The problem only appears in Firefox. Chrome and internet explorer are both fine. It might be an issue in Firefox then? I recently upgraded to FF 6 beta. I think this is when the problem started. Downgraded to FF5 but no luck. This was before posting at TechSpot.

Bobbye · Aug 7, 2011

Did you handle this from my Reply #3?

How to disable certain Internet Protocol version 6 (IPv6) components in Windows Vista, Windows 7, and Windows Server 2008
You can do it yourself, or let Microsoft "Fix It."

If not, please do it.
===========================================
Regarding Firefox:
"I recently upgraded to FF 6 beta. I think this is when the problem started. Downgraded to FF5 but no luck."
DDS log show FF version is 4.0 Beta 7
The DDS attach.txt show FF version is Mozilla Firefox 5.0.1 (x86 sv-SE)

I see Firefox settings in the DDS log for this profile:
FF - ProfilePath - C:\Users\Gustav\AppData\Roaming\Mozilla\Firefox\Profiles\y6z65qyn.default\
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7
-----------------------------------------
SOP for browsers: Unless you are a Beta Tester, stay away from Beta versions. Beta means bugs. Give new versions a chance to remove the rest of the bugs. Even after Final Release, it's best to wait for a bit. Beta doesn't mean better and new doesn't always mean good!

You need to get Firefox back to last Final Release and uninstall all the beta versions.
----------------------------------------
Therea re a multitude of Google Updates on the system. I haven't ever seen a lit of update like this. I would suggest that you uninstall Google- Toolbar/Program/Search Engine, then reinstall new with the most current update.
And this component:
FF - component: C:\Program Files (x86)\Google\Google Gears\Firefox\lib\ff36\gears.dll
(A Firefox and Internet Explorer extension that allows to navigate on compatible websites offline and synchronize when going back online)
I also see these Google Updates:
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Users\Gustav\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll

Maybe Google UUpdates don't over write like Java doesn't and you end up with multiple versions in Firefox. I know in the Java instance, that it can affect how Firefox works.

I also see these plugins for Opera:
FF - plugin: E:\Installdir\Opera\program\plugins\npqtplugin.dll
FF - plugin: E:\Installdir\Opera\program\plugins\npqtplugin2.dll
FF - plugin: E:\Installdir\Opera\program\plugins\npqtplugin3.dll
FF - plugin: E:\Installdir\Opera\program\plugins\npqtplugin4.dll
FF - plugin: E:\Installdir\Opera\program\plugins\npqtplugin5.dll
FF - plugin: E:\Installdir\Opera\program\plugins\npqtplugin6.dll
FF - plugin: E:\Installdir\Opera\program\plugins\npqtplugin7.dll
FF - plugin: E:\Installdir\Opera\program\plugins\npqtplugin.dll
Maybe these don't overwrite either.
--------------------------------------
But in the Combofix log, all I see for Firefox is:
FF - ProfilePath - c:\users\Gustav\AppData\Roaming\Mozilla\Firefox\Profiles\y6z65qyn.default\
============================================
Do what you have to do to get one version of Firefox and the most current Google- whateveritis-on the system. After doing that, reboot the system and empty the recycle bin
=============================================
See if that makes any difference.

GuruX · Aug 15, 2011

Yes, I did run the MS FixIt to disable IPv6. Uninstalled Google updater, Google Chrome and Firefox. Rebooted and emptied recycle bin. Reinstalled Firefox stable to a new directory. Still no luck.

One thing that I did notice is that if I use the search box in FF, I get to this page.
http://www.google.se/search?q=techs...s=org.mozilla:sv-SE:official&client=firefox-a
Clicking a search result link on that page takes me to the webhp?=emsg page with no search results.
If I instead click the search button on the Google page. I go to:
http://www.google.se/search?q=techs..._gc.r_pw.&fp=6bf9734daa4e880&biw=1262&bih=917
If I then click a search result link, Google takes me to what looks like the same search result page:
http://www.google.se/search?sclient...917&emsg=NCSR&noj=1&ei=wgJJToT_LY_G-Qa63Jn0Bg
Now when I a search result link on that page, I go to the actual link.

Bobbye · Aug 16, 2011

Okay, you need to get the language setting fixed. All 3 of the links you left are for searches on TechSpot pages.Since you mentioned this

But the first one was in my local language and not english. (referring to Mbam)

It appears that Google doesn't know which language to search in. One of the links had:

"Tips: Sök endast efter svenska resultat. Du kan ställa in sökspråk i Inställningar

Clicking on Inställningar allowed me to choose the language I wanted and I got the search in English.

A second language on a system can cause some problems. But since all 3 links bring up the same TechSpot searches, it would appear that your problem is internal.

Click on The Control Panel (Category View)> choose 'Date, Time, Language & Regional Options'> make any adjustments for the language here.

If you're using the Google Toolbar, click on the wrench at the top right and in the Search section, Check the ''Search predictions as you type' box and set the 'Use In' in dialog box to USA

GuruX · Aug 16, 2011

I'm running an english version of Win 7, but my regional settings are all set to swedish. Also google search settings are set to swedish. Google toolbar isn't installed.

One thing that I did try was to deactivate google instant. Now it works like it's supposed to do. I think I'll settle with this fix for now. I don't care that much for google instant. A clean install of Win is coming up anyway soon. Hopefully the problem won't come back with the new install.

Thanks a lot for you help!

Bobbye · Aug 17, 2011

I've used the Google Toolbar since the beginning of time! But I find it has become too intrusive when I search. And I have to do a lot of searching to ID some entries. It searches instead for the way it thinks something should be spelled. While this is helpful in case of a typo, that is way less frequent that the weird spelling being the one I want!

I don't know how different it would be without the toolbar because I'm referring to search features only. Anyway, if you have this quirky thing working okay, we'll leave it at that.

There is an entry I had set up for removal> it's a file from a Fraudulent Security Program:
Please run this Custom CFScript:

[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

Code:

File::
c:\windows\SysWow64\tmp89D.tmp
Folder::
c:\users\UpdatusUser\AppData\Local\temp
c:\users\Guest\AppData\Local\temp
c:\users\Default\AppData\Local\temp
c:\programdata\DSS

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Did you set these?
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
=========================================
We also need to get an online virus scan:

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESETOnlineScan
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
[o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
[o] Double click on the

on your desktop.
Check 'Yes I accept terms of use.'
Click Start button
Accept any security warnings from your browser.
Uncheck 'Remove found threats'
Check 'Scan archives/
Leave remaining settings as is.
Press the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
When the scan completes, press List of found threats
Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
Push the Back button
Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
===============================
After I check these logs, I'll have you remove the cleaning tools we used.

Bobbye · Aug 28, 2011

Since you have not addressed my last instructions in over a week, I am closing the thread.

Inactive Google redirects (webhp?emsg=)

GuruX

GuruX

Bobbye

Posts: 16,313 +36

Bobbye

Posts: 16,313 +36

GuruX

Bobbye

Posts: 16,313 +36

GuruX

Bobbye

Posts: 16,313 +36

GuruX

Bobbye

Posts: 16,313 +36

Bobbye

Posts: 16,313 +36

Similar threads

Latest posts