Inactive google redirect virus

light · 2010/11/24

[Inactive] google redirect virus

hi
latenly i have been redirected on google to othere sites, i dont know why
it also tries to get me to download stuff, and false scans

my system
siw (quick report)

QuickReport from System Information for Windows (http://www.gtopala.com) Friday, July 30, 2010

System Vendor
Manufacturer ASUSTeK Computer INC.
Serial Number 99OAAS459470
Model 1005HA

BIOS Information
Vendor American Megatrends Inc.
Version 1301
Board Product ID 1005HA

Processor Information
Summary 1 Physical Processors / 1 Cores / 2 Logical Processors / 32 bits
Name Intel(R) Atom(TM) CPU N270 @ 1.60GHz
Vendor GenuineIntel
Original System Clock 133 MHz

Storage Device Information
Disk 0 160.0 GB Hitachi HTS543216L9SA00 Hitachi
Disk 1 7986.0 MB Kingston DataTraveler 2.0 USB Device Kingston
DVD 0 NGJ 3W5230PUV SCSI CdRom Device NGJ

Memory Information
Slot 1 DDR2 (PC2-6400) 1024 MBytes A-Data Technology

Display Adapter Information
Mobile Intel(R) 945 Express Chipset Family 224 MBytes
Mobile Intel(R) 945 Express Chipset Family 224 MBytes

Sound Adapter Information
Realtek High Definition Audio Realtek

Network Adapter Information
Atheros AR9285 Wireless Network Adapter WIRELESS LAN Connected [54 Mbps]
Atheros AR8132 PCI-E Fast Ethernet Controller WIRED Disconnected [1000 Mbps]
RT73 USB Wireless LAN Card WIRELESS LAN Disconnected [54 Mbps]

Operating System
Type Windows XP Personal Service Pack 3

sry but i dont knw how to fill it into my profile

light · 2010/11/24

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000002c

Kernel Drivers (total 143):
0x804D7000 \WINDOWS\system32\TUKERNEL.EXE
0x80721000 \WINDOWS\system32\hal.dll
0xF7AD7000 \WINDOWS\system32\KDCOM.DLL
0xF79E7000 \WINDOWS\system32\BOOTVID.dll
0xF74C3000 spmf.sys
0xF7AD9000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xF74AB000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF747D000 ACPI.sys
0xF746C000 pci.sys
0xF75D7000 isapnp.sys
0xF79EB000 compbatt.sys
0xF79EF000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF75E7000 MountMgr.sys
0xF744D000 ftdisk.sys
0xF7857000 PartMgr.sys
0xF79F3000 ACPIEC.sys
0xF7B9F000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF75F7000 VolSnap.sys
0xF7373000 iaStor.sys
0xF7607000 disk.sys
0xF7617000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7353000 fltMgr.sys
0xF7341000 sr.sys
0xF732A000 KSecDD.sys
0xF729D000 Ntfs.sys
0xF7270000 NDIS.sys
0xF7256000 Mup.sys
0xF79F7000 BtHidBus.sys
0xF7222000 \SystemRoot\system32\DRIVERS\tunmp.sys
0xF77B7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF5801000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF57ED000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF57C5000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF564F000 \SystemRoot\system32\DRIVERS\athw.sys
0xF79D7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF562B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF79DF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF77C7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7867000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF55F9000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7AF5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF5E27000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xF557D000 \SystemRoot\System32\Drivers\wdf01000.sys
0xF786F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xEF8BB000 \SystemRoot\System32\Drivers\a2gls4kx.SYS
0xF3CFA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF310C000 \SystemRoot\system32\DRIVERS\ASUSACPI.sys
0xF7877000 \SystemRoot\System32\Drivers\VcommMgr.sys
0xF788F000 \SystemRoot\System32\Drivers\IvtBtBus.sys
0xF3272000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF402C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF3104000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xEF8A4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF401C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF400C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7897000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xEF893000 \SystemRoot\system32\DRIVERS\psched.sys
0xF3FFC000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF789F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF78A7000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7B03000 \SystemRoot\system32\DRIVERS\btnetdrv.sys
0xF78B7000 \SystemRoot\system32\DRIVERS\hamachi.sys
0xF3849000 \SystemRoot\system32\DRIVERS\termdd.sys
0xEF879000 \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
0xF7B05000 \SystemRoot\system32\DRIVERS\swenum.sys
0xEF856000 \SystemRoot\system32\DRIVERS\ks.sys
0xEF7F8000 \SystemRoot\system32\DRIVERS\update.sys
0xF30E8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF3839000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF3829000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF78FF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF3819000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA2BE000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA29A000 \SystemRoot\system32\drivers\portcls.sys
0xF37E9000 \SystemRoot\system32\drivers\drmk.sys
0xF37C9000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B17000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C07000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B19000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7927000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF792F000 \SystemRoot\System32\drivers\vga.sys
0xF7B1B000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B1D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7937000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF793F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6B83000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA267000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA20E000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA1E6000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA1C0000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAA188000 \SystemRoot\system32\DRIVERS\tcpip6.sys
0xF35F8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAA166000 \SystemRoot\System32\drivers\afd.sys
0xF35E8000 \SystemRoot\system32\DRIVERS\Ip6Fw.sys
0xF35D8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF35C8000 \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
0xAA149000 \SystemRoot\system32\DRIVERS\VBoxDrv.sys
0xF3E39000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xAA127000 \??\D:\SUPERAntiSpyware\SASKUTIL.SYS
0xF3E09000 \??\D:\SUPERAntiSpyware\SASDIFSV.SYS
0xAA0FC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA08C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF35A8000 \SystemRoot\System32\Drivers\Fips.SYS
0xAA06A000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7B25000 \??\D:\Avira\AntiVir Desktop\avgio.sys
0xF7B27000 \SystemRoot\system32\drivers\AsUpIO.sys
0xF3008000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA9FF5000 \SystemRoot\system32\DRIVERS\rt73.sys
0xA9E47000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0xF2FF8000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xF321B000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0xF78AF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF0B83000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF2FE8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF0B7B000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF0B77000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF78DF000 \??\C:\WINDOWS\System32\Drivers\KMWDFilter.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF068E000 \SystemRoot\System32\drivers\Dxapi.sys
0xF78F7000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF3B3E000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA9E0D000 \SystemRoot\system32\DRIVERS\prvflder.sys
0xA9DF8000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA9D39000 \??\D:\sanboxie 3.50\SbieDrv.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xA9D94000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9C56000 \SystemRoot\system32\DRIVERS\atksgt.sys
0xF322B000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0xA9BAE000 \SystemRoot\system32\DRIVERS\srv.sys
0xA9CAD000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xA9879000 \SystemRoot\system32\drivers\wdmaud.sys
0xF7747000 \SystemRoot\system32\drivers\sysaudio.sys
0xA920D000 \SystemRoot\System32\Drivers\HTTP.sys
0xA8BE3000 \SystemRoot\System32\Drivers\Udfs.SYS
0xA8554000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
0x10000000 \DAEMON Tools Lite\Engine.dll

Processes (total 63):
0 System Idle Process
4 System
1312 C:\WINDOWS\system32\smss.exe
444 C:\WINDOWS\system32\csrss.exe
764 C:\WINDOWS\system32\winlogon.exe
988 C:\WINDOWS\system32\services.exe
1028 C:\WINDOWS\system32\lsass.exe
1336 C:\WINDOWS\system32\svchost.exe
1444 C:\WINDOWS\system32\svchost.exe
1792 D:\sanboxie 3.50\SbieSvc.exe
1860 C:\WINDOWS\system32\svchost.exe
2040 C:\WINDOWS\system32\svchost.exe
596 C:\WINDOWS\system32\svchost.exe
1692 C:\WINDOWS\system32\spoolsv.exe
736 D:\Avira\AntiVir Desktop\avguard.exe
808 C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
904 C:\WINDOWS\system32\cisvc.exe
1464 D:\LogMeIn Hamachi\hamachi-2.exe
212 C:\Program\Java\jre6\bin\jqs.exe
664 C:\Program\Mouse Driver\KMWDSrv.exe
1084 D:\Avira\AntiVir Desktop\avshadow.exe
1396 C:\Program\Microsoft Private Folder 1.0\PrfldSvc.exe
1996 C:\WINDOWS\system32\svchost.exe
920 C:\WINDOWS\system32\alg.exe
1868 C:\Program\Google\Update\GoogleUpdate.exe
936 C:\WINDOWS\explorer.exe
3180 C:\WINDOWS\system32\wuauclt.exe
3216 C:\WINDOWS\system32\svchost.exe
3496 C:\WINDOWS\RTHDCPL.EXE
3880 C:\Program\Synaptics\SynTP\SynTPEnh.exe
3996 C:\Program\EeePC\ACPI\AsAcpiSvr.exe
4048 C:\Program\EeePC\ACPI\AsEPCMon.exe
696 C:\Program\EeePC\ACPI\AsTray.exe
532 C:\Program\Mouse Driver\StartAutorun.exe
2076 D:\Avira\AntiVir Desktop\avgnt.exe
2104 C:\Program\DELADE~1\INSTAL~1\UPDATE~1\issch.exe
2152 C:\Program\Mouse Driver\KMCONFIG.exe
2188 C:\WINDOWS\system32\igfxtray.exe
2244 C:\WINDOWS\system32\hkcmd.exe
288 C:\WINDOWS\system32\igfxext.exe
2392 C:\Program\Delade filer\Java\Java Update\jusched.exe
2584 C:\WINDOWS\system32\ctfmon.exe
2636 C:\WINDOWS\system32\igfxsrvc.exe
2920 D:\Gadwin Systems\PrintScreen\PrintScreen.exe
3372 C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
520 D:\DAEMON Tools Lite\DTLite.exe
2300 D:\sanboxie 3.50\SbieCtrl.exe
3052 D:\Advanced SystemCare 3\AWC.exe
3364 C:\Program\Mouse Driver\KMProcess.exe
3080 C:\Program\Skype\Phone\Skype.exe
3604 C:\WINDOWS\system32\wbem\wmiapsrv.exe
2284 C:\Program\Skype\Plugin Manager\skypePM.exe
2296 C:\WINDOWS\system32\cidaemon.exe
3900 C:\Program\Adobe\Reader 8.0\Reader\AcroRd32.exe
660 C:\Documents and Settings\magnus gunnarsson\Lokala instÃ¤llningar\Application Data\Google\Chrome\Application\chrome.exe
1664 C:\Documents and Settings\magnus gunnarsson\Lokala instÃ¤llningar\Application Data\Google\Chrome\Application\chrome.exe
2700 C:\Documents and Settings\magnus gunnarsson\Lokala instÃ¤llningar\Application Data\Google\Chrome\Application\chrome.exe
3576 C:\Documents and Settings\magnus gunnarsson\Lokala instÃ¤llningar\Application Data\Google\Chrome\Application\chrome.exe
420 C:\DOCUME~1\MAGNUS~1\LOKALA~1\temp\IJJGlTIlJx.exe
3408 C:\DOCUME~1\MAGNUS~1\LOKALA~1\temp\23243734.exe
2164 C:\Documents and Settings\magnus gunnarsson\Lokala instÃ¤llningar\Application Data\Google\Chrome\Application\chrome.exe
3452 C:\Documents and Settings\magnus gunnarsson\Lokala instÃ¤llningar\Application Data\Google\Chrome\Application\chrome.exe
1532 C:\Documents and Settings\magnus gunnarsson\Mina dokument\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000012`03ebfe00 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS543216L9SA00, Rev: FB2OC40C

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

sending dds after i runned it

light · 2010/11/24

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2009-11-24 00:53:34
System Uptime: 2010-11-24 16:07:41 (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | 1005HA
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | PBGA 437 | 1599/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 72 GiB total, 5,268 GiB free.
D: is FIXED (NTFS) - 72 GiB total, 33,118 GiB free.
F: is CDROM (UDF)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Atheros AR8132 PCI-E Fast Ethernet Controller
Device ID: PCI\VEN_1969&DEV_1062&SUBSYS_838A1043&REV_C0\4&37028E5F&0&00E3
Manufacturer: Atheros
Name: Atheros AR8132 PCI-E Fast Ethernet Controller
PNP Device ID: PCI\VEN_1969&DEV_1062&SUBSYS_838A1043&REV_C0\4&37028E5F&0&00E3
Service: L1c

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VirtualBox Host-Only Ethernet Adapter
Device ID: ROOT\NET\0001
Manufacturer: Sun Microsystems, Inc.
Name: VirtualBox Host-Only Ethernet Adapter
PNP Device ID: ROOT\NET\0001
Service: VBoxNetAdp

==== System Restore Points ===================

RP1: 2010-11-13 10:58:10 - Systemkontrollpunkt
RP2: 2010-11-13 10:58:59 - Software Distribution Service 3.0
RP3: 2010-11-14 15:44:32 - Systemkontrollpunkt
RP4: 2010-11-14 18:30:09 - DirectX 9.0 har installerats
RP5: 2010-11-15 14:28:08 - Software Distribution Service 3.0
RP6: 2010-11-16 15:36:36 - Software Distribution Service 3.0
RP7: 2010-11-17 05:51:01 - Software Distribution Service 3.0
RP8: 2010-11-17 16:57:38 - Installed Java(TM) 6 Update 22
RP9: 2010-11-18 14:27:15 - Software Distribution Service 3.0
RP10: 2010-11-18 21:05:21 - Paint.NET v3.5.6
RP11: 2010-11-19 14:28:27 - Software Distribution Service 3.0
RP12: 2010-11-19 20:57:54 - Software Distribution Service 3.0
RP13: 2010-11-20 10:14:33 - Software Distribution Service 3.0
RP14: 2010-11-21 10:46:58 - Software Distribution Service 3.0
RP15: 2010-11-22 07:47:52 - Software Distribution Service 3.0
RP16: 2010-11-23 05:56:51 - Software Distribution Service 3.0
RP17: 2010-11-24 07:23:07 - Software Distribution Service 3.0

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.5 - Svenska
Adobe Shockwave Player 11.5
Advanced Archive Password Recovery
Advanced SystemCare 3
Adventure Maker v4.5.2 (build1)
Age of Empires II & The Conquerors Expansion
Air Attack
Algodoo Phun edition v5.28
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
ASUS VIBE
Auslogics Disk Defrag
Avidemux 2.5
Battle for Wesnoth 1.8.1
Blender (remove only)
Bonjour
Capitalism II
CCleaner
Cheat Engine 5.6
Cheat Engine 5.6.1
Conduit Engine
Continuum 0.40
Counter-Strike 2D 0.1.1.8
Creeper World DEMO
Dev-C++ 5 beta 9 release (4.9.9.2)
Download Manager 2.3.10
EASEUS Data Recovery Wizard Free Edition 5.0.1
Easy GIF Animator 4.6 Pro
Facebook Plug-In
FileAlyzer
FLV To 3GP 5.0
Folder Size for Windows
Forgotten Elements
Free Screen Video Capture by Topviewsoft 1.1.7
Gadwin PrintScreen
Game Booster
Game Speed Adjuster version 1.0
Garmin Communicator Plugin
Garmin USB Drivers
GIF TO AVI SWF Converter 3.2.2
Glary Registry Repair 3.3.0.852
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Intel(R) Graphics Media Accelerator Driver
IrfanView (remove only)
iTunes
Java Auto Updater
kikin plugin 2.5
Lernout & Hauspie TruVoice American English TTS Engine
LiveUpdate
LogMeIn Hamachi
Map001
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Silverlight
Microsoft Software Update for Web Folders (Swedish) 12
Microsoft Speech Recognition Engine 4.0 (English)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Microsoft XNA Framework Redistributable 4.0
Minecraft 1.2.0_02
Mozilla Firefox (3.6.12)
MS Access 97 SP2
msxml4
Notepad++
OpenAL
OpenLibraries
OpenTTD 1.0.4
Paint.NET v3.5.6
PFConfig 1.0.296
Phyire mod 2.8.1
Python 2.5 PyYAML-3.09
Python 2.5.4
Python 2.6.6
Quick Memory Editor 5.5
QuickTime
RadarSync PC Updater 2011
Rally Masters
Rally Masters Patch
RAR Password Recovery v1.1 RC17 (remove only)
RollerCoaster Tycoon 2
RunAlyzer
RuneScape Launcher 1.0.4
Sandboxie 3.46
Sapi
Say-Now
Scrolling LED Bitmap Generator
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
SimCity 3000
SIW version 2010.04.28
SkypeAnime v1.4
Skype™ 4.1
Snabbkorrigering fÃ¶r Windows XP (KB2158563)
SÃ¤kerhetsuppdatering fÃ¶r Windows Internet Explorer 8 (KB2183461)
SÃ¤kerhetsuppdatering fÃ¶r Windows Internet Explorer 8 (KB2360131)
SÃ¤kerhetsuppdatering fÃ¶r Windows Internet Explorer 8 (KB982381)
SÃ¤kerhetsuppdatering fÃ¶r Windows Media Player (KB2378111)
SÃ¤kerhetsuppdatering fÃ¶r Windows Media Player (KB975558)
SÃ¤kerhetsuppdatering fÃ¶r Windows Media Player (KB978695)
SÃ¤kerhetsuppdatering fÃ¶r Windows XP (KB2079403)
SÃ¤kerhetsuppdatering fÃ¶r Windows XP (KB2115168)
SÃ¤kerhetsuppdatering fÃ¶r Windows XP (KB2121546)
SÃ¤kerhetsuppdatering fÃ¶r Windows XP (KB2160329)
SÃ¤kerhetsuppdatering fÃ¶r Windows XP (KB2229593)
SÃ¤kerhetsuppdatering fÃ¶r Windows XP (KB2259922)
SÃ¤kerhetsuppdatering fÃ¶r Windows XP (KB2279986)
SÃ¤kerhetsuppdatering fÃ¶r Windows XP (KB2286198)
SÃ¤kerhetsuppdatering fÃ¶r Windows XP (KB2296011)
SÃ¤kerhetsuppdatering fÃ¶r Windows XP (KB2347290)
SÃ¤kerhetsuppdatering fÃ¶r Windows XP (KB2360937)
SÃ¤kerhetsuppdatering fÃ¶r Windows XP (KB2387149)
SÃ¤kerhetsuppdatering fÃ¶r Windows XP (KB975562)
SÃ¤kerhetsuppdatering fÃ¶r Windows XP (KB979482)
SÃ¤kerhetsuppdatering fÃ¶r Windows XP (KB979559)
SÃ¤kerhetsuppdatering fÃ¶r Windows XP (KB979687)
SÃ¤kerhetsuppdatering fÃ¶r Windows XP (KB980195)
SÃ¤kerhetsuppdatering fÃ¶r Windows XP (KB980218)
SÃ¤kerhetsuppdatering fÃ¶r Windows XP (KB980436)
SÃ¤kerhetsuppdatering fÃ¶r Windows XP (KB981322)
SÃ¤kerhetsuppdatering fÃ¶r Windows XP (KB981852)
SÃ¤kerhetsuppdatering fÃ¶r Windows XP (KB981957)
SÃ¤kerhetsuppdatering fÃ¶r Windows XP (KB981997)
SÃ¤kerhetsuppdatering fÃ¶r Windows XP (KB982132)
SÃ¤kerhetsuppdatering fÃ¶r Windows XP (KB982214)
SÃ¤kerhetsuppdatering fÃ¶r Windows XP (KB982665)
SÃ¤kerhetsuppdatering fÃ¶r Windows XP (KB982802)
SSIII Solo Ultratus 1.2
Steam
Stranded II 1.0.0.1
SUPERAntiSpyware
System Requirements Lab
System Requirements Lab CYRI
System Requirements Lab for Intel
The Settlers IV
Unity Web Player
Universal Extractor 1.6.1
Uppdatering fÃ¶r Windows XP (KB2141007)
Uppdatering fÃ¶r Windows XP (KB2345886)
uTorrentBar Toolbar
VDMSound
WebFldrs XP
Westwood Online
Westwood Shared Internet Components
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
WinHTTrack Website Copier 3.43-9C
WinZip 14.5
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Zip Password Recovery Processor
Yawcam 0.3.3
YouTube Downloader 2.6.2

==== End Of File ===========================

second file

DDS (Ver_10-11-10.01) - NTFSx86
Run by magnus gunnarsson at 16:23:49,46 on 2010-11-24
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.1015.451 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
D:\sanboxie 3.50\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
D:\Avira\AntiVir Desktop\avguard.exe
C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
D:\LogMeIn Hamachi\hamachi-2.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\Program\Mouse Driver\KMWDSrv.exe
D:\Avira\AntiVir Desktop\avshadow.exe
C:\Program\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\RTHDCPL.EXE
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\EeePC\ACPI\AsAcpiSvr.exe
C:\Program\EeePC\ACPI\AsEPCMon.exe
C:\Program\EeePC\ACPI\AsTray.exe
C:\Program\Mouse Driver\StartAutorun.exe
D:\Avira\AntiVir Desktop\avgnt.exe
C:\Program\DELADE~1\INSTAL~1\UPDATE~1\issch.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program\Mouse Driver\KMConfig.exe
C:\Program\Delade filer\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\DAEMON Tools Lite\DTLite.exe
D:\sanboxie 3.50\SbieCtrl.exe
C:\Program\Mouse Driver\KMProcess.exe
D:\Advanced SystemCare 3\AWC.exe
C:\DOCUME~1\MAGNUS~1\LOKALA~1\Temp\IJJGlTIlJx.exe
C:\DOCUME~1\MAGNUS~1\LOKALA~1\Temp\23243734.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\magnus gunnarsson\Lokala instÃ¤llningar\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\magnus gunnarsson\Lokala instÃ¤llningar\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\magnus gunnarsson\Lokala instÃ¤llningar\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\magnus gunnarsson\Lokala instÃ¤llningar\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\magnus gunnarsson\Lokala instÃ¤llningar\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\magnus gunnarsson\Lokala instÃ¤llningar\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\magnus gunnarsson\Skrivbord\dds.pif
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page =
uSearch Bar =
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program\utorrentbar\tbuTor.dll
mWinlogon: UIHost=c:\windows\system32\logonui.exe
BHO: LÃ¤nkhjÃ¤lp till Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program\conduitengine\ConduitEngine.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live inloggningshjÃ¤lpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program\utorrentbar\tbuTor.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program\windows live\toolbar\wltcore.dll
BHO: kikin Plugin: {e601996f-e400-41ca-804b-cd6373a7eee2} - c:\program\kikin\ie_kikin.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program\windows live\toolbar\wltcore.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program\daemon tools toolbar\DTToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program\google\google toolbar\GoogleToolbar_32.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program\utorrentbar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program\conduitengine\ConduitEngine.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Gadwin PrintScreen] d:\gadwin systems\printscreen\PrintScreen.exe /nosplash
uRun: [swg] "c:\program\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [DAEMON Tools Lite] "d:\daemon tools lite\DTLite.exe" -autorun
uRun: [SandboxieControl] "d:\sanboxie 3.50\SbieCtrl.exe "
uRun: [Steam] d:\steam\Steam.exe -silent
uRun: [Advanced SystemCare 3] "d:\advanced systemcare 3\AWC.exe" /startup
uRun: [IJJGlTIlJx.exe] c:\docume~1\magnus~1\lokala~1\temp\IJJGlTIlJx.exe
uRun: [23243734] c:\docume~1\magnus~1\lokala~1\temp\23243734.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SynTPEnh] c:\program\synaptics\syntp\SynTPEnh.exe
mRun: [SynAsusAcpi] c:\program\synaptics\syntp\SynAsusAcpi.exe
mRun: [AsusACPIServer] c:\program\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program\eeepc\acpi\AsEPCMon.exe
mRun: [AsusTray] c:\program\eeepc\acpi\AsTray.exe
mRun: [KMCONFIG] c:\program\mouse driver\StartAutorun.exe KMConfig.exe
mRun: [ISUSPM Startup] c:\program\delade~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [avgnt] "d:\avira\antivir desktop\avgnt.exe" /min
mRun: [ISUSScheduler] "c:\program\delade~1\instal~1\update~1\issch.exe" -start
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program\delade filer\java\java update\jusched.exe "
mPolicies-explorer: NoPopUpsOnBoot = 1 (0x1)
IE: E&xportera till Microsoft Excel - c:\program\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Skicka till &Bluetooth-enhet... - c:\program\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Skicka till Bluetooth - c:\program\widcomm\bluetooth software\btsendto_ie.htm
IE: Sothink SWF Catcher - c:\program\delade filer\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program\delade filer\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program\kikin\ie_kikin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C}
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - d:\program\winhttrack\WinHTTrackIEBar.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.53.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\windows\system32\skype4com.dll
Notify: !SASWinLogon - d:\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SwUpdate - {003541A1-3BC0-1B1C-AAF3-040114001C01} - c:\documents and settings\all users\application data\macromedia\swupdate\swupdate.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\superantispyware\SASSEH.DLL
mASetup: {9CB5900A-8628-A49B-FEA5-DF23A5520525} - c:\windows\system32:Shdll.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\magnus~1\applic~1\mozilla\firefox\profiles\jw1t28dz.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.hackthissite.org/
FF - component: c:\documents and settings\magnus gunnarsson\application data\mozilla\firefox\profiles\jw1t28dz.default\extensions\{aa994882-f391-4d2e-806f-8908da4814ed}\platform\winnt\components\kikin_3_0.dll
FF - component: c:\documents and settings\magnus gunnarsson\application data\mozilla\firefox\profiles\jw1t28dz.default\extensions\{aa994882-f391-4d2e-806f-8908da4814ed}\platform\winnt\components\kikin_3_6.dll
FF - component: c:\documents and settings\magnus gunnarsson\application data\mozilla\firefox\profiles\jw1t28dz.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\magnus gunnarsson\application data\mozilla\firefox\profiles\jw1t28dz.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\magnus gunnarsson\application data\mozilla\firefox\profiles\jw1t28dz.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\documents and settings\magnus gunnarsson\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\magnus gunnarsson\application data\mozilla\firefox\profiles\jw1t28dz.default\extensions\{aa994882-f391-4d2e-806f-8908da4814ed}\platform\winnt\plugins\npKikinIframe.dll
FF - plugin: c:\documents and settings\magnus gunnarsson\application data\mozilla\firefox\profiles\jw1t28dz.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
FF - plugin: c:\documents and settings\magnus gunnarsson\lokala instÃ£¤llningar\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\magnus gunnarsson\lokala instÃ£¤llningar\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - plugin: d:\download manager\npfpdlm.dll
FF - plugin: d:\itunes\mozilla plugins\npitunes.dll
FF - plugin: d:\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\quicktime\plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
c:\program\mozilla firefox\greprefs\all.js - pref( "browser.visited_color ", "#551A8B ");
c:\program\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqz9s ", true); // Traditional
c:\program\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqs8s ", true); // Simplified
c:\program\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--j6w193g ", true);
c:\program\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4a87g ", true);
c:\program\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7c0a67fbc ", true);
c:\program\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7cvafr ", true);
c:\program\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kpry57d ", true); // Traditional
c:\program\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kprw13d ", true); // Simplified
c:\program\mozilla firefox\defaults\pref\firefox-l10n.js - pref( "browser.fixup.alternate.suffix ", ".se ");
c:\program\mozilla firefox\defaults\pref\firefox.js - pref( "browser.videoFeeds.handler ", "ask ");

============= SERVICES / DRIVERS ===============

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-1-21 21512]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-7-11 11448]
R1 avgio;avgio;d:\avira\antivir desktop\avgio.sys [2010-4-22 11608]
R1 SASDIFSV;SASDIFSV;d:\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;d:\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2010-1-31 123280]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2010-1-31 41616]
R2 AntiVirService;Avira AntiVir Guard;d:\avira\antivir desktop\avguard.exe [2010-4-22 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-22 60936]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-1 55152]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;d:\logmein hamachi\hamachi-2.exe [2010-3-30 1107336]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program\mouse driver\KMWDSrv.exe [2008-6-23 208896]
R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [2006-4-21 70912]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-1-21 26248]
R3 SbieDrv;SbieDrv;d:\sanboxie 3.50\SbieDrv.sys [2010-7-4 119016]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-12-17 110096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-9-1 1684736]
S3 GWHid;VL807 Hidmini driver;c:\windows\system32\drivers\gwhid.sys --> c:\windows\system32\drivers\GWHid.sys [?]
S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-8-27 38912]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program\lavasoft\ad-aware\kernexplorer.sys --> c:\program\lavasoft\ad-aware\KernExplorer.sys [?]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2009-9-1 1015424]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2009-8-27 39040]
S3 VL807;VL807 Filter;c:\windows\system32\drivers\vl807.sys --> c:\windows\system32\drivers\VL807.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\avira\antivir desktop\sched.exe [2010-4-22 135336]
S4 fsssvc;Windows Live Family Safety;c:\program\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S4 gupdate;Google Update Service (gupdate);c:\program\google\update\GoogleUpdate.exe [2009-11-25 135664]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program\microsoft sql server\100\shared\sqladhlp.exe [2009-7-23 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

=============== Created Last 30 ================

2010-11-24 12:13:07 -------- d-----w- C:\TDSSKiller_Quarantine
2010-11-18 21:34:04 131584 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-11-16 22:41:00 323624 ----a-w- c:\windows\system32\wiaaut.dll
2010-11-14 17:31:02 -------- d-----w- c:\windows\RegisteredPackages
2010-11-14 17:27:22 -------- d--h--w- c:\windows\msdownld.tmp
2010-11-14 16:04:57 -------- d-----w- C:\gmod
2010-11-14 10:26:44 -------- d-----w- c:\program\CCleaner
2010-11-11 20:28:31 -------- d-----w- c:\docume~1\magnus~1\lokala~1\applic~1\jagexlauncher
2010-11-11 16:28:11 -------- d-----w- c:\docume~1\magnus~1\applic~1\kikin
2010-11-11 16:28:07 -------- d-----w- c:\program\kikin
2010-11-07 23:23:59 667648 ----a-w- c:\windows\system32\tx14_doc.dll
2010-11-07 23:23:59 61440 ----a-w- c:\windows\system32\tx14_bmp.flt
2010-11-07 23:23:59 331776 ----a-w- c:\windows\system32\tx14_css.dll
2010-11-07 23:23:58 765952 ----a-w- c:\windows\system32\tx14.dll
2010-11-06 17:54:37 -------- d-----w- c:\docume~1\magnus~1\lokala~1\applic~1\Paint.NET
2010-11-06 17:07:47 269824 ----a-w- c:\windows\shdll.exe
2010-11-05 11:48:25 -------- d-----w- c:\program\Conduit
2010-11-05 11:48:25 -------- d-----w- c:\docume~1\magnus~1\lokala~1\applic~1\Conduit
2010-11-05 11:48:23 -------- d-----w- c:\docume~1\magnus~1\lokala~1\applic~1\uTorrentBar
2010-11-05 11:48:18 -------- d-----w- c:\program\ConduitEngine
2010-11-05 11:48:18 -------- d-----w- c:\docume~1\magnus~1\lokala~1\applic~1\ConduitEngine
2010-11-05 11:48:10 -------- d-----w- c:\program\uTorrentBar
2010-11-04 14:07:11 -------- d-----w- c:\docume~1\magnus~1\applic~1\PlaneShift
2010-11-04 14:07:11 -------- d-----w- c:\docume~1\magnus~1\applic~1\CrystalSpace
2010-11-04 14:07:11 -------- d-----w- c:\docume~1\magnus~1\applic~1\CrystalApp
2010-11-04 13:51:54 -------- d-----w- c:\docume~1\magnus~1\applic~1\treasurechest
2010-11-02 18:22:16 -------- d-----w- c:\docume~1\magnus~1\lokala~1\applic~1\Myst V Demo
2010-11-02 18:22:10 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-11-01 19:14:53 -------- d-----w- c:\docume~1\magnus~1\applic~1\.minecraft
2010-10-30 08:54:40 -------- d-----w- c:\program\Microsoft XNA
2010-10-27 18:33:58 -------- d-----w- c:\documents and settings\magnus gunnarsson\.idlerc

==================== Find3M ====================

2010-11-05 21:31:57 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-11-05 21:31:57 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-27 19:29:43 4 ----a-w- C:\timestmp.tmp
2010-09-18 10:23:44 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:42 974848 ------w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:42 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:42 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 03:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 01:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:52:34 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 09:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:52:44 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57:46 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03:53 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:54:29 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43:50 5120 ----a-w- c:\windows\system32\xpsp4res.dll

============= FINISH: 16:25:33,85 ===============

some text might be in swedish

light · 2010/11/24

ehm... when i was scanning whit gmer i got error messsage abut an error when indexing memory storage or somheting and that i needed to restart, also about low memory... but i got 6 gb, isnt that enough?
saved a part of the log and restarted pc

Hm after scanning for about 3 - 5 hours, i got bluescreen
Should i try again in safemode?

Also i latenly scanned whit malware byte (about 2 days ago) and found nothing, should i still scan again and post report

Well getting late so i se you tomorow

broni · 2010/11/24

Please post fresh MBAM log.

Please download Rootkit Unhooker . Save it to your desktop.

Alternative download: http://www.softpedia.com/progDownload/Rootkit-Unhooker-Download-61519.html

Now double-click on RKUnhookerLE.exe to run it.

Click the Report tab, then click Scan.

Checkmark Drivers, Stealth. Uncheck the rest. Click OK.

Wait till the scanner has finished and then click File, Save Report.

Save the report to some known location. Click Close.

Copy the entire content of the report and paste it in a reply here.

Note. You may get this warning it is ok, just ignore it:
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay? "

light · 2010/11/25

ok, hm seemed that you where right, i shouldnt have doubt about it
heres the mbam virus report

heres first

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Databasversion: 4002

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2010-11-24 21:24:47
mbam-log-2010-11-24 (21-24-47).txt

Skanningstyp: FullstÃ¤ndig skanning (C:\|D:\|)
Antal skannade objekt: 23249
FÃ¶rfluten tid: 30 minut(er), 59 sekund(er)

Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 1
Infekterade registernycklar: 1
Infekterade registervÃ¤rden: 1
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 1

Infekterade minnesprocesser:
(Inga illasinnade poster hittades)

Infekterade minnesmoduler:
C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dll (Trojan.Agent) -> Delete on reboot.

Infekterade registernycklar:
HKEY_CLASSES_ROOT\CLSID\{003541a1-3bc0-1b1c-aaf3-040114001c01} (Trojan.Agent) -> Quarantined and deleted successfully.

Infekterade registervÃ¤rden:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\swupdate (Trojan.Agent) -> Quarantined and deleted successfully.

Infekterade registerdataposter:
(Inga illasinnade poster hittades)

Infekterade mappar:
(Inga illasinnade poster hittades)

Infekterade filer:
C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dll (Trojan.Agent) -> Delete on reboot.

and second

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Databasversion: 4002

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2010-11-25 15:49:03
mbam-log-2010-11-25 (15-49-03).txt

Skanningstyp: FullstÃ¤ndig skanning (C:\|D:\|)
Antal skannade objekt: 510883
FÃ¶rfluten tid: 7 timme(ar), 43 minut(er), 40 sekund(er)

Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 0
Infekterade registervÃ¤rden: 0
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 3

Infekterade minnesprocesser:
(Inga illasinnade poster hittades)

Infekterade minnesmoduler:
(Inga illasinnade poster hittades)

Infekterade registernycklar:
(Inga illasinnade poster hittades)

Infekterade registervÃ¤rden:
(Inga illasinnade poster hittades)

Infekterade registerdataposter:
(Inga illasinnade poster hittades)

Infekterade mappar:
(Inga illasinnade poster hittades)

Infekterade filer:
D:\Cheat Engine\Systemcallretriever.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\Local.dtd (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\Ui.dtd (Malware.Trace) -> Quarantined and deleted successfully.

some is in swedish, ok i

light · 2010/11/25

i used the rku unlockor or what it was, scan barley took a half sec... is that good?

RkUnhooker report generator v0.7
==============================================
Rootkit Unhooker kernel version: 3.7.300.505
==============================================
Windows Major Version: 5
Windows Minor Version: 1
Windows Build Number: 2600
==============================================
>Drivers
Driver: C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
Address: 0xF62E7000
Size: 5857280 bytes

Driver: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xAA2BE000
Size: 5251072 bytes

Driver: C:\WINDOWS\System32\igxpdx32.DLL
Address: 0xBF1E7000
Size: 2699264 bytes

Driver: PnpManager
Address: 0x804D7000
Size: 2400256 bytes

Driver: RAW
Address: 0x804D7000
Size: 2400256 bytes

Driver: C:\WINDOWS\system32\TUKERNEL.EXE
Address: 0x804D7000
Size: 2400256 bytes

Driver: WMIxWDM
Address: 0x804D7000
Size: 2400256 bytes

Driver: Win32k
Address: 0xBF800000
Size: 1855488 bytes

Driver: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000
Size: 1855488 bytes

Driver: C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
Address: 0xA9E47000
Size: 1761280 bytes

Driver: C:\WINDOWS\System32\igxpdv32.DLL
Address: 0xBF04F000
Size: 1671168 bytes

Driver: C:\WINDOWS\system32\DRIVERS\athw.sys
Address: 0xF6135000
Size: 1531904 bytes

Driver: PCI_PNP4910
Address: 0xF74C3000
Size: 995328 bytes

Driver: spss.sys
Address: 0xF74C3000
Size: 995328 bytes

Driver: sptd
Address: 0xF74C3000
Size: 995328 bytes

Driver: iaStor.sys
Address: 0xF7373000
Size: 892928 bytes

Driver: Ntfs.sys
Address: 0xF729D000
Size: 577536 bytes

Driver: C:\WINDOWS\System32\Drivers\wdf01000.sys
Address: 0xF6063000
Size: 507904 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rt73.sys
Address: 0xA9FF5000
Size: 479232 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xAA08C000
Size: 458752 bytes

Driver: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF0269000
Size: 385024 bytes

Driver: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xAA20E000
Size: 364544 bytes

Driver: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xA9941000
Size: 360448 bytes

Driver: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000
Size: 286720 bytes

Driver: C:\WINDOWS\system32\DRIVERS\atksgt.sys
Address: 0xA9AD9000
Size: 274432 bytes

Driver: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA8F7E000
Size: 266240 bytes

Driver: C:\WINDOWS\System32\Drivers\a0yxjzbo.SYS
Address: 0xF032C000
Size: 233472 bytes

Driver: C:\WINDOWS\system32\DRIVERS\tcpip6.sys
Address: 0xAA188000
Size: 229376 bytes

Driver: C:\WINDOWS\system32\DRIVERS\SynTP.sys
Address: 0xF60DF000
Size: 204800 bytes

Driver: ACPI.sys
Address: 0xF747D000
Size: 188416 bytes

Driver: NDIS.sys
Address: 0xF7270000
Size: 184320 bytes

Driver: C:\WINDOWS\System32\igxpgd32.dll
Address: 0xBF024000
Size: 176128 bytes

Driver: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xA8C33000
Size: 176128 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xAA0FC000
Size: 176128 bytes

Driver: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xF62AB000
Size: 163840 bytes

Driver: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xAA1E6000
Size: 163840 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xAA1C0000
Size: 155648 bytes

Driver: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xAA29A000
Size: 147456 bytes

Driver: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF6111000
Size: 147456 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF02C7000
Size: 143360 bytes

Driver: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xAA166000
Size: 139264 bytes

Driver: C:\WINDOWS\system32\DRIVERS\avipbb.sys
Address: 0xAA06A000
Size: 139264 bytes

Driver: D:\SUPERAntiSpyware\SASKUTIL.SYS
Address: 0xAA127000
Size: 139264 bytes

Driver: ACPI_HAL
Address: 0x80721000
Size: 134400 bytes

Driver: C:\WINDOWS\system32\hal.dll
Address: 0x80721000
Size: 134400 bytes

Driver: fltMgr.sys
Address: 0xF7353000
Size: 131072 bytes

Driver: ftdisk.sys
Address: 0xF744D000
Size: 126976 bytes

Driver: D:\sanboxie 3.50\SbieDrv.sys
Address: 0xA9D39000
Size: 126976 bytes

Driver: C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys
Address: 0xAA149000
Size: 118784 bytes

Driver: Mup.sys
Address: 0xF7256000
Size: 106496 bytes

Driver: C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys
Address: 0xF02EA000
Size: 106496 bytes

Driver: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS
Address: 0xF74AB000
Size: 98304 bytes

Driver: KSecDD.sys
Address: 0xF732A000
Size: 94208 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF0315000
Size: 94208 bytes

Driver: C:\WINDOWS\system32\DRIVERS\avgntflt.sys
Address: 0xA9DF8000
Size: 86016 bytes

Driver: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA9C5C000
Size: 86016 bytes

Driver: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF62D3000
Size: 81920 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xAA267000
Size: 77824 bytes

Driver: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000
Size: 73728 bytes

Driver: C:\WINDOWS\System32\igxprd32.dll
Address: 0xBF012000
Size: 73728 bytes

Driver: C:\WINDOWS\system32\DRIVERS\prvflder.sys
Address: 0xA9E0D000
Size: 73728 bytes

Driver: sr.sys
Address: 0xF7341000
Size: 73728 bytes

Driver: pci.sys
Address: 0xF746C000
Size: 69632 bytes

Driver: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF0304000
Size: 69632 bytes

Driver: C:\WINDOWS\System32\Drivers\Udfs.SYS
Address: 0xA9211000
Size: 69632 bytes

Driver: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF3D8F000
Size: 65536 bytes

Driver: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF4D3C000
Size: 65536 bytes

Driver: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF4CEC000
Size: 61440 bytes

Driver: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF4D2C000
Size: 61440 bytes

Driver: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xF76E7000
Size: 61440 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF4CDC000
Size: 61440 bytes

Driver: fjakxov.sys
Address: 0xF75D7000
Size: 57344 bytes

Driver: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF7627000
Size: 53248 bytes

Driver: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF68FD000
Size: 53248 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF543E000
Size: 53248 bytes

Driver: C:\WINDOWS\system32\DRIVERS\STREAM.SYS
Address: 0xF3BBE000
Size: 53248 bytes

Driver: VolSnap.sys
Address: 0xF7607000
Size: 53248 bytes

Driver: C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS
Address: 0xF68ED000
Size: 53248 bytes

Driver: C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
Address: 0xF76D7000
Size: 49152 bytes

Driver: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF541E000
Size: 49152 bytes

Driver: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF42DF000
Size: 45056 bytes

Driver: MountMgr.sys
Address: 0xF75F7000
Size: 45056 bytes

Driver: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF542E000
Size: 45056 bytes

Driver: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xF690D000
Size: 40960 bytes

Driver: isapnp.sys
Address: 0xF75E7000
Size: 40960 bytes

Driver: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF4D1C000
Size: 40960 bytes

Driver: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF4D4C000
Size: 40960 bytes

Driver: disk.sys
Address: 0xF7617000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xF3B9E000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
Address: 0xF431F000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF4D5C000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF430F000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys
Address: 0xF42FF000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF432F000
Size: 36864 bytes

Driver: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF7947000
Size: 32768 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xF3D01000
Size: 32768 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF7867000
Size: 32768 bytes

Driver: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF792F000
Size: 28672 bytes

Driver: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF786F000
Size: 28672 bytes

Driver: C:\WINDOWS\system32\DRIVERS\sncduvc.SYS
Address: 0xF3D19000
Size: 28672 bytes

Driver: C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
Address: 0xF78FF000
Size: 24576 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF787F000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\Drivers\rkhdrv40.SYS
Address: 0xF7927000
Size: 24576 bytes

Driver: D:\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0xF48EF000
Size: 24576 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
Address: 0xF491F000
Size: 24576 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF79DF000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\Drivers\VcommMgr.sys
Address: 0xF3D11000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF7937000
Size: 24576 bytes

Driver: C:\WINDOWS\system32\DRIVERS\hamachi.sys
Address: 0xF78B7000
Size: 20480 bytes

Driver: C:\WINDOWS\System32\Drivers\IvtBtBus.sys
Address: 0xF788F000
Size: 20480 bytes

Driver: C:\WINDOWS\System32\Drivers\KMWDFilter.SYS
Address: 0xF7887000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\lirsgt.sys
Address: 0xF4452000
Size: 20480 bytes

Driver: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF793F000
Size: 20480 bytes

Driver: PartMgr.sys
Address: 0xF7857000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF789F000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF78A7000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF7897000
Size: 20480 bytes

Driver: C:\WINDOWS\System32\watchdog.sys
Address: 0xF78CF000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\BATTC.SYS
Address: 0xF79EF000
Size: 16384 bytes

Driver: BtHidBus.sys
Address: 0xF79F7000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\DRIVERS\CmBatt.sys
Address: 0xF47EC000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Address: 0xF1752000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF3BEB000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xA9D90000
Size: 16384 bytes

Driver: ACPIEC.sys
Address: 0xF79F3000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
Address: 0xF47E8000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF79E7000
Size: 12288 bytes

Driver: compbatt.sys
Address: 0xF79EB000
Size: 12288 bytes

Driver: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xF1131000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xF175A000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xF174E000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF3C07000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xF717A000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\secdrv.sys
Address: 0xA9A7D000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\tunmp.sys
Address: 0xF7216000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\drivers\AsUpIO.sys
Address: 0xF7B1B000
Size: 8192 bytes

Driver: D:\Avira\AntiVir Desktop\avgio.sys
Address: 0xF7B19000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7B0B000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
Address: 0xF303B000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7B09000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7AD7000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7B0D000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7B0F000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF7AFF000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF7AFD000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\WMILIB.SYS
Address: 0xF7AD9000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF467E000
Size: 4096 bytes

Driver: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF0396000
Size: 4096 bytes

Driver: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7C46000
Size: 4096 bytes

Driver: C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
Address: 0xF7B9F000
Size: 4096 bytes

Driver: unknown_irp_handler
Address: 0x86F651F8
Size: 3592 bytes

Driver: unknown_irp_handler
Address: 0x86FD81F8
Size: 3592 bytes

Driver: unknown_irp_handler
Address: 0x864C71F8
Size: 3592 bytes

Driver: unknown_irp_handler
Address: 0x864361F8
Size: 3592 bytes

Driver: unknown_irp_handler
Address: 0x82628500
Size: 2816 bytes

Driver: unknown_irp_handler
Address: 0x86464500
Size: 2816 bytes

Driver: unknown_irp_handler
Address: 0x862E2500
Size: 2816 bytes

Driver: unknown_irp_handler
Address: 0x86320500
Size: 2816 bytes

Driver: unknown_irp_handler
Address: 0x86355500
Size: 2816 bytes

Driver: unknown_irp_handler
Address: 0x86258500
Size: 2816 bytes

==============================================
>Stealth

broni · 2010/11/25

Yeah, that's a correct log

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

light · 2010/11/25

ehm... problem
i closed browser
i inactived my antivirus
i started combofix
i closed all inactive window
i accepted
then it said that antivir deskop was running, how to inactive

also heres anothere problem, i i didnt find the folder in this computer(forgoted where i nstalled)

so i pressed start, holded my mouse over programs, then when i was scrolling down, i noticed SEVERAL files that havent been there, i had them in a folder
i also noticed that all folders in programs, where sorted from a - Ã¶
so now im really confiused, then i saw that everyfolder was empty, all shortcuts, ewerything where gonne...

how can i fix this, i dont know where the shortcuts are, also i tink folders where sorted by latest and oldest

also how do i disable antivir deskop?

thx

edit:

hm i noticed that when i scroll down then i se all normal folders whit shortcuts in, the folders and files that i saaw first is from my dokument... how do i fix this

also its over the line, that is over accesories and autostart....

broni · 2010/11/25

I'm sorry, but I didn't understand anything...
What is the problem?
There is a link in my instructions, which explains how to disable Avira.

light · 2010/11/25

ok, i go se the link, ok if i press start then hold my pointer over all programs

over the line (small line over accesories and autostart) theres several empty folders and files that never been there before, i notice that they are from my documents....
1. why are they here
2. how to remove it from the list

also i noticed 3 problems
first somhetimes (ucommon - rare) the cpu frezzes at "saving settings" or somheting like that when turning pc of, thats bad cause i have to turn of manually, and yeah, thats not good at all

second
now after this redirection beggin i noticed that somhetimes when i try run exe, then i get error message saying somheting about cant run exe disk problem or somheting...

third
somhetimes task bar dissaper (also get many error message and often it makes pc restart)

ok i go run combofix now

light · 2010/11/25

ehh, hm i tink theres a problem whit my antivirus, i already done like instruction
(copyed)

AVIRA ANTIVIR
Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: )
right click it-> untick the option AntiVir Guard enable.
You should now see a closed, white umbrella on a red background (looks to this: )

i already done exacly like this, but combofix still says its on, and security center also says its on

the only thing that says its of is avira antivir

broni · 2010/11/25

Run Combofix from Safe Mode and disregard Combofix warnings (if any).

light · 2010/11/25

hm i keep getting this error message

low disk space
you are running very low disk space on local disk (C

the status bar disapper at just same time

i also got this error message about 1 sec later

critical error
a critical error has occoured while indexing data stored on hard drive. system restart requird

broni · 2010/11/25

Did you restart in safe mode?

light · 2010/11/25

no, should i (restart in safe mode then run combofix)?

broni · 2010/11/25

Yes...

light · 2010/11/25

Ehm broni... This is weird...
Combofix still SAYS avira antivir guard is active even no programs are running
Security center is off, and all this in safe mode... Should i still run combofix even due antivirus guard is still active somehow...

light · 2010/11/25

Broni also suddenly a program called hdd control appered from no where appered also a shortcut and its in autostart also trying to get me to buy it , it seems VERY supisous it also pops up warning message every 10 sec also theres many topics about this as a virus, should we do somheting about this?

light · 2010/11/25

Broni fast, more things starts to happen, microsoft security essential says
Reader 8.0\ reader\ acrord32.exe is a extremly dangerous program that executes commands from an attacker

Unknown win32/trojan

Fast what should i do
[Apply actions] or [clean computer] or [close]

Log in or Sign up

Inactive google redirect virus

light Inactive Thread Starter

light Inactive Thread Starter

light Inactive Thread Starter

light Inactive Thread Starter

broni Moderator Malware Analyst

light Inactive Thread Starter

light Inactive Thread Starter

broni Moderator Malware Analyst

light Inactive Thread Starter

broni Moderator Malware Analyst

light Inactive Thread Starter

light Inactive Thread Starter

broni Moderator Malware Analyst

light Inactive Thread Starter

broni Moderator Malware Analyst

light Inactive Thread Starter

broni Moderator Malware Analyst

light Inactive Thread Starter

light Inactive Thread Starter

light Inactive Thread Starter

Share This Page

Log in or Sign up

Inactive google redirect virus

light Inactive Thread Starter

light Inactive Thread Starter

light Inactive Thread Starter

light Inactive Thread Starter

broni Moderator Malware Analyst

light Inactive Thread Starter

light Inactive Thread Starter

broni Moderator Malware Analyst

light Inactive Thread Starter

broni Moderator Malware Analyst

light Inactive Thread Starter

light Inactive Thread Starter

broni Moderator Malware Analyst

light Inactive Thread Starter

broni Moderator Malware Analyst

light Inactive Thread Starter

broni Moderator Malware Analyst

light Inactive Thread Starter

light Inactive Thread Starter

light Inactive Thread Starter

Share This Page

Useful Searches