google redirect problem
-
google redirect problem
Yesterday I started to get redirected to other sites on my desktop when using google.
For example, typing d-a-l in google, and I clicked on D-A-L Computer Help and went to ask jeeves. Clicked a second time in google and went to correct site.
Changed to Bing, and directed OK.
Ran Kaspersky and Malwarebytes full scans - nothing found.
Downloaded Stopzilla, and ran found 160 odd "viruses" including redirects. Not sure of this so I uninstalled stopzilla.
Switched on my laptrop (which I haven't used for a couple of days) intending to change passwords in case a bigger problem, and found the same problem - google re-direct. Then tried a netbook again not used for a couple of days - same.
Then tried an old laptop which has not been used for a long time - OK.
-
Update
I have switched off all devices including the router.
I restored the netbook back to factory settings.
Switched on router, switched on netbook.
Using ie6 linked to google.com and typed in d-a-l which gave me a search list.
Clicked on d-a-l.com and it redirected to an Ask Jeeves list.
Then tried bing. typed in d-a-l and clicked on list and got to D-A-L Computer Help and on to this thread. At the same time a google.com main page was opened in another ie window.
There is also reference to a epoclick.com site
17.20 UK I now seem to be able to go into google (either google.co.uk or google.com), and it is directing correcly to d-al and other sites.
Beginning to wonder where the problem really is!
Last edited by rannoch; 15-01-2011 at 05:26 PM.
-
You posted in malware forum before, so you should know, what to do.
On a top of it, you abandoned this topic: http://www.d-a-l.com/help/spyware-ad...ow-doesnt.html in the middle of cleaning process.
If it happens again, you won't be able to receive any more help in this forum in the future.
================================================== ==================================
Please, read HERE and post required logs.
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running tools or applying updates other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
-
Broni,
I apologise for previously abandoning a thread, and I will follow your instructions this time, but can I ask a question which will seem a bit daft.
We have a small home network - 2 desktops, 1 laptop, and 1 netbook. Yesterday they were all affected with the re-direct.
I completely scrubbed 1 of the laptops - acronis disk director to wipe the HDD, and then installed windows 7 from DVD. I also changed the router to an old one - result no re-direct. Switched off desktop, and won't come on until problem completely cured.
Then I wiped the netbook back to factory settings - result no re-direct. This is the funny bit. I then changed the router back to the new Netgear N300 router, and re-directed started again.
Is it possible the router is causing the re-direct?
Rannoch
-
Yes. Routers can get infected.
Turn the computer off.
On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
NOTE. Simple router disconnecting from a power source will NOT do.
Restart computer and check for redirections.
NOTE. You may need to re-check your router security settings, as described HERE
-
Broni,
I tried the router (without reset), and got re-directs. Then reset router per your instructions, and no re-directs. So, it seems it was the router.
I have wiped clean, and performed clean installs on a desktop, laptop, and netbook. The only one I didn't reset was the main desktop. Is it advisable to run your virsus detection instructions on that one.
Thanks,
Rannoch
-
Good 
Please, read HERE and post all required logs.
-
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes
Database version: 5541
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
17/01/2011 22:52:01
mbam-log-2011-01-17 (22-52-01).txt
Scan type: Quick scan
Objects scanned: 172174
Time elapsed: 1 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15530 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-01-17 23:10:17
Windows 6.1.7600
Running: cvjj8534.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\000a3a5bf1d1
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\000a3a5bf1d1@001dba1649ee 0x3D 0x4D 0xB6 0xD4 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\000a3a5bf1d1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\000a3a5bf1d1@001dba1649ee 0x3D 0x4D 0xB6 0xD4 ...
---- EOF - GMER 1.0.15 ----
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Vostro 430
Logical Drives Mask: 0x008e2004
Kernel Drivers (total 209):
0x0301C000 \SystemRoot\system32\ntoskrnl.exe
0x035F8000 \SystemRoot\system32\hal.dll
0x00BA4000 \SystemRoot\system32\kdcom.dll
0x00C71000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CB5000 \SystemRoot\system32\PSHED.dll
0x00CC9000 \SystemRoot\system32\CLFS.SYS
0x00D27000 \SystemRoot\system32\CI.dll
0x00EF6000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F9A000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00FA9000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00E00000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00E09000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E13000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E46000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E53000 \SystemRoot\System32\drivers\partmgr.sys
0x00E68000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E7D000 \SystemRoot\System32\drivers\volmgrx.sys
0x00ED9000 \SystemRoot\System32\drivers\mountmgr.sys
0x01056000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x0125E000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01269000 \SystemRoot\system32\drivers\fltmgr.sys
0x012B5000 \SystemRoot\system32\drivers\fileinfo.sys
0x012C9000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01434000 \SystemRoot\System32\Drivers\Ntfs.sys
0x012D5000 \SystemRoot\System32\Drivers\msrpc.sys
0x015D7000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01333000 \SystemRoot\System32\Drivers\cng.sys
0x01400000 \SystemRoot\System32\drivers\pcw.sys
0x01411000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0168B000 \SystemRoot\system32\drivers\ndis.sys
0x0177D000 \SystemRoot\system32\drivers\NETIO.SYS
0x01600000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01803000 \SystemRoot\System32\drivers\tcpip.sys
0x0162B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01A86000 \SystemRoot\system32\DRIVERS\kl1.sys
0x022CB000 \SystemRoot\system32\DRIVERS\timntr.sys
0x023B4000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x02200000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x02415000 \SystemRoot\system32\DRIVERS\tdrpm258.sys
0x02581000 \SystemRoot\System32\Drivers\spldr.sys
0x02589000 \SystemRoot\system32\DRIVERS\snapman.sys
0x0224C000 \SystemRoot\System32\drivers\rdyboost.sys
0x025CF000 \SystemRoot\System32\Drivers\mup.sys
0x025E1000 \SystemRoot\System32\drivers\hwpolicy.sys
0x02286000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x025EA000 \SystemRoot\system32\DRIVERS\disk.sys
0x023C4000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x050A3000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x050CD000 \SystemRoot\system32\DRIVERS\klif.sys
0x05163000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys
0x05175000 \SystemRoot\System32\Drivers\Null.SYS
0x0517E000 \SystemRoot\System32\Drivers\Beep.SYS
0x05185000 \SystemRoot\System32\drivers\vga.sys
0x05193000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x051B8000 \SystemRoot\System32\drivers\watchdog.sys
0x051C8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x051D1000 \SystemRoot\system32\drivers\rdpencdd.sys
0x051DA000 \SystemRoot\system32\drivers\rdprefmp.sys
0x051E3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x051EE000 \SystemRoot\System32\Drivers\Npfs.SYS
0x04E00000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04E1E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x04E2B000 \SystemRoot\system32\DRIVERS\kl2.sys
0x04E32000 \SystemRoot\System32\DRIVERS\netbt.sys
0x048DC000 \SystemRoot\system32\drivers\afd.sys
0x04966000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x0496F000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04995000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
0x049A9000 \SystemRoot\system32\DRIVERS\klim6.sys
0x049B2000 \SystemRoot\system32\DRIVERS\netbios.sys
0x049C1000 \SystemRoot\system32\DRIVERS\serial.sys
0x049DE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04800000 \SystemRoot\system32\drivers\vpcvmm.sys
0x04857000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0486B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x048BC000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys
0x048CF000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04E77000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x049F9000 \SystemRoot\system32\drivers\hcw88aud.sys
0x01A00000 \SystemRoot\system32\drivers\ks.sys
0x01A43000 \SystemRoot\System32\drivers\discache.sys
0x05433000 \SystemRoot\system32\drivers\csc.sys
0x054B6000 \SystemRoot\System32\Drivers\dfsc.sys
0x054D4000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x054E5000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0550B000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x06216000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x06CDA000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x06CDC000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x05521000 \SystemRoot\System32\drivers\dxgmms1.sys
0x06DD0000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x06200000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x05567000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x05578000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x013A6000 \SystemRoot\system32\DRIVERS\k57nd60a.sys
0x00C00000 \SystemRoot\system32\drivers\hcw88vid.sys
0x055CE000 \SystemRoot\system32\drivers\STREAM.SYS
0x06DF4000 \SystemRoot\system32\drivers\ksthunk.sys
0x01000000 \SystemRoot\system32\drivers\hcw88tse.sys
0x055DF000 \SystemRoot\System32\Drivers\hcw88rc5.sys
0x055E8000 \SystemRoot\system32\DRIVERS\serenum.sys
0x055F4000 \SystemRoot\SysWOW64\drivers\Afc.sys
0x05400000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0540D000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x0541D000 \SystemRoot\system32\DRIVERS\lmimirr.sys
0x01A52000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x05691000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x056B5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x056C1000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x056F0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0570B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0572C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x05746000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x05751000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x05760000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0576F000 \SystemRoot\system32\DRIVERS\swenum.sys
0x05771000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05783000 \SystemRoot\system32\DRIVERS\vpcusb.sys
0x057A0000 \SystemRoot\system32\DRIVERS\usbrpm.sys
0x057AF000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x057B1000 \SystemRoot\system32\DRIVERS\vpchbus.sys
0x05600000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0565A000 \SystemRoot\system32\drivers\HCW88BAR.sys
0x05660000 \SystemRoot\system32\drivers\hcw88tun.sys
0x05C89000 \SystemRoot\system32\drivers\hcw88bda.sys
0x05CC8000 \SystemRoot\system32\drivers\BdaSup.SYS
0x05CCC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05CE1000 \SystemRoot\system32\drivers\nvhda64v.sys
0x05CF9000 \SystemRoot\system32\drivers\portcls.sys
0x05D36000 \SystemRoot\system32\drivers\drmk.sys
0x07E01000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x00080000 \SystemRoot\System32\win32k.sys
0x07FE4000 \SystemRoot\System32\drivers\Dxapi.sys
0x07FF0000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04E82000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x05D58000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05D6B000 \SystemRoot\system32\DRIVERS\monitor.sys
0x05D79000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x05D94000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05DA2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05DBB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05DC4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05DE1000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x05DEF000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05C00000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0x004F0000 \SystemRoot\System32\TSDDD.dll
0x00610000 \SystemRoot\System32\cdd.dll
0x05C0A000 \SystemRoot\system32\drivers\luafv.sys
0x05C2D000 \SystemRoot\system32\drivers\WudfPf.sys
0x05C4E000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05C63000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x04A46000 \SystemRoot\system32\drivers\HTTP.sys
0x04B0E000 \SystemRoot\system32\DRIVERS\bowser.sys
0x04B2C000 \SystemRoot\System32\drivers\mpsdrv.sys
0x04B44000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x04B71000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x04BBF000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x04A00000 \SystemRoot\system32\DRIVERS\afcdp.sys
0x04BE2000 \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
0x04BE9000 \??\C:\Windows\system32\drivers\LMIRfsDriver.sys
0x0887D000 \SystemRoot\system32\drivers\peauth.sys
0x08923000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0892E000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0895B000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0896D000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08800000 \SystemRoot\System32\Drivers\fastfat.SYS
0x08EBA000 \SystemRoot\System32\DRIVERS\srv.sys
0x08F50000 \SystemRoot\system32\DRIVERS\WSDPrint.sys
0x08FCC000 \SystemRoot\system32\DRIVERS\WSDScan.sys
0x77020000 \Windows\System32\ntdll.dll
0x47F50000 \Windows\System32\smss.exe
0xFF340000 \Windows\System32\apisetschema.dll
0xFFE70000 \Windows\System32\autochk.exe
0xFF290000 \Windows\System32\msvcrt.dll
0xFF280000 \Windows\System32\nsi.dll
0xFF1E0000 \Windows\System32\comdlg32.dll
0xFF100000 \Windows\System32\advapi32.dll
0xFF0E0000 \Windows\System32\sechost.dll
0x76F00000 \Windows\System32\kernel32.dll
0xFF090000 \Windows\System32\Wldap32.dll
0xFEF10000 \Windows\System32\urlmon.dll
0xFEEF0000 \Windows\System32\imagehlp.dll
0x771F0000 \Windows\System32\normaliz.dll
0xFE160000 \Windows\System32\shell32.dll
0xFDF80000 \Windows\System32\setupapi.dll
0xFDE50000 \Windows\System32\wininet.dll
0xFDBF0000 \Windows\System32\iertutil.dll
0xFDBC0000 \Windows\System32\imm32.dll
0x76E00000 \Windows\System32\user32.dll
0xFDAF0000 \Windows\System32\usp10.dll
0xFD9E0000 \Windows\System32\msctf.dll
0xFD940000 \Windows\System32\clbcatq.dll
0xFD8F0000 \Windows\System32\ws2_32.dll
0x771E0000 \Windows\System32\psapi.dll
0xFD810000 \Windows\System32\oleaut32.dll
0xFD790000 \Windows\System32\shlwapi.dll
0xFD780000 \Windows\System32\lpk.dll
0xFD710000 \Windows\System32\gdi32.dll
0xFD500000 \Windows\System32\ole32.dll
0xFD480000 \Windows\System32\difxapi.dll
0xFD350000 \Windows\System32\rpcrt4.dll
0xFD2B0000 \Windows\System32\comctl32.dll
0xFD290000 \Windows\System32\devobj.dll
0xFD220000 \Windows\System32\KernelBase.dll
0xFD1E0000 \Windows\System32\wintrust.dll
0xFD1A0000 \Windows\System32\cfgmgr32.dll
0xFD030000 \Windows\System32\crypt32.dll
0xFD020000 \Windows\System32\msasn1.dll
0x771D0000 \Windows\SysWOW64\normaliz.dll
Processes (total 77):
0 System Idle Process
4 System
612 C:\Windows\System32\smss.exe
836 csrss.exe
132 C:\Windows\System32\wininit.exe
632 csrss.exe
724 C:\Windows\System32\services.exe
740 C:\Windows\System32\lsass.exe
672 C:\Windows\System32\lsm.exe
1084 C:\Windows\System32\svchost.exe
1164 C:\Windows\System32\winlogon.exe
1208 C:\Windows\System32\nvvsvc.exe
1256 C:\Windows\System32\svchost.exe
1328 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
1480 C:\Windows\System32\svchost.exe
1520 C:\Windows\System32\svchost.exe
1568 C:\Windows\System32\svchost.exe
1692 C:\Windows\System32\svchost.exe
1812 C:\Windows\System32\svchost.exe
1932 C:\Windows\System32\spoolsv.exe
1980 C:\Windows\System32\svchost.exe
2032 C:\Windows\System32\nvvsvc.exe
1424 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
1784 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
1552 C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
2072 C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
2132 C:\xampp\apache\bin\httpd.exe
2172 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2256 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
2300 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2336 C:\Program Files\Broadcom\BPowMon\BPowMon.exe
2392 C:\Windows\System32\svchost.exe
2436 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\Pres entationFontCache.exe
2516 C:\IDrive\IDriveE Service.exe
2552 C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
2716 C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
2776 C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
2908 C:\xampp\mysql\bin\mysqld.exe
2960 C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
3040 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2224 C:\Windows\System32\svchost.exe
2748 C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
2920 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
3096 C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
3208 C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
3324 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3460 WmiPrvSE.exe
3828 C:\Windows\System32\taskhost.exe
4136 C:\xampp\apache\bin\httpd.exe
5396 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.ex e
5648 C:\Windows\System32\svchost.exe
5760 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
5988 C:\Windows\System32\dwm.exe
6028 C:\Windows\explorer.exe
1120 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
6024 C:\dell\DBRM\Reminder\DbrmTrayicon.exe
6132 C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
5752 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
5740 C:\Program Files\Windows Sidebar\sidebar.exe
3428 C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
6252 C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
6272 C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
6380 C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
6476 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
6500 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
6588 C:\Program Files (x86)\iTunes\iTunesHelper.exe
6840 C:\Program Files\iPod\bin\iPodService.exe
6984 C:\Windows\System32\SearchIndexer.exe
6408 C:\Program Files\Windows Media Player\wmpnetwk.exe
6696 C:\IDrive\IDriveETray.exe
2528 C:\IDrive\IDriveEBackground.exe
5524 C:\Windows\System32\svchost.exe
4392 C:\Windows\System32\audiodg.exe
7148 dllhost.exe
2700 dllhost.exe
5696 C:\Users\rannoch\Desktop\MBRCheck.exe
2984 C:\Windows\System32\conhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`3fd00000 (NTFS)
\\.\N: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\R: --> \\.\PhysicalDrive3 at offset 0x00000000`00007e00 (NTFS)
\\.\S: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
\\.\T: --> \\.\PhysicalDrive4 at offset 0x00000000`00100000 (NTFS)
PhysicalDrive0 Model Number: ST3500418AS, Rev: CC45
PhysicalDrive1 Model Number: WDCWD5000AAKS-00TMA0, Rev: 12.01C01
PhysicalDrive3 Model Number: WD10EAVS External, Rev: 1.65
PhysicalDrive2 Model Number: WD10EAVS External, Rev: 1.65
PhysicalDrive4 Model Number: WDExt HDD 1021, Rev: 2002
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
465 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: D90653CCC05EE39D4D44E1F67C33297D65F3ED4F
931 GB \\.\PhysicalDrive3 RE: Windows 98 MBR code detected
SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E
931 GB \\.\PhysicalDrive2 RE: Dell MBR code detected
SHA1: 57BDF501CE769EF2720C705B6C71C893DA31574E
1863 GB \\.\PhysicalDrive4 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by rannoch at 23:13:09.43 on 17/01/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.6103.4283 [GMT 0:00]
AV: Kaspersky Internet Security *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
c:\xampp\apache\bin\httpd.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Broadcom\BPowMon\BPowMon.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\Pres entationFontCache.exe
C:\IDrive\IDriveE Service.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
c:\xampp\mysql\bin\mysqld.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.ex e
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\dell\DBRM\Reminder\DbrmTrayicon.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\IDrive\IDriveETray.exe
C:\IDrive\IDriveEBackground.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\rannoch\Desktop\dds.scr
C:\Windows\system32\conhost.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.bbc.co.uk/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\rannoch\AppData\Local\Google\Update\Goog leUpdate.exe" /c
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [Privacy Suite RiskMonitor] "C:\Program Files (x86)\CyberScrub Privacy Suite\Launch.exe" "C:\Program Files (x86)\CyberScrub Privacy Suite\CSRiskMon.exe"
uRun: [IDriveE Startup] "C:\IDrive\IDrvieEStartup.exe" Hide
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Nuance OmniPage 17-reminder] "C:\Program Files (x86)\Nuance\OmniPage17\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage 17\Ereg\Ereg.ini"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\IANKIR~1\AppData\Roaming\MICROS~1\Windows \STARTM~1\Programs\Startup\IDRIVE~1.LNK - C:\IDrive\IDriveEReg2ini.exe
StartupFolder: C:\Users\IANKIR~1\AppData\Roaming\MICROS~1\Windows \STARTM~1\Programs\Startup\MAILWA~1.LNK - C:\Program Files (x86)\Firetrust\MailWasher\MailWasher Quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Open Picture in &Microsoft PhotoDraw - C:\PROGRA~2\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGR A~2\KASPER~1\KASPER~2\sbhook.dll
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll
BHO-X64: link filter bho - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe
mRun-x64: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
mRun-x64: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
mRunOnce-x64: [DBRMTray] C:\Dell\DBRM\Reminder\TrayApp.exe
AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~2\x64\kloehk.dll,C:\PR OGRA~2\KASPER~1\KASPER~2\x64\sbhook64.dll
================= FIREFOX ===================
FF - ProfilePath - C:\Users\IANKIR~1\AppData\Roaming\Mozilla\Firefox\ Profiles\rksqqgb4.default\
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\comp onents\abhelperxpcom.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\compone nts\kavlinkfilter.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.d ll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\rannoch\AppData\Local\Google\Update\1.2.1 83.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Anti-Banner: KavAntiBanner@Kaspersky.ru - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHl pa64.sys [2010-4-26 55280]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);C:\Windows\System32\drivers\tdrpm258.sys [2010-5-5 1477728]
R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;C:\Windows\System32\drivers\hcw88aud.sys [2009-8-6 16128]
R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2010-6-9 11864]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2010-4-22 27736]
R1 RapportKE64;RapportKE64;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys [2010-10-3 63472]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys [2010-10-3 56816]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-4-26 92160]
R2 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-5-5 2480048]
R2 Apache2.2;Apache2.2;C:\xampp\apache\bin\httpd.exe [2008-12-9 24636]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2010-7-1 352976]
R2 BPowMon;Broadcom Power monitoring service;C:\Program Files\Broadcom\BPowMon\BPowMon.exe [2009-8-17 117568]
R2 IDriveE Service;IDriveE Service;C:\IDrive\IDriveE Service.exe [2011-1-6 148936]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-9-30 373640]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2008-8-11 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sy s [2010-4-30 72216]
R2 OS Selector;Acronis OS Selector activator;C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-5-25 2139536]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-9-16 80896]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-10-3 767208]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-8-24 92008]
R2 VMCService;Vodafone Mobile Connect Service;C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-10-9 14336]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2010-5-5 252512]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;C:\Windows\System32\drivers\hcw88bda.sys [2009-8-6 257664]
R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;C:\Windows\System32\drivers\hcw88rc5.sys [2009-8-6 15872]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;C:\Windows\System32\drivers\hcw88tse.sys [2009-8-6 339840]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;C:\Windows\System32\drivers\hcw88tun.sys [2009-8-6 110080]
R3 hcw88vid;Hauppauge WinTV 88x Video;C:\Windows\System32\drivers\hcw88vid.sys [2009-8-6 440064]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;C:\Windows\System32\drivers\hcw88bar.sys [2009-8-6 21632]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-4-26 56344]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-4-26 320040]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-4-26 84512]
R3 RapportLaunService;Rapport Launching Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.ex e [2010-10-3 526320]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\System32\drivers\WSDPrint.sys [2009-7-14 23040]
R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-28 136176]
S3 csr_a2dp;Bluetooth AV Profile;C:\Windows\System32\drivers\bthav.sys [2009-12-21 78848]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssflt r.sys [2010-10-24 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [2010-1-9 4925184]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-9 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
=============== Created Last 30 ================
2011-01-17 17:07:02 2594584 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\U pdateableMarkup-2\markup.dll
2011-01-17 17:06:31 42776 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\d SM-2\StartResources.dll
2011-01-15 13:12:19 -------- d-----w- C:\Program Files\CCleaner
2011-01-15 00:51:07 -------- d-----w- C:\PROGRA~3\STOPzilla!
2011-01-14 07:47:21 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{2B7FCDD4-95A7-419B-8571-F60C16D94C14}\mpengine.dll
2011-01-06 20:53:49 229376 ----a-w- C:\Windows\SysWow64\IDrLocale.dll
2011-01-06 20:53:47 95 ----a-w- C:\Windows\SysWow64\RegisterIDriveEDll.bat
2011-01-06 20:53:47 26032 ----a-w- C:\Windows\SysWow64\IDriveEXceedCryReg.exe
2011-01-06 20:53:47 1302528 ----a-w- C:\Windows\SysWow64\IDriveEService.dll
2010-12-30 20:03:41 -------- d-----w- C:\Netgear
==================== Find3M ====================
2010-12-20 18:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-10 21:32:33 276576 ----a-w- C:\Windows\System32\drivers\snapman.sys
2010-12-08 13:12:28 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2010-12-08 13:12:16 80768 ----a-w- C:\Windows\System32\LMIinit.dll
2010-12-08 13:12:16 33152 ----a-w- C:\Windows\System32\LMIport.dll
2010-11-29 17:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-29 17:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-11-12 18:53:06 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-02 05
51 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2010-11-02 05:18:59 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2010-11-02 05:18:59 229888 ----a-w- C:\Windows\System32\XpsRasterService.dll
2010-11-02 05:18:58 470016 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:12:53 1133568 ----a-w- C:\Windows\System32\FntCache.dll
2010-11-02 05:12:25 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2010-11-02 05:12:08 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2010-11-02 05:12:07 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2010-11-02 05:12:06 902656 ----a-w- C:\Windows\System32\d2d1.dll
2010-11-02 05:12:06 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-11-02 04:59:08 144384 ----a-w- C:\Windows\System32\cdd.dll
2010-11-02 04:41:36 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2010-11-02 04:41:36 283648 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2010-11-02 04:41:36 135168 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:35:51 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2010-11-02 04:35:35 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2010-11-02 04:35:34 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2010-11-02 04:35:34 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2010-11-02 04:35:34 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-11-02 02:50:58 258048 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
============= FINISH: 23:14:35.90 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 30/04/2010 12:52:29
System Uptime: 17/01/2011 22:29:36 (1 hours ago)
Motherboard: Dell Inc. | | 054KM3
Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz | CPU 1 | 2520/133mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 457 GiB total, 406.299 GiB free.
N: is FIXED (NTFS) - 466 GiB total, 315.715 GiB free.
R: is FIXED (NTFS) - 932 GiB total, 911.745 GiB free.
S: is FIXED (NTFS) - 932 GiB total, 905.202 GiB free.
T: is FIXED (NTFS) - 1863 GiB total, 1033.013 GiB free.
X: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP114: 01/01/2011 13:47:42 - Removed HTC Driver Installer.
RP115: 01/01/2011 14:01:42 - Restore Operation
RP116: 01/01/2011 14:07:28 - Windows Update
RP117: 04/01/2011 08:34:46 - Windows Update
RP118: 05/01/2011 08:16:07 - Installed Java(TM) 6 Update 23
RP119: 07/01/2011 08:06:53 - Windows Update
RP120: 11/01/2011 11:59:10 - Windows Update
RP121: 13/01/2011 03:00:13 - Windows Update
RP122: 14/01/2011 00:25:11 - Windows Update
RP123: 14/01/2011 07:46:36 - Windows Update
RP124: 15/01/2011 00:50:42 - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP125: 15/01/2011 01:00:38 - StopZILLA! Restore Point.
RP126: 15/01/2011 09:29:41 - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
==== Installed Programs ======================
Accounts
Acronis*Disk*Director*Home
Acronis*True*Image*Home
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
Amazon Kindle For PC v1.1
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Software Update
ArcSoft Software Suite
Avidemux 2.5
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 3.0
Compatibility Pack for the 2007 Office system
CuteFTP 8 Professional
CyberScrub® Privacy Suite™ 5.1
D3DX10
Definition update for Microsoft Office 2010 (KB982726)
File Shredder 2.0
Free Easy Burner V 4.1
Google Chrome
Google Earth
Google Update Helper
GPL Ghostscript 8.64
HMRC Employer CD-ROM 2010 - April Update 2.0.3
HTC BMP USB Driver
HTC Driver Installer
IDrive version 3.3.4 January 06, 2011
iTunes Agent 1.3.3
Java Auto Updater
Java(TM) 6 Update 23
Junk Mail filter update
Kaspersky Internet Security 2011
LameACM
LogMeIn
MailWasherPro
Malwarebytes' Anti-Malware
Mesh Runtime
Messenger Companion
Microsoft Expression Design 3
Microsoft Expression Design 4
Microsoft Expression Encoder 3
Microsoft Expression Encoder 4
Microsoft Expression Encoder 4 Screen Capture Codec
Microsoft Expression Web 3
Microsoft Expression Web 3 SP1
Microsoft Expression Web 4
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft PhotoDraw 2000 V2
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ Run Time Lib Setup
Microsoft Works
Mozilla Firefox (3.6.10)
MSVC80_x86
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
MyPhoneExplorer
NirSoft Mail PassView
Nuance OmniPage 17
PC Connectivity Solution
PowerDVD DX
Quicken 2009
QuickTime
RAIDar 4.1.7-T2
Rapport
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Sage Instant Accounts v14
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
SWiSH miniMax3
TomTom HOME 2.7.6.2056
TomTom HOME Visual Studio Merge Modules
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft OneNote 2010 (KB2433299)
Update for Microsoft Outlook Social Connector (KB2289116)
Vodafone Mobile Connect Lite
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinX DVD Ripper Platinum 6.0.0
WinZip 11.2
XAMPP 1.7.1
==== Event Viewer Messages From Past Week ========
17/01/2011 22:31:25, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
17/01/2011 22:28:32, Error: Service Control Manager [7016] - The NVIDIA Display Driver Service service has reported an invalid current state 32.
17/01/2011 18:30:55, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
16/01/2011 08:16:04, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on cannot be read.
14/01/2011 17:05:06, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user desktop0\rannoch SID (S-1-5-21-2536993213-4152337343-1354070360-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
14/01/2011 17:05:06, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user desktop0\rannoch SID (S-1-5-21-2536993213-4152337343-1354070360-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
13/01/2011 10:54:17, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.
13/01/2011 03:01:26, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80080005: Security Update for Windows 7 for x64-based Systems (KB2419640).
12/01/2011 14:41:15, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\DR5.
11/01/2011 07:58:22, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147014847
==== End Of File ===========================
-
Looks good so far....
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode.
2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
Rkill.com
Rkill.scr
Rkill.exe
- Double-click on the Rkill desktop icon to run the tool.
- If using Vista or Windows 7 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
If normal mode still doesn't work, run BOTH tools from safe mode.
In case #2, please post BOTH logs, rKill and Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
-
ComboFix 11-01-17.04 - rannoch 18/01/2011 8:20.1.8 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.6103.4112 [GMT 0:00]
Running from: c:\users\rannoch\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\rannoch\AppData\Local\Temp\E12A.tmp
c:\users\IANKIR~1\AppData\Local\Temp\E12A.tmp
.
((((((((((((((((((((((((( Files Created from 2010-12-18 to 2011-01-18 )))))))))))))))))))))))))))))))
.
2011-01-18 08:25 . 2011-01-18 08:25 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2011-01-18 08:25 . 2011-01-18 08:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-18 08:18 . 2011-01-18 08:18 -------- d-----w- C:\32788R22FWJFW
2011-01-17 17:07 . 2011-01-17 17:07 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientU X\UpdateableMarkup-2\markup.dll
2011-01-17 17:06 . 2011-01-17 17:06 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientU X\dSM-2\StartResources.dll
2011-01-15 13:12 . 2011-01-15 13:12 -------- d-----w- c:\program files\CCleaner
2011-01-15 00:51 . 2011-01-15 09:31 -------- d-----w- c:\programdata\STOPzilla!
2011-01-14 07:47 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B7FCDD4-95A7-419B-8571-F60C16D94C14}\mpengine.dll
2011-01-06 20:53 . 2009-11-03 14:54 229376 ----a-w- c:\windows\SysWow64\IDrLocale.dll
2011-01-06 20:53 . 2010-12-20 11:21 1302528 ----a-w- c:\windows\SysWow64\IDriveEService.dll
2011-01-06 20:53 . 2010-02-01 19:36 26032 ----a-w- c:\windows\SysWow64\IDriveEXceedCryReg.exe
2011-01-06 20:53 . 2009-03-10 16:41 95 ----a-w- c:\windows\SysWow64\RegisterIDriveEDll.bat
2010-12-30 20:03 . 2011-01-01 14:03 -------- d-----w- C:\Netgear
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-12-20 18:09 . 2010-10-16 10:43 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 18:08 . 2010-10-16 10:43 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-10 21:32 . 2010-05-05 09:19 276576 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-12-09 14:54 . 2010-12-09 14:54 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlig ht\MCESpotlight-2\SpotlightResources.dll
2010-12-08 13:12 . 2010-04-30 19:12 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-12-08 13:12 . 2010-04-30 19:12 33152 ----a-w- c:\windows\system32\LMIport.dll
2010-12-08 13:12 . 2010-04-30 19:12 80768 ----a-w- c:\windows\system32\LMIinit.dll
2010-11-29 17:38 . 2010-11-29 17:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 17:38 . 2010-11-29 17:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2010-11-12 18:53 . 2010-04-30 16:23 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-11-04 06:35 . 2010-12-15 09:31 1194496 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 06:31 . 2010-12-15 09:31 57856 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 05:52 . 2010-12-15 09:31 978944 ----a-w- c:\windows\SysWow64\wininet.dll
2010-11-04 05:48 . 2010-12-15 09:31 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2010-11-04 05:16 . 2010-12-15 09:31 482816 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:41 . 2010-12-15 09:31 386048 ----a-w- c:\windows\SysWow64\html.iec
2010-11-04 04:35 . 2010-12-15 09:31 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-04 04:08 . 2010-12-15 09:31 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2010-11-02 05:18 . 2010-12-15 09:31 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 05:17 . 2010-12-15 09:31 473600 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 05:17 . 2010-12-15 09:31 1169408 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 05:16 . 2010-12-15 09:31 1114624 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 05:10 . 2010-12-15 09:31 464384 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 05:10 . 2010-12-15 09:31 285696 ----a-w- c:\windows\system32\schtasks.exe
2010-11-02 04:40 . 2010-12-15 09:31 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-11-02 04:40 . 2010-12-15 09:31 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-11-02 04:34 . 2010-12-15 09:31 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-11-02 04:34 . 2010-12-15 09:31 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2010-10-27 05:06 . 2010-12-15 09:31 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-27 04:32 . 2010-12-15 09:31 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Google Update"="c:\users\rannoch\AppData\Local\Google\Upd ate\GoogleUpdate.exe" [2010-05-13 136176]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]
"Privacy Suite RiskMonitor"="c:\program files (x86)\CyberScrub Privacy Suite\Launch.exe" [2008-07-29 45192]
"IDriveE Startup"="c:\idrive\IDrvieEStartup.exe" [2011-01-06 189896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-24 140520]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-03-27 5107544]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-11 31232]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-10-16 352976]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Nuance OmniPage 17-reminder"="c:\program files (x86)\Nuance\OmniPage17\Ereg\Ereg.exe" [2008-11-03 54560]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
c:\users\rannoch\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\
IDrive Tray.lnk - c:\idrive\IDriveEReg2ini.exe [2011-1-6 292296]
MailWasher Quickstart.lnk - c:\program files (x86)\Firetrust\MailWasher\MailWasher Quickstart.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~2\mzvkb d3.dll c:\progra~2\KASPER~1\KASPER~2\sbhook.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-28 136176]
R3 csr_a2dp;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys [2009-12-21 78848]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [2010-01-09 4925184]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-09 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHl pa64.sys [2009-07-09 55280]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2010-05-05 1477728]
S1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [2009-08-06 16128]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 27736]
S1 RapportKE64;RapportKE64;c:\program files (x86)\Trusteer\Rapport\bin\RapportKE64.sys [2010-10-03 63472]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\RapportPG64.sys [2010-10-03 56816]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-05-05 2480048]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2008-12-09 24636]
S2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BPowMon\BPowMon.exe [2009-08-17 117568]
S2 IDriveE Service;IDriveE Service;c:\idrive\IDriveE Service.exe [2010-12-21 148936]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-08 373640]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2008-08-11 15928]
S2 OS Selector;Acronis OS Selector activator;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-05-25 2139536]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-10-03 767208]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-10-09 14336]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-05-05 252512]
S3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [2009-08-06 257664]
S3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;c:\windows\system32\Drivers\hcw88rc5.sys [2009-08-06 15872]
S3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [2009-08-06 339840]
S3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [2009-08-06 110080]
S3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [2009-08-06 440064]
S3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\HCW88BAR.sys [2009-08-06 21632]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-21 320040]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-08-21 84512]
S3 RapportLaunService;Rapport Launching Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportLaunService64.ex e [2010-10-03 526320]
.
Contents of the 'Scheduled Tasks' folder
2011-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-28 10:33]
2011-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-28 10:33]
2011-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2536993213-4152337343-1354070360-1001Core.job
- c:\users\rannoch\AppData\Local\Google\Update\Googl eUpdate.exe [2010-05-13 09:58]
2011-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2536993213-4152337343-1354070360-1001UA.job
- c:\users\rannoch\AppData\Local\Google\Update\Googl eUpdate.exe [2010-05-13 09:58]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-19 8067616]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe " [2009-11-12 203776]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2008-08-11 57928]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-03-27 362248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~2\x64\k loehk.dll c:\progra~2\KASPER~1\KASPER~2\x64\sbhook64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bbc.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Open Picture in &Microsoft PhotoDraw - c:\progra~2\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\rannoch\AppData\Roaming\Mozilla\Firefox\P rofiles\rksqqgb4.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\program files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 l.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 l.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 l.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 l.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\xampp\mysql\bin\mysqld.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
c:\idrive\IDriveETray.exe
c:\idrive\IDriveEBackground.exe
.
************************************************** ************************
.
Completion time: 2011-01-18 08:35:40 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-18 08:35
Pre-Run: 438,454,153,216 bytes free
Post-Run: 438,076,985,344 bytes free
- - End Of File - - 083D647C7378FF2AA884C7B22DA3F5BA
Last edited by rannoch; 18-01-2011 at 09:00 AM.
Elite Member
