Tehkella
-
Posts
31 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by Tehkella
-
Databases out of date, unable to access server
Tehkella replied to Tehkella's topic in Malwarebytes for Windows Support Forum
All fixed, thank you! -
Heya For about a week now, I'm getting notifications to update my database definitions, but whenever I click "update now" or "fix now" I get a message "Unable to access update server". I also note there is a warning "Malicious Website protection disabled, Malware protection enabled" (even though I have enabled the former in the Advanced Settings). I did think I was infected with some malware recently (a hijacker) but a combination of the usual cleaning tools appeared to have fixed it. Now I'm not so sure. I am running Win7, and have the Premium edition of Malwarebytes, version 2.0.1.1004, with database version v2014.05.15.14. Do you have any advice on how to successfully update the databases? Thanks in advance, Tehkella
-
Another Google Redirect issue - repost
Tehkella replied to Tehkella's topic in Resolved Malware Removal Logs
And I've also been able to run Microsoft Security Essentials, which appears to be finding some things and quarantining them -
Another Google Redirect issue - repost
Tehkella replied to Tehkella's topic in Resolved Malware Removal Logs
So far so good - also Windows Defender is working for the first time in ages! -
Another Google Redirect issue - repost
Tehkella replied to Tehkella's topic in Resolved Malware Removal Logs
PM sent! So far the Google redirect is not happening. I'll keep testing it too. -
Another Google Redirect issue - repost
Tehkella replied to Tehkella's topic in Resolved Malware Removal Logs
Here you go: ComboFix 12-11-21.01 - Damo 22/11/2012 9:10.7.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.2048.860 [GMT 11:00] Running from: c:\users\Damo\Desktop\ComboFix.exe Command switches used :: c:\users\Damo\Desktop\CFScript.txt SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\SysWow64\WMNetMgre.dll" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWow64\WMNetMgre.dll . . ((((((((((((((((((((((((( Files Created from 2012-10-21 to 2012-11-21 ))))))))))))))))))))))))))))))) . . 2012-11-21 22:20 . 2012-11-21 22:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-18 11:47 . 2012-11-18 11:47 -------- d-----w- c:\users\UpdatusUser 2012-11-18 11:47 . 2012-11-18 11:48 -------- d-----w- c:\program files (x86)\NVIDIA Corporation 2012-11-18 11:47 . 2012-10-02 19:50 2557800 ----a-w- c:\windows\system32\nvsvcr.dll 2012-11-15 13:37 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-15 13:37 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-15 13:37 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-15 13:37 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-15 13:31 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-15 13:31 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-15 13:31 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-15 13:31 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-15 13:31 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-15 13:31 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-15 13:31 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-12 13:30 . 2012-11-12 13:30 -------- d-----w- C:\_OTL 2012-11-11 09:42 . 2012-11-11 09:42 -------- d-----w- c:\programdata\ALM 2012-11-09 06:35 . 2012-11-09 06:35 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-11-09 06:35 . 2012-11-09 06:35 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-11-09 06:35 . 2012-11-09 06:35 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-11-09 06:35 . 2012-11-09 06:35 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-11-09 06:35 . 2012-11-09 06:35 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-11-09 06:35 . 2012-11-09 06:35 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-11-09 06:35 . 2012-11-09 06:35 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-11-07 19:35 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{81B5F4C2-FC5A-4115-9645-A7D4474C589F}\mpengine.dll 2012-11-06 10:39 . 2012-11-06 10:39 -------- d-----w- c:\users\Damo\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 2012-11-04 12:57 . 2012-11-04 12:57 -------- d-----w- c:\users\Damo\AppData\Roaming\PDAppFlex 2012-11-04 12:55 . 2012-11-11 09:43 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2012-11-04 12:52 . 2012-11-04 12:52 -------- d-----w- c:\program files\Adobe 2012-11-04 12:52 . 2012-11-04 12:53 -------- d-----w- c:\program files\Common Files\Adobe 2012-11-04 09:26 . 2012-11-04 09:26 -------- d-----w- c:\users\Damo\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant 2012-11-04 09:26 . 2012-11-04 09:26 -------- d-----w- c:\program files (x86)\Adobe Download Assistant 2012-11-01 13:05 . 2012-11-11 09:40 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2012-10-30 12:25 . 2012-10-30 12:25 -------- d-----w- c:\programdata\Kaspersky Lab 2012-10-29 23:59 . 2012-10-29 23:59 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-10-29 23:58 . 2012-10-29 23:58 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-10-29 23:58 . 2012-10-29 23:58 -------- d-----w- c:\program files (x86)\Java 2012-10-24 16:12 . 2012-10-24 16:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-24 16:12 . 2012-10-24 16:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-19 07:21 . 2010-06-03 23:53 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-11-12 13:49 . 2012-06-22 08:20 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-12 13:49 . 2011-07-19 08:12 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-29 23:58 . 2012-05-10 12:11 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-10-29 23:58 . 2010-12-03 12:38 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-10-10 10:23 . 2012-10-10 10:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2012-10-10 10:23 . 2012-10-10 10:23 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll 2012-10-10 10:23 . 2012-10-10 10:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll 2012-10-10 10:23 . 2012-10-10 10:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll 2012-10-10 10:23 . 2012-10-10 10:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2012-10-10 10:23 . 2012-10-10 10:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll 2012-10-10 10:23 . 2012-10-10 10:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll 2012-10-10 10:23 . 2012-10-10 10:23 2731880 ----a-w- c:\windows\system32\nvapi64.dll 2012-10-10 10:23 . 2012-10-10 10:23 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll 2012-10-10 10:23 . 2012-10-10 10:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll 2012-10-10 10:23 . 2012-10-10 10:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll 2012-10-10 10:23 . 2012-10-10 10:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-10-10 10:23 . 2012-10-10 10:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2012-10-10 10:22 . 2012-10-10 10:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll 2012-10-10 10:22 . 2012-10-10 10:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll 2012-10-10 10:22 . 2012-10-10 10:22 1760104 ----a-w- c:\windows\system32\nvdispco64.dll 2012-10-10 10:22 . 2012-10-10 10:22 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2012-10-10 10:22 . 2012-10-10 10:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll 2012-10-10 10:22 . 2012-10-10 10:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2012-10-10 10:22 . 2012-10-10 10:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-10-10 10:22 . 2012-10-10 10:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2012-10-02 19:51 . 2011-02-22 15:39 3293544 ----a-w- c:\windows\system32\nvsvc64.dll 2012-10-02 19:51 . 2011-02-22 15:39 6200680 ----a-w- c:\windows\system32\nvcpl.dll 2012-10-02 19:50 . 2011-02-22 15:38 891240 ----a-w- c:\windows\system32\nvvsvc.exe 2012-10-02 19:50 . 2011-02-22 15:38 118120 ----a-w- c:\windows\system32\nvmctray.dll 2012-10-02 19:50 . 2010-04-03 08:42 63336 ----a-w- c:\windows\system32\nvshext.dll 2012-10-02 02:15 . 2012-10-02 02:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2012-09-14 19:19 . 2012-10-10 19:53 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 19:53 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-31 18:19 . 2012-10-10 19:56 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 18:03 . 2012-10-10 19:56 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 19:56 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 19:56 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-24 18:05 . 2012-10-10 19:54 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 16:57 . 2012-10-10 19:54 172544 ----a-w- c:\windows\SysWow64\wintrust.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Vid"="c:\program files (x86)\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080] "AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "AdobeBridge"="" [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-02 252848] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-24 421888] . c:\users\Damo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ PMB Media Check Tool.lnk - c:\program files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-6-5 333088] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 LVUVC64;Logitech Webcam 120(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288] R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2008-05-01 23552] R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2008-05-01 18432] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-04 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2007-10-23 53488] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-06-13 503352] S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-06 191000] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824] S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-06 30232] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-04-13 45432] . . Contents of the 'Scheduled Tasks' folder . 2012-11-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 13:49] . 2012-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-07 23:28] . 2012-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-07 23:28] . 2012-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4206473431-1901331103-635293204-1000Core.job - c:\users\Damo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-17 10:54] . 2012-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4206473431-1901331103-635293204-1000UA.job - c:\users\Damo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-17 10:54] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-03 446392] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.ninemsn.com.au/ uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 10.1.1.1 FF - ProfilePath - c:\users\Damo\AppData\Roaming\Mozilla\Firefox\Profiles\k42vuxch.default-1352846455686\ FF - ExtSQL: 2012-10-28 12:57; {AB2CE124-6272-4b12-94A9-7303C7397BD1}; c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} . - - - - ORPHANS REMOVED - - - - . AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\09\00\19\04;\16?" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-22 09:23:58 ComboFix-quarantined-files.txt 2012-11-21 22:23 ComboFix2.txt 2012-11-19 13:14 ComboFix3.txt 2012-11-08 07:58 ComboFix4.txt 2012-11-07 00:37 ComboFix5.txt 2012-11-21 22:07 . Pre-Run: 566,129,975,296 bytes free Post-Run: 565,691,953,152 bytes free . - - End Of File - - EDFC7D664D27629B79850738C290D35A -
Another Google Redirect issue - repost
Tehkella replied to Tehkella's topic in Resolved Malware Removal Logs
Okay, here you go: ComboFix 12-11-16.02 - Damo 20/11/2012 0:02.6.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.2048.892 [GMT 11:00] Running from: c:\users\Damo\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-10-19 to 2012-11-19 ))))))))))))))))))))))))))))))) . . 2012-11-19 13:11 . 2012-11-19 13:11 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-18 11:47 . 2012-11-18 11:47 -------- d-----w- c:\users\UpdatusUser 2012-11-18 11:47 . 2012-11-18 11:48 -------- d-----w- c:\program files (x86)\NVIDIA Corporation 2012-11-18 11:47 . 2012-10-02 19:50 2557800 ----a-w- c:\windows\system32\nvsvcr.dll 2012-11-15 13:37 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-15 13:37 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-15 13:37 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-15 13:37 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-15 13:31 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-15 13:31 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-15 13:31 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-15 13:31 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-15 13:31 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-15 13:31 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-15 13:31 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-12 13:30 . 2012-11-12 13:30 -------- d-----w- C:\_OTL 2012-11-11 09:42 . 2012-11-11 09:42 -------- d-----w- c:\programdata\ALM 2012-11-09 06:35 . 2012-11-09 06:35 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-11-09 06:35 . 2012-11-09 06:35 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-11-09 06:35 . 2012-11-09 06:35 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-11-09 06:35 . 2012-11-09 06:35 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-11-09 06:35 . 2012-11-09 06:35 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-11-09 06:35 . 2012-11-09 06:35 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-11-09 06:35 . 2012-11-09 06:35 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-11-07 19:35 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{81B5F4C2-FC5A-4115-9645-A7D4474C589F}\mpengine.dll 2012-11-06 10:39 . 2012-11-06 10:39 -------- d-----w- c:\users\Damo\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 2012-11-04 12:57 . 2012-11-04 12:57 -------- d-----w- c:\users\Damo\AppData\Roaming\PDAppFlex 2012-11-04 12:55 . 2012-11-11 09:43 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2012-11-04 12:52 . 2012-11-04 12:52 -------- d-----w- c:\program files\Adobe 2012-11-04 12:52 . 2012-11-04 12:53 -------- d-----w- c:\program files\Common Files\Adobe 2012-11-04 09:26 . 2012-11-04 09:26 -------- d-----w- c:\users\Damo\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant 2012-11-04 09:26 . 2012-11-04 09:26 -------- d-----w- c:\program files (x86)\Adobe Download Assistant 2012-11-01 13:05 . 2012-11-11 09:40 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2012-10-30 12:25 . 2012-10-30 12:25 -------- d-----w- c:\programdata\Kaspersky Lab 2012-10-29 23:59 . 2012-10-29 23:59 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-10-29 23:58 . 2012-10-29 23:58 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-10-29 23:58 . 2012-10-29 23:58 -------- d-----w- c:\program files (x86)\Java 2012-10-24 23:02 . 2012-10-24 23:02 86016 --sha-r- c:\windows\SysWow64\WMNetMgre.dll 2012-10-24 16:12 . 2012-10-24 16:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-24 16:12 . 2012-10-24 16:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-19 07:21 . 2010-06-03 23:53 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-11-12 13:49 . 2012-06-22 08:20 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-12 13:49 . 2011-07-19 08:12 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-29 23:58 . 2012-05-10 12:11 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-10-29 23:58 . 2010-12-03 12:38 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-10-10 10:23 . 2012-10-10 10:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2012-10-10 10:23 . 2012-10-10 10:23 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll 2012-10-10 10:23 . 2012-10-10 10:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll 2012-10-10 10:23 . 2012-10-10 10:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll 2012-10-10 10:23 . 2012-10-10 10:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2012-10-10 10:23 . 2012-10-10 10:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll 2012-10-10 10:23 . 2012-10-10 10:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll 2012-10-10 10:23 . 2012-10-10 10:23 2731880 ----a-w- c:\windows\system32\nvapi64.dll 2012-10-10 10:23 . 2012-10-10 10:23 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll 2012-10-10 10:23 . 2012-10-10 10:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll 2012-10-10 10:23 . 2012-10-10 10:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll 2012-10-10 10:23 . 2012-10-10 10:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-10-10 10:23 . 2012-10-10 10:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2012-10-10 10:22 . 2012-10-10 10:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll 2012-10-10 10:22 . 2012-10-10 10:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll 2012-10-10 10:22 . 2012-10-10 10:22 1760104 ----a-w- c:\windows\system32\nvdispco64.dll 2012-10-10 10:22 . 2012-10-10 10:22 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2012-10-10 10:22 . 2012-10-10 10:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll 2012-10-10 10:22 . 2012-10-10 10:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2012-10-10 10:22 . 2012-10-10 10:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-10-10 10:22 . 2012-10-10 10:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2012-10-02 19:51 . 2011-02-22 15:39 3293544 ----a-w- c:\windows\system32\nvsvc64.dll 2012-10-02 19:51 . 2011-02-22 15:39 6200680 ----a-w- c:\windows\system32\nvcpl.dll 2012-10-02 19:50 . 2011-02-22 15:38 891240 ----a-w- c:\windows\system32\nvvsvc.exe 2012-10-02 19:50 . 2011-02-22 15:38 118120 ----a-w- c:\windows\system32\nvmctray.dll 2012-10-02 19:50 . 2010-04-03 08:42 63336 ----a-w- c:\windows\system32\nvshext.dll 2012-10-02 02:15 . 2012-10-02 02:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2012-09-14 19:19 . 2012-10-10 19:53 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 19:53 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-31 18:19 . 2012-10-10 19:56 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 18:03 . 2012-10-10 19:56 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 19:56 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 19:56 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-24 18:05 . 2012-10-10 19:54 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 16:57 . 2012-10-10 19:54 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-08-22 18:12 . 2012-09-12 11:35 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-12 11:35 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-12 11:35 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 21:01 . 2012-09-26 10:10 245760 ----a-w- c:\windows\system32\OxpsConverter.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Vid"="c:\program files (x86)\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080] "AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "AdobeBridge"="" [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-02 252848] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-24 421888] . c:\users\Damo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ PMB Media Check Tool.lnk - c:\program files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-6-5 333088] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 LVUVC64;Logitech Webcam 120(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288] R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2008-05-01 23552] R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2008-05-01 18432] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-04 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2007-10-23 53488] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-06-13 503352] S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-06 191000] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824] S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-06 30232] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-04-13 45432] . . Contents of the 'Scheduled Tasks' folder . 2012-11-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 13:49] . 2012-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-07 23:28] . 2012-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-07 23:28] . 2012-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4206473431-1901331103-635293204-1000Core.job - c:\users\Damo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-17 10:54] . 2012-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4206473431-1901331103-635293204-1000UA.job - c:\users\Damo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-17 10:54] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-03 446392] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.ninemsn.com.au/ uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 10.1.1.1 FF - ProfilePath - c:\users\Damo\AppData\Roaming\Mozilla\Firefox\Profiles\k42vuxch.default-1352846455686\ FF - ExtSQL: 2012-10-28 12:57; {AB2CE124-6272-4b12-94A9-7303C7397BD1}; c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} . - - - - ORPHANS REMOVED - - - - . AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\09\00\19\04;\16?" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-20 00:14:39 ComboFix-quarantined-files.txt 2012-11-19 13:14 ComboFix2.txt 2012-11-08 07:58 ComboFix3.txt 2012-11-07 00:37 ComboFix4.txt 2012-10-29 01:50 . Pre-Run: 565,319,819,264 bytes free Post-Run: 565,088,546,816 bytes free . - - End Of File - - A14D10B8E2B9E1C3250AAB1493FF480E -
Another Google Redirect issue - repost
Tehkella replied to Tehkella's topic in Resolved Malware Removal Logs
Just click and delete the ComboFix or do I need to do something special? -
Another Google Redirect issue - repost
Tehkella replied to Tehkella's topic in Resolved Malware Removal Logs
Scan Finished: no malware found! Here is the log that was generated: Malwarebytes Anti-Rootkit 1.1.0.1009 www.malwarebytes.org Database version: v2012.11.16.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Damo :: DAMO-PC [administrator] 17/11/2012 11:42:31 AM mbar-log-2012-11-17 (11-42-31).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: PUP | PUM | P2P Objects scanned: 27712 Time elapsed: 8 minute(s), 58 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) And there was a system-log file too: --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 2.913000 GHz Memory total: 2147016704, free: 916643840 ------------ Kernel report ------------ 11/17/2012 11:32:49 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\sptd.sys \SystemRoot\System32\Drivers\WMILIB.SYS \SystemRoot\System32\Drivers\SCSIPORT.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\vmbus.sys \SystemRoot\system32\drivers\winhv.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\nvstor.sys \SystemRoot\system32\drivers\storport.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\vmstorfl.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\amdppm.sys \SystemRoot\system32\DRIVERS\fdc.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\parport.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\nvmf6264.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\Drivers\nvBridge.kmd \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\System32\Drivers\a3nmgngo.SYS \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\flpydisk.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\HdAudio.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\usbprint.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\point64.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_nvstor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\DRIVERS\LVPr2M64.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\kernel32.dll \Windows\System32\usp10.dll \Windows\System32\gdi32.dll \Windows\System32\ole32.dll \Windows\System32\rpcrt4.dll \Windows\System32\imm32.dll \Windows\System32\iertutil.dll \Windows\System32\user32.dll \Windows\System32\setupapi.dll \Windows\System32\msctf.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa800273f730 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000005c\ Lower Device Object: 0xfffffa80023c09c0 Lower Device Driver Name: \Driver\nvstor\ Driver name found: nvstor DriverEntry returned 0x0 Function returned 0x0 Downloaded database version: v2012.11.16.11 Downloaded database version: v2012.11.15.02 Initializing... Done! Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa800273f730, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8002740040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800273f730, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80023b4e40, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa80023c09c0, DeviceName: \Device\0000005c\, DriverName: \Driver\nvstor\ ------------ End ---------- Upper DeviceData: 0xfffff8a00e82ce70, 0xfffffa800273f730, 0xfffffa8001af7790 Lower DeviceData: 0xfffff8a012e1a810, 0xfffffa80023c09c0, 0xfffffa800247ce40 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes File user open failed: C:\Windows\system32\drivers\sptd.sys (0x00000020) Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: AA29AA29 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 1953314816 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1000204886016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)... Done! Performing system, memory and registry scan... Read File: File "C:\ProgramData\AVG2012\log\avgual.2012-10-11.log" is compressed (flags = 1) Read File: File "C:\ProgramData\AVG2012\log\avgual.2012-10-14.log" is compressed (flags = 1) Read File: File "C:\ProgramData\AVG2012\log\avgual.2012-10-15.log" is compressed (flags = 1) Read File: File "C:\ProgramData\AVG2012\log\avgual.2012-10-16.log" is compressed (flags = 1) Read File: File "C:\ProgramData\AVG2012\log\avgual.2012-10-17.log" is compressed (flags = 1) Read File: File "C:\ProgramData\AVG2012\log\avgual.2012-10-18.log" is compressed (flags = 1) Read File: File "C:\ProgramData\AVG2012\log\avgual.2012-10-19.log" is compressed (flags = 1) Read File: File "C:\ProgramData\AVG2012\log\avgual.2012-10-20.log" is compressed (flags = 1) Read File: File "C:\ProgramData\AVG2012\log\avgual.2012-10-23.log" is compressed (flags = 1) Read File: File "C:\ProgramData\AVG2012\log\avgual.2012-10-24.log" is compressed (flags = 1) Done! Scan finished ======================================= -
Another Google Redirect issue - repost
Tehkella replied to Tehkella's topic in Resolved Malware Removal Logs
Did I need to run the scan again? I didn't, and instead I just hit Delete instead. Here is the log: # AdwCleaner v2.007 - Logfile created 11/16/2012 at 09:58:31 # Updated 06/11/2012 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : Damo - DAMO-PC # Boot Mode : Normal # Running from : C:\Users\Damo\Desktop\adwcleaner(1).exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v16.0.2 (en-GB) Profile name : default-1352846455686 [Profil par défaut] File : C:\Users\Damo\AppData\Roaming\Mozilla\Firefox\Profiles\k42vuxch.default-1352846455686\prefs.js [OK] File is clean. -\\ Google Chrome v [unable to get version] File : C:\Users\Damo\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [4943 octets] - [25/10/2012 22:54:20] AdwCleaner[R2].txt - [5003 octets] - [26/10/2012 10:22:47] AdwCleaner[R3].txt - [1245 octets] - [15/11/2012 12:02:53] AdwCleaner[s2].txt - [4946 octets] - [26/10/2012 10:23:08] AdwCleaner[s3].txt - [1276 octets] - [16/11/2012 09:58:31] ########## EOF - C:\AdwCleaner[s3].txt - [1336 octets] ########## -
Another Google Redirect issue - repost
Tehkella replied to Tehkella's topic in Resolved Malware Removal Logs
# AdwCleaner v2.007 - Logfile created 11/15/2012 at 12:02:53 # Updated 06/11/2012 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : Damo - DAMO-PC # Boot Mode : Normal # Running from : C:\Users\Damo\Desktop\adwcleaner(1).exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Found : HKLM\SOFTWARE\Classes\Prod.cap ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v16.0.2 (en-GB) Profile name : default-1352846455686 [Profil par défaut] File : C:\Users\Damo\AppData\Roaming\Mozilla\Firefox\Profiles\k42vuxch.default-1352846455686\prefs.js [OK] File is clean. -\\ Google Chrome v [unable to get version] File : C:\Users\Damo\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [4943 octets] - [25/10/2012 22:54:20] AdwCleaner[R2].txt - [5003 octets] - [26/10/2012 10:22:47] AdwCleaner[R3].txt - [1056 octets] - [15/11/2012 12:02:53] AdwCleaner[s2].txt - [4946 octets] - [26/10/2012 10:23:08] ########## EOF - C:\AdwCleaner[R3].txt - [1176 octets] ########## -
Another Google Redirect issue - repost
Tehkella replied to Tehkella's topic in Resolved Malware Removal Logs
Tried that, but it's still happening. It's very persistent whatever it is! -
Another Google Redirect issue - repost
Tehkella replied to Tehkella's topic in Resolved Malware Removal Logs
Still happening unfortunately! -
Another Google Redirect issue - repost
Tehkella replied to Tehkella's topic in Resolved Malware Removal Logs
Thanks, here you go: All processes killed ========== OTL ========== Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found. HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Damo\Downloads\cmd.bat deleted successfully. C:\Users\Damo\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Damo ->Temp folder emptied: 33023901 bytes ->Temporary Internet Files folder emptied: 959690844 bytes ->Java cache emptied: 353495 bytes ->FireFox cache emptied: 1101479060 bytes ->Google Chrome cache emptied: 45078135 bytes ->Apple Safari cache emptied: 16384 bytes ->Flash cache emptied: 159675 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 56504 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 356352 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 293733 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes RecycleBin emptied: 1258486084 bytes Total Files Cleaned = 3,242.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 11132012_003051 Files\Folders moved on Reboot... C:\Users\Damo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot. File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... -
Another Google Redirect issue - repost
Tehkella replied to Tehkella's topic in Resolved Malware Removal Logs
Extras.txt: OTL Extras logfile created on: 11/12/2012 9:40:13 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Damo\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 2.00 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 61.26% Memory free 4.00 Gb Paging File | 2.62 Gb Available in Paging File | 65.48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931.41 Gb Total Space | 530.21 Gb Free Space | 56.93% Space Free | Partition Type: NTFS Drive E: | 100.00 Mb Total Space | 60.73 Mb Free Space | 60.74% Space Free | Partition Type: NTFS Computer Name: DAMO-PC | User Name: Damo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-4206473431-1901331103-635293204-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) http [open] -- Reg Error: Key error. https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- Reg Error: Key error. https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "TCP Query User{43CC31D3-0C13-4521-8677-9497E557E635}C:\program files (x86)\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe | "UDP Query User{649D24FC-7CD4-482B-880D-F6B8BCC9B193}C:\program files (x86)\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB) "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS) "{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL) "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1 "{446EE0D9-1F6B-42BF-8278-8D0B172BA15D}" = Microsoft IntelliType Pro 8.1 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR) "{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS) "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG) "{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR) "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD) "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE) "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL) "{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK) "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN) "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND) "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software "{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune "{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT) "{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY) "{B2913230-094D-4F41-9EEF-CE9571C450D8}" = SpyroPortalDriver "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 267.24 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.24 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN) "{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU) "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA) "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA) "{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN) "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN) "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "lvdrivers_12.10" = Logitech Webcam Software Driver Package "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1 "Microsoft IntelliType Pro 8.1" = Microsoft IntelliType Pro 8.1 "NVIDIA Drivers" = NVIDIA Drivers "Zune" = Zune [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM) "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0CC21836-A5D6-4641-B4AE-6FA01D021E41}" = The Sims Medieval Pirates and Nobles "{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool "{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{242B2601-AF61-42B7-B6DB-B1C34FE5830F}" = Wii Xploder Cheat Saves and Media Manager "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64) "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX "{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin "{4869414E-7AEA-4C8E-BE1C-8D40977FD517}" = Adobe Illustrator CS6 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A3FCC59-5231-4634-882C-BF8B511392C5}" = calibre "{4D826618-59C6-11D4-976E-00C04F8EEB39}" = Macromedia FreeHand 10 "{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{75D84EF7-0D8C-4E70-B3FA-7B42A5D4E0EB}" = Mass Effect 2 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7C503E58-B2BC-11D5-978A-0050BA84F5F7}" = Neverwinter Nights "{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = The Sims Medieval "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2 "{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{930B2432-43D4-11D5-9871-00C04F8EEB39}" = Macromedia Fireworks MX "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9E6E8929-ECC5-4941-9898-C7C66ACE49F1}_is1" = Game Collector "{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver 4 "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B77128D1-6826-437A-BD8E-8828809A2A95}" = SpyroDriver "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6 "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10 "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari "{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CFB770D7-8D43-1014-922B-CC2715FADE3F}" = Adobe InDesign CS6 "{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}" = EA Shared Game Component: Activation "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility "{D9B5AE52-FEF9-4E5C-A63E-06A6638B2935}" = Nero Kwik Media "{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime "{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0 "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic "{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 9.20 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "BookSmart® 2.6.1 2.6.1" = BookSmart® 2.6.1 2.6.1 "Canon MOV Decoder" = Canon MOV Decoder "Canon MOV Encoder" = Canon MOV Encoder "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager "Collectorz.com Game Collector" = Collectorz.com Game Collector "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation "DPP" = Canon Utilities Digital Photo Professional 3.10 "DVD Decrypter" = DVD Decrypter (Remove Only) "EA Installer.-51898936" = EA Installer "EAGLE 6.2.0" = EAGLE 6.2.0 "EOS Sample Music" = Canon Utilities EOS Sample Music "EOS Utility" = Canon Utilities EOS Utility "EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX "FileZilla Client" = FileZilla Client 3.5.3 "Google Chrome" = Google Chrome "Google Chrome Frame" = Google Chrome Frame "InstallShield_{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0 "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube "Mozilla Firefox 16.0.2 (x86 en-GB)" = Mozilla Firefox 16.0.2 (x86 en-GB) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "Origin" = Origin "PhotoStitch" = Canon Utilities PhotoStitch "Picture Style Editor" = Canon Utilities Picture Style Editor "PSP Grader" = PSP Grader v006 - Lite "SQLyog Community" = SQLyog Community 9.10 "Steam App 11450" = Overlord "Steam App 12710" = Overlord: Raising Hell "Steam App 12810" = Overlord II "Steam App 45100" = Secret of the Magic Crystal "Steam App 7210" = Runaway: A Road Adventure "Steam App 73020" = Majesty 2 Collection "Steam App 99100" = Dungeons & Dragons: Daggerdale "Toolbar Cleaner" = Toolbar Cleaner 1.1 "VLC media player" = VLC media player 1.1.11 "WELLON" = WELLON Uninstall "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "WinUAE" = WinUAE 2.4.1 "xampp" = XAMPP 1.7.4 "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-4206473431-1901331103-635293204-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Facebook Plug-In" = Facebook Plug-In ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 8/28/2011 3:06:46 AM | Computer Name = Damo-PC | Source = Bonjour Service | ID = 100 Description = 452: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.) Error - 8/28/2011 3:06:46 AM | Computer Name = Damo-PC | Source = Bonjour Service | ID = 100 Description = 320: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.) Error - 8/28/2011 3:06:46 AM | Computer Name = Damo-PC | Source = Bonjour Service | ID = 100 Description = 488: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.) Error - 8/28/2011 3:07:29 AM | Computer Name = Damo-PC | Source = Bonjour Service | ID = 100 Description = 488: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.) Error - 8/28/2011 5:29:17 PM | Computer Name = Damo-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\program files (x86)\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. Error - 8/29/2011 5:23:48 PM | Computer Name = Damo-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\program files (x86)\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. Error - 8/30/2011 5:21:12 PM | Computer Name = Damo-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\program files (x86)\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. Error - 8/31/2011 5:26:57 PM | Computer Name = Damo-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\program files (x86)\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. Error - 9/2/2011 5:42:51 PM | Computer Name = Damo-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\program files (x86)\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. Error - 9/25/2011 5:20:35 AM | Computer Name = Damo-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\program files (x86)\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. [ Media Center Events ] Error - 9/16/2010 4:45:46 AM | Computer Name = Damo-PC | Source = MCUpdate | ID = 0 Description = 6:45:46 PM - Error connecting to the internet. 6:45:46 PM - Unable to contact server.. Error - 9/16/2010 4:46:23 AM | Computer Name = Damo-PC | Source = MCUpdate | ID = 0 Description = 6:46:15 PM - Error connecting to the internet. 6:46:15 PM - Unable to contact server.. [ System Events ] Error - 11/8/2012 4:59:26 PM | Computer Name = Damo-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: SBRE Error - 11/9/2012 5:47:57 AM | Computer Name = Damo-PC | Source = DCOM | ID = 10016 Description = Error - 11/9/2012 5:08:23 PM | Computer Name = Damo-PC | Source = Service Control Manager | ID = 7000 Description = The NTPort Library Driver service failed to start due to the following error: %%2 Error - 11/9/2012 5:08:25 PM | Computer Name = Damo-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: SBRE Error - 11/9/2012 7:04:31 PM | Computer Name = Damo-PC | Source = Service Control Manager | ID = 7000 Description = The NTPort Library Driver service failed to start due to the following error: %%2 Error - 11/9/2012 7:04:33 PM | Computer Name = Damo-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: SBRE Error - 11/10/2012 5:08:12 PM | Computer Name = Damo-PC | Source = Service Control Manager | ID = 7000 Description = The NTPort Library Driver service failed to start due to the following error: %%2 Error - 11/10/2012 5:08:15 PM | Computer Name = Damo-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: SBRE Error - 11/11/2012 3:38:07 PM | Computer Name = Damo-PC | Source = Service Control Manager | ID = 7000 Description = The NTPort Library Driver service failed to start due to the following error: %%2 Error - 11/11/2012 3:38:08 PM | Computer Name = Damo-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: SBRE < End of report > -
Another Google Redirect issue - repost
Tehkella replied to Tehkella's topic in Resolved Malware Removal Logs
OTL.txt: OTL logfile created on: 11/12/2012 9:40:13 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Damo\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 2.00 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 61.26% Memory free 4.00 Gb Paging File | 2.62 Gb Available in Paging File | 65.48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931.41 Gb Total Space | 530.21 Gb Free Space | 56.93% Space Free | Partition Type: NTFS Drive E: | 100.00 Mb Total Space | 60.73 Mb Free Space | 60.74% Space Free | Partition Type: NTFS Computer Name: DAMO-PC | User Name: Damo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/11/12 09:21:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Damo\Downloads\OTL.exe PRC - [2012/10/25 08:44:35 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/08/05 09:07:59 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2012/04/04 06:25:00 | 000,295,584 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe PRC - [2011/03/29 16:33:08 | 000,598,312 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2009/12/24 08:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe PRC - [2009/10/07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\LVPrS64H.exe PRC - [2009/07/16 15:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe PRC - [2008/12/19 14:17:24 | 000,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe ========== Modules (No Company Name) ========== MOD - [2012/10/25 08:44:35 | 020,317,008 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2012/10/25 08:44:34 | 000,902,480 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll MOD - [2012/10/25 08:44:33 | 001,099,616 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll MOD - [2012/10/25 08:44:33 | 000,190,816 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll MOD - [2012/10/25 08:44:33 | 000,123,232 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll MOD - [2012/01/09 00:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll MOD - [2011/06/24 23:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 23:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe MOD - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe MOD - [2009/07/16 15:36:20 | 000,138,000 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll MOD - [2009/07/16 15:36:16 | 000,035,088 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qico4.dll MOD - [2009/07/16 15:36:16 | 000,028,944 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll MOD - [2009/07/16 15:35:30 | 000,027,408 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\SDL.dll MOD - [2009/07/16 15:35:20 | 000,363,792 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\qtxml4.dll MOD - [2009/07/16 15:35:08 | 011,311,888 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtWebKit4.dll MOD - [2009/07/16 15:34:56 | 000,199,952 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\qtsql4.dll MOD - [2009/07/16 15:34:46 | 000,475,408 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtOpenGL4.dll MOD - [2009/07/16 15:34:34 | 000,968,976 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtNetwork4.dll MOD - [2009/07/16 15:34:22 | 007,704,336 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtGui4.dll MOD - [2009/07/16 15:34:22 | 002,140,944 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtCore4.dll MOD - [2009/07/16 15:34:12 | 000,291,600 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\phonon4.dll ========== Services (SafeList) ========== SRV:64bit: - [2011/08/05 13:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV:64bit: - [2011/08/05 13:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm) SRV:64bit: - [2011/08/05 13:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV:64bit: - [2009/10/07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64) SRV:64bit: - [2009/07/14 12:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 12:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012/10/28 12:57:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/10/25 08:44:35 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/10/09 17:38:34 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/07/13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/03/29 16:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/12/24 08:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009/06/11 08:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/03/01 17:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/06/13 20:08:18 | 000,503,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2011/04/13 16:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011/03/11 17:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 17:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/21 00:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 22:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 21:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010/08/12 13:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET) DRV:64bit: - [2009/10/07 19:49:27 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon) DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64) DRV:64bit: - [2009/07/14 12:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 12:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 12:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/11 07:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009/06/11 07:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/11 07:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/11 07:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/11 07:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV:64bit: - [2008/05/02 10:59:08 | 000,008,704 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt) DRV:64bit: - [2008/05/02 10:58:50 | 000,008,704 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2008/05/02 10:58:48 | 000,023,552 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64) DRV:64bit: - [2008/05/02 10:58:48 | 000,018,432 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64) DRV:64bit: - [2007/10/24 04:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV - [2009/07/14 12:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2002/11/30 01:02:40 | 000,006,560 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\zntport.sys -- (zntport) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4206473431-1901331103-635293204-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-4206473431-1901331103-635293204-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/ IE - HKU\S-1-5-21-4206473431-1901331103-635293204-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU IE - HKU\S-1-5-21-4206473431-1901331103-635293204-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 15 21 B2 23 88 CD 01 [binary data] IE - HKU\S-1-5-21-4206473431-1901331103-635293204-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-4206473431-1901331103-635293204-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-4206473431-1901331103-635293204-1000\..\SearchScopes,DefaultScope = {3AE5DE57-2E42-42A9-A530-CEA09312056A} IE - HKU\S-1-5-21-4206473431-1901331103-635293204-1000\..\SearchScopes\{3AE5DE57-2E42-42A9-A530-CEA09312056A}: "URL" = http://www.google.com/search?q={sear'>http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8'>http://www.google.com/search?q={sear'>http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-4206473431-1901331103-635293204-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear'>http://www.google.com/search?q={sear IE - HKU\S-1-5-21-4206473431-1901331103-635293204-1000\..\SearchScopes\{F5BA5BBE-9AD6-4131-B0FB-D70068D6AE48}: "URL" = http://au.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms} IE - HKU\S-1-5-21-4206473431-1901331103-635293204-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4206473431-1901331103-635293204-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.igoogle.com" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}:5.0.17 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.3 FF - prefs.js..keyword.URL: "http://www.google.com/search?q="'>http://www.google.com/search?q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Damo\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Damo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Damo\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Damo\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Damo\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/09 17:35:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/09 17:35:55 | 000,000,000 | ---D | M] [2010/06/04 21:43:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Damo\AppData\Roaming\Mozilla\Extensions [2012/10/25 15:10:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Damo\AppData\Roaming\Mozilla\Firefox\Profiles\lis43cba.default\extensions [2012/04/20 22:08:35 | 000,021,093 | ---- | M] () (No name found) -- C:\Users\Damo\AppData\Roaming\Mozilla\Firefox\Profiles\lis43cba.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012/10/30 10:51:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/10/28 12:57:07 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2012/10/28 12:57:39 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/05/11 19:30:34 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml [2012/08/29 22:36:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/05/11 19:30:34 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml [2012/05/11 19:30:34 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml [2012/10/19 17:34:56 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml [2012/05/11 19:30:34 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Damo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Damo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Damo\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - plugin: Harmony Firefox Plugin (Enabled) = C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Damo\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll O1 HOSTS File: ([2012/11/10 10:03:08 | 000,000,835 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\23.0.1271.64\npchrome_frame.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-21-4206473431-1901331103-635293204-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-4206473431-1901331103-635293204-1000..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) O4 - HKU\S-1-5-21-4206473431-1901331103-635293204-1000..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.) O4 - HKU\S-1-5-21-4206473431-1901331103-635293204-1000..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-4206473431-1901331103-635293204-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe (Adobe Systems Incorporated) O4 - Startup: C:\Users\Damo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4206473431-1901331103-635293204-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4206473431-1901331103-635293204-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-4206473431-1901331103-635293204-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81C6F2BC-C495-4B89-8B3D-4EB2A34DFD99}: DhcpNameServer = 10.1.1.1 O18:64bit: - Protocol\Handler\gcf - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\23.0.1271.64\npchrome_frame.dll (Google Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/11/11 20:42:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM [2012/11/11 17:52:19 | 000,000,000 | ---D | C] -- C:\Users\Damo\Desktop\Adobe Illustrator CS6 [2012/11/10 10:02:03 | 000,000,000 | ---D | C] -- C:\Users\Damo\Desktop\Complete Internet Repair [2012/11/09 17:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012/11/08 19:15:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/11/06 21:39:02 | 000,000,000 | ---D | C] -- C:\Users\Damo\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012/11/04 23:57:31 | 000,000,000 | ---D | C] -- C:\Users\Damo\AppData\Roaming\PDAppFlex [2012/11/04 23:55:21 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2012/11/04 23:52:54 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012/11/04 23:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012/11/04 21:17:11 | 000,000,000 | ---D | C] -- C:\Users\Damo\Documents\Outlook Files [2012/11/04 20:29:44 | 000,000,000 | ---D | C] -- C:\Users\Damo\Desktop\Adobe InDesign CS6 [2012/11/04 20:26:57 | 000,000,000 | ---D | C] -- C:\Users\Damo\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012/11/04 20:26:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant [2012/11/02 00:05:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2012/10/30 23:25:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012/10/30 10:59:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/10/30 10:58:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012/10/30 10:49:56 | 000,000,000 | ---D | C] -- C:\Users\Damo\Desktop\JavaRa [2012/10/29 22:13:03 | 000,000,000 | ---D | C] -- C:\Users\Damo\Desktop\RK_Quarantine [2012/10/29 12:33:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/10/29 12:33:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/10/29 12:33:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/10/29 09:44:42 | 004,997,881 | R--- | C] (Swearware) -- C:\Users\Damo\Desktop\ComboFix.exe [2012/10/28 12:57:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012/10/26 10:41:21 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/10/26 10:40:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/10/19 11:03:29 | 000,000,000 | ---D | C] -- C:\Users\Damo\Documents\D&D [2012/10/14 22:58:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/10/14 22:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/10/14 22:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/10/14 22:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/11/12 09:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/11/12 09:28:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/11/12 09:15:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4206473431-1901331103-635293204-1000UA.job [2012/11/12 06:45:28 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/12 06:45:28 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/12 06:44:02 | 000,783,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/11/12 06:44:02 | 000,667,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/11/12 06:44:02 | 000,126,128 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/11/12 06:38:03 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/11/12 06:37:53 | 005,071,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/11/12 06:37:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/11/12 06:37:34 | 1610,260,480 | -HS- | M] () -- C:\hiberfil.sys [2012/11/11 20:46:24 | 000,113,356 | ---- | M] () -- C:\Users\Damo\Desktop\Img_1875.jpg [2012/11/11 20:45:08 | 000,100,569 | ---- | M] () -- C:\Users\Damo\Desktop\Img_1870.jpg [2012/11/11 20:42:32 | 000,192,607 | ---- | M] () -- C:\Users\Damo\Desktop\Img_1851.jpg [2012/11/11 13:15:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4206473431-1901331103-635293204-1000Core.job [2012/11/10 10:03:08 | 000,000,835 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/11/09 17:35:48 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/11/08 13:12:19 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk [2012/11/07 11:21:26 | 004,997,881 | R--- | M] (Swearware) -- C:\Users\Damo\Desktop\ComboFix.exe [2012/11/05 21:34:21 | 000,051,704 | ---- | M] () -- C:\Users\Damo\Desktop\bellehtrap.jpg [2012/11/05 16:37:18 | 000,206,012 | ---- | M] () -- C:\Users\Damo\Desktop\D_Absolom.pdf [2012/11/04 21:17:18 | 000,001,131 | ---- | M] () -- C:\Users\Damo\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk [2012/11/04 20:26:55 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk [2012/11/04 11:12:22 | 000,036,752 | ---- | M] () -- C:\Users\Damo\Desktop\Img_1823.jpg [2012/11/04 11:11:03 | 000,089,771 | ---- | M] () -- C:\Users\Damo\Desktop\Img_1822.jpg [2012/11/02 00:05:05 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2012/10/29 22:11:30 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2012/10/28 14:31:33 | 000,002,044 | ---- | M] () -- C:\Users\Damo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012/10/26 00:54:41 | 000,000,512 | ---- | M] () -- C:\Users\Damo\Desktop\MBR.dat [2012/10/25 10:02:22 | 000,086,016 | RHS- | M] () -- C:\Windows\SysWow64\WMNetMgre.dll [2012/10/14 22:58:14 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/11/11 20:46:24 | 000,113,356 | ---- | C] () -- C:\Users\Damo\Desktop\Img_1875.jpg [2012/11/11 20:45:08 | 000,100,569 | ---- | C] () -- C:\Users\Damo\Desktop\Img_1870.jpg [2012/11/11 20:42:32 | 000,192,607 | ---- | C] () -- C:\Users\Damo\Desktop\Img_1851.jpg [2012/11/11 20:42:25 | 000,001,650 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6.lnk [2012/11/09 17:35:48 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/11/05 21:34:21 | 000,051,704 | ---- | C] () -- C:\Users\Damo\Desktop\bellehtrap.jpg [2012/11/05 16:37:18 | 000,206,012 | ---- | C] () -- C:\Users\Damo\Desktop\D_Absolom.pdf [2012/11/04 23:54:56 | 000,001,195 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CS6.lnk [2012/11/04 23:53:32 | 000,001,169 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk [2012/11/04 23:53:14 | 000,001,353 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk [2012/11/04 23:53:11 | 000,001,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk [2012/11/04 23:53:00 | 000,001,090 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS6.lnk [2012/11/04 23:51:51 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2012/11/04 21:17:18 | 000,001,131 | ---- | C] () -- C:\Users\Damo\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk [2012/11/04 20:26:55 | 000,001,043 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk [2012/11/04 20:26:55 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk [2012/11/04 11:12:22 | 000,036,752 | ---- | C] () -- C:\Users\Damo\Desktop\Img_1823.jpg [2012/11/04 11:11:03 | 000,089,771 | ---- | C] () -- C:\Users\Damo\Desktop\Img_1822.jpg [2012/11/02 00:05:05 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2012/11/02 00:05:05 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2012/10/29 12:33:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/10/29 12:33:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/10/29 12:33:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/10/29 12:33:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/10/29 12:33:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/10/25 23:20:54 | 000,000,512 | ---- | C] () -- C:\Users\Damo\Desktop\MBR.dat [2012/10/25 15:04:18 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif [2012/10/25 10:02:22 | 000,086,016 | RHS- | C] () -- C:\Windows\SysWow64\WMNetMgre.dll [2012/10/14 22:58:14 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/09/03 22:06:33 | 000,000,113 | ---- | C] () -- C:\Windows\wininit.ini [2012/08/30 11:21:37 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2012/04/05 22:26:44 | 000,207,964 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011/10/14 17:47:06 | 000,000,045 | ---- | C] () -- C:\Users\Damo\StencylWorks.prefs [2011/09/02 13:15:18 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2011/07/21 00:49:37 | 000,000,040 | ---- | C] () -- C:\Windows\RUNAWAY.INI [2011/07/12 19:13:54 | 000,768,778 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/06/13 21:08:08 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2011/03/10 16:07:35 | 000,003,360 | ---- | C] () -- C:\Users\Damo\.ganttproject ========== ZeroAccess Check ========== [2009/07/14 15:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 16:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 15:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 12:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 12:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/01/20 18:55:35 | 000,000,000 | ---D | M] -- C:\Users\Damo\AppData\Roaming\AVG2012 [2012/11/10 00:41:29 | 000,000,000 | ---D | M] -- C:\Users\Damo\AppData\Roaming\Azureus [2012/08/12 22:10:16 | 000,000,000 | ---D | M] -- C:\Users\Damo\AppData\Roaming\CadSoft [2012/05/12 01:27:09 | 000,000,000 | ---D | M] -- C:\Users\Damo\AppData\Roaming\calibre [2012/09/09 15:29:11 | 000,000,000 | ---D | M] -- C:\Users\Damo\AppData\Roaming\Canon [2012/11/04 20:26:57 | 000,000,000 | ---D | M] -- C:\Users\Damo\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2010/06/14 20:40:23 | 000,000,000 | ---D | M] -- C:\Users\Damo\AppData\Roaming\Facebook [2011/07/25 21:29:13 | 000,000,000 | ---D | M] -- C:\Users\Damo\AppData\Roaming\Faerie Solitaire [2012/10/31 11:11:57 | 000,000,000 | ---D | M] -- C:\Users\Damo\AppData\Roaming\FileZilla [2010/08/13 13:33:15 | 000,000,000 | ---D | M] -- C:\Users\Damo\AppData\Roaming\ICAClient [2010/10/21 10:08:10 | 000,000,000 | ---D | M] -- C:\Users\Damo\AppData\Roaming\Leadertech [2011/08/25 01:05:59 | 000,000,000 | ---D | M] -- C:\Users\Damo\AppData\Roaming\MySQL [2012/09/27 11:11:54 | 000,000,000 | ---D | M] -- C:\Users\Damo\AppData\Roaming\Nico Mak Computing [2012/11/04 23:57:31 | 000,000,000 | ---D | M] -- C:\Users\Damo\AppData\Roaming\PDAppFlex [2011/03/10 17:20:27 | 000,000,000 | ---D | M] -- C:\Users\Damo\AppData\Roaming\SmartDraw [2011/07/26 19:31:17 | 000,000,000 | ---D | M] -- C:\Users\Damo\AppData\Roaming\SQLyog [2012/11/06 21:39:02 | 000,000,000 | ---D | M] -- C:\Users\Damo\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011/07/03 21:53:50 | 000,000,000 | ---D | M] -- C:\Users\Damo\AppData\Roaming\yWorks ========== Purity Check ========== < End of report > -
Another Google Redirect issue - repost
Tehkella replied to Tehkella's topic in Resolved Malware Removal Logs
Hi again - MiniToolBox log as requested: MiniToolBox by Farbar Version: 10-11-2012 02 Ran by Damo (administrator) on 11-11-2012 at 14:05:01 Windows 7 Professional Service Pack 1 (X64) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. ProxyServer: proxy.tas.gov.au:8080 "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= FF Proxy Settings: ============================== "network.proxy.type", 0 "Reset FF Proxy Settings": Firefox Proxy settings were reset. ========================= Hosts content: ================================= ========================= IP Configuration: ================================ NVIDIA nForce 10/100 Mbps Ethernet = Local Area Connection (Connected) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : Damo-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet Physical Address. . . . . . . . . : 00-24-1D-A4-4B-04 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::4dc2:3d7b:23be:85ed%10(Preferred) IPv4 Address. . . . . . . . . . . : 10.1.1.2(Preferred) Subnet Mask . . . . . . . . . . . : 255.0.0.0 Lease Obtained. . . . . . . . . . : Sunday, 11 November 2012 8:08:17 AM Lease Expires . . . . . . . . . . : Sunday, 11 November 2012 2:38:17 PM Default Gateway . . . . . . . . . : 10.1.1.1 DHCP Server . . . . . . . . . . . : 10.1.1.1 DHCPv6 IAID . . . . . . . . . . . : 234890269 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-9A-E1-D7-00-24-1D-A4-4B-04 DNS Servers . . . . . . . . . . . : 10.1.1.1 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter isatap.{81C6F2BC-C495-4B89-8B3D-4EB2A34DFD99}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:2cbf:fbc:f5fe:fefd(Preferred) Link-local IPv6 Address . . . . . : fe80::2cbf:fbc:f5fe:fefd%13(Preferred) Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : Disabled Server: mygateway1.ar7 Address: 10.1.1.1 Name: google.com Addresses: 74.125.237.35 74.125.237.39 74.125.237.32 74.125.237.37 74.125.237.33 74.125.237.38 74.125.237.36 74.125.237.46 74.125.237.34 74.125.237.41 74.125.237.40 Pinging google.com [74.125.237.35] with 32 bytes of data: Reply from 74.125.237.35: bytes=32 time=37ms TTL=56 Reply from 74.125.237.35: bytes=32 time=37ms TTL=56 Ping statistics for 74.125.237.35: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 37ms, Maximum = 37ms, Average = 37ms Server: mygateway1.ar7 Address: 10.1.1.1 Name: yahoo.com Addresses: 98.139.183.24 72.30.38.140 98.138.253.109 Pinging yahoo.com [98.139.183.24] with 32 bytes of data: Reply from 98.139.183.24: bytes=32 time=328ms TTL=48 Reply from 98.139.183.24: bytes=32 time=301ms TTL=48 Ping statistics for 98.139.183.24: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 301ms, Maximum = 328ms, Average = 314ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 10...00 24 1d a4 4b 04 ......NVIDIA nForce 10/100 Mbps Ethernet 1...........................Software Loopback Interface 1 11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.1.1.1 10.1.1.2 20 10.0.0.0 255.0.0.0 On-link 10.1.1.2 276 10.1.1.2 255.255.255.255 On-link 10.1.1.2 276 10.255.255.255 255.255.255.255 On-link 10.1.1.2 276 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 10.1.1.2 276 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 10.1.1.2 276 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 13 58 ::/0 On-link 1 306 ::1/128 On-link 13 58 2001::/32 On-link 13 306 2001:0:9d38:953c:2cbf:fbc:f5fe:fefd/128 On-link 10 276 fe80::/64 On-link 13 306 fe80::/64 On-link 13 306 fe80::2cbf:fbc:f5fe:fefd/128 On-link 10 276 fe80::4dc2:3d7b:23be:85ed/128 On-link 1 306 ff00::/8 On-link 13 306 ff00::/8 On-link 10 276 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation) Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation) Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.) Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.) Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation) Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation) x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation) x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.) x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.) x64-Catalog5 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation) x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.) x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (11/09/2012 00:50:38 AM) (Source: Application Error) (User: ) Description: Faulting application name: iexplore.exe, version: 9.0.8112.16450, time stamp: 0x503723f6 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process id: 0x10c4 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Error: (11/08/2012 11:23:04 PM) (Source: Application Error) (User: ) Description: Faulting application name: iexplore.exe, version: 9.0.8112.16450, time stamp: 0x503723f6 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process id: 0x498 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Error: (11/08/2012 11:22:46 PM) (Source: Application Error) (User: ) Description: Faulting application name: iexplore.exe, version: 9.0.8112.16450, time stamp: 0x503723f6 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process id: 0x6f8 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Error: (11/07/2012 09:33:04 AM) (Source: Application Error) (User: ) Description: Faulting application name: chrome.exe, version: 23.0.1271.64, time stamp: 0x507531a4 Faulting module name: chrome.exe, version: 23.0.1271.64, time stamp: 0x507531a4 Exception code: 0xc0000005 Fault offset: 0x00009332 Faulting process id: 0xca4 Faulting application start time: 0xchrome.exe0 Faulting application path: chrome.exe1 Faulting module path: chrome.exe2 Report Id: chrome.exe3 Error: (11/03/2012 00:16:06 AM) (Source: Microsoft Office 14) (User: ) Description: Microsoft Outlook: Rejected Safe Mode action : Outlook failed to start correctly last time. Starting Outlook in safe mode will help you correct or isolate a startup problem in order to successfully start the program. Some functionality may be disabled in this mode. Do you want to start Outlook in safe mode?. Rejected Safe Mode action : Microsoft Outlook. Error: (10/28/2012 00:34:15 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (10/27/2012 09:49:54 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (10/27/2012 03:45:05 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (10/25/2012 03:04:19 PM) (Source: Microsoft Security Client Setup) (User: Damo-PC) Description: HRESULT:0x8004FF81 Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x8004FF81. Error: (10/25/2012 02:56:51 PM) (Source: MsiInstaller) (User: Damo-PC) Description: Product: Microsoft Security Client -- Error 1920. Service 'Microsoft Antimalware Service' (MsMpSvc) failed to start. Verify that you have sufficient privileges to start system services. System errors: ============= Error: (11/11/2012 08:08:15 AM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: SBRE Error: (11/11/2012 08:08:12 AM) (Source: Service Control Manager) (User: ) Description: The NTPort Library Driver service failed to start due to the following error: %%2 Error: (11/10/2012 10:04:33 AM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: SBRE Error: (11/10/2012 10:04:31 AM) (Source: Service Control Manager) (User: ) Description: The NTPort Library Driver service failed to start due to the following error: %%2 Error: (11/10/2012 08:08:25 AM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: SBRE Error: (11/10/2012 08:08:23 AM) (Source: Service Control Manager) (User: ) Description: The NTPort Library Driver service failed to start due to the following error: %%2 Error: (11/09/2012 08:47:57 PM) (Source: DCOM) (User: Damo-PC) Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Damo-PCDamoS-1-5-21-4206473431-1901331103-635293204-1000LocalHost (Using LRPC) Error: (11/09/2012 07:59:26 AM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: SBRE Error: (11/09/2012 07:59:22 AM) (Source: Service Control Manager) (User: ) Description: The NTPort Library Driver service failed to start due to the following error: %%2 Error: (11/08/2012 06:56:08 PM) (Source: Service Control Manager) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Microsoft Office Sessions: ========================= Error: (11/09/2012 00:50:38 AM) (Source: Application Error)(User: ) Description: iexplore.exe9.0.8112.16450503723f6ntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c310c401cdbdb7ef46e4f0C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\ntdll.dll46d83890-29ab-11e2-baf5-00241da44b04 Error: (11/08/2012 11:23:04 PM) (Source: Application Error)(User: ) Description: iexplore.exe9.0.8112.16450503723f6ntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c349801cdbdabc5375700C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\ntdll.dll0ac94670-299f-11e2-baf5-00241da44b04 Error: (11/08/2012 11:22:46 PM) (Source: Application Error)(User: ) Description: iexplore.exe9.0.8112.16450503723f6ntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c36f801cdbd9ff1fe77c0C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\ntdll.dll00764ce0-299f-11e2-baf5-00241da44b04 Error: (11/07/2012 09:33:04 AM) (Source: Application Error)(User: ) Description: chrome.exe23.0.1271.64507531a4chrome.exe23.0.1271.64507531a4c000000500009332ca401cdbc6eac6b3d10C:\Program Files (x86)\Google\Chrome Frame\Application\chrome.exeC:\Program Files (x86)\Google\Chrome Frame\Application\chrome.exeed4b3d30-2861-11e2-8621-00241da44b04 Error: (11/03/2012 00:16:06 AM) (Source: Microsoft Office 14)(User: ) Description: Microsoft OutlookOutlook failed to start correctly last time. Starting Outlook in safe mode will help you correct or isolate a startup problem in order to successfully start the program. Some functionality may be disabled in this mode. Do you want to start Outlook in safe mode? Error: (10/28/2012 00:34:15 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe Error: (10/27/2012 09:49:54 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (10/27/2012 03:45:05 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe Error: (10/25/2012 03:04:19 PM) (Source: Microsoft Security Client Setup)(User: Damo-PC) Description: HRESULT:0x8004FF81 Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x8004FF81. Error: (10/25/2012 02:56:51 PM) (Source: MsiInstaller)(User: Damo-PC) Description: Product: Microsoft Security Client -- Error 1920. Service 'Microsoft Antimalware Service' (MsMpSvc) failed to start. Verify that you have sufficient privileges to start system services.(NULL)(NULL)(NULL)(NULL)(NULL) CodeIntegrity Errors: =================================== Date: 2012-11-08 18:55:36.480 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-11-08 18:55:36.378 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-11-08 18:55:36.259 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-11-08 18:55:36.157 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-11-07 11:34:05.775 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-11-07 11:34:05.669 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-11-07 11:34:05.561 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-11-07 11:34:05.454 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-10-29 12:45:01.858 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-10-29 12:45:01.762 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. =========================== Installed Programs ============================ 7-Zip 9.20 Acrobat.com (Version: 2.1.0) Acrobat.com (Version: 2.1.0.0) Adobe AIR (Version: 3.4.0.2710) Adobe Download Assistant (Version: 1.2.3) Adobe Flash Player 11 ActiveX (Version: 11.4.402.287) Adobe Flash Player 11 Plugin (Version: 11.4.402.287) Adobe Help Manager (Version: 4.0.244) Adobe InDesign CS6 (Version: 8.0) Adobe Reader XI (Version: 11.0.00) Adobe Shockwave Player 11.6 (Version: 11.6.1.629) Apple Application Support (Version: 2.3) Apple Mobile Device Support (Version: 6.0.0.59) Apple Software Update (Version: 2.1.3.127) Bonjour (Version: 3.0.0.10) BookSmart® 2.6.1 2.6.1 Brother P-touch Editor 5.0 (Version: 5.0.1220) calibre (Version: 0.9.5) Canon MOV Decoder (Version: 1.8.0.7) Canon MOV Encoder (Version: 1.6.0.1) Canon MovieEdit Task for ZoomBrowser EX (Version: 3.7.0.4) Canon Utilities Digital Photo Professional 3.10 (Version: 3.10.2.0) Canon Utilities EOS Sample Music (Version: 1.0.0.204) Canon Utilities EOS Utility (Version: 2.10.2.0) Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (Version: 1.0.0.10) Canon Utilities Movie Uploader for YouTube (Version: 1.2.0.7) Canon Utilities PhotoStitch (Version: 3.1.22.46) Canon Utilities Picture Style Editor (Version: 1.9.0.0) Canon Utilities ZoomBrowser EX (Version: 6.7.0.24) Canon ZoomBrowser EX Memory Card Utility (Version: 1.5.0.9) CCleaner (Version: 3.22) Citrix XenApp Web Plugin (Version: 11.0.0.5357) Collectorz.com Game Collector D3DX10 (Version: 15.4.2368.0902) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dungeons & Dragons: Daggerdale DVD Decrypter (Remove Only) EA Installer (Version: 2.2.0.62) EA Shared Game Component: Activation (Version: 2.2.0) EA Shared Game Component: Activation (Version: 2.2.0.62) EAGLE 6.2.0 (Version: 6.2.0) Facebook Plug-In FileZilla Client 3.5.3 (Version: 3.5.3) Google Chrome (Version: 23.0.1271.64) Google Chrome Frame (Version: 23.0.1271.64) Google Talk Plugin (Version: 3.10.2.10212) Google Update Helper (Version: 1.3.21.123) High-Definition Video Playback (Version: 7.3.10800.5.0) HP USB Disk Storage Format Tool Internet Explorer Toolbar 4.6 by SweetPacks (Version: 4.6.0003) iTunes (Version: 10.7.0.21) Java 7 Update 9 (Version: 7.0.90) Java Auto Updater (Version: 2.1.9.0) Logitech Harmony Remote Software (Version: 1.0.110307) Logitech Vid (Version: 1.10.1009) Logitech Webcam Software (Version: 12.10.1113) Logitech Webcam Software Driver Package (Version: 12.10.1110) Macromedia Dreamweaver 4 (Version: 4.0) Macromedia Dreamweaver MX (Version: 6.0) Macromedia Extension Manager (Version: 1.5) Macromedia Fireworks MX (Version: 6) Macromedia Flash MX (Version: 6) Macromedia FreeHand 10 (Version: 10) Majesty 2 Collection Mass Effect 2 (Version: 1.2.1604.0) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft IntelliPoint 8.1 (Version: 8.15.406.0) Microsoft IntelliType Pro 8.1 (Version: 8.15.406.0) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000) Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Silverlight (Version: 5.1.10411.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0) Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053) Microsoft_VC90_CRT_x86 (Version: 1.00.0000) Mozilla Firefox 16.0.2 (x86 en-GB) (Version: 16.0.2) Mozilla Maintenance Service (Version: 16.0.2) MSVCRT (Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) Nero 10 Movie ThemePack Basic (Version: 10.6.10000.1.0) Nero Core Components 10 (Version: 2.0.19800.9.10) Nero Dolby Files 10 (Version: 2.0.13000.0.10) Nero Kwik Media (Version: 10.6.11000) Nero Update (Version: 1.0.10900.31.0) NeroKwikMedia Help (CHM) (Version: 10.6.10700) Neverwinter Nights Nokia Connectivity Cable Driver (Version: 6.80.5.1) NVIDIA Control Panel 267.24 (Version: 267.24) NVIDIA Drivers (Version: 1.10.62.40) NVIDIA Graphics Driver 267.24 (Version: 267.24) NVIDIA Install Application (Version: 2.265.36.0) NVIDIA PhysX (Version: 9.09.0814) Origin (Version: 8.1.2.444) Overlord Overlord II Overlord: Raising Hell PDF Settings CS6 (Version: 11.0) Primo (Version: 1.00.0000) PSP Grader v006 - Lite (Version: v006 - Lite) PVSonyDll (Version: 1.00.0001) QuickTime (Version: 7.73.80.64) Runaway: A Road Adventure Runtime (Version: 1.00.0000) Safari (Version: 5.34.57.2) Secret of the Magic Crystal Skype™ 5.10 (Version: 5.10.116) Sony Picture Utility (Version: 4.2.00.15030) Spybot - Search & Destroy (Version: 1.6.2) SpyroDriver (Version: 1.06.0000) SpyroPortalDriver (Version: 1.0.0) SQLyog Community 9.10 (Version: 9.10 ) Steam (Version: 1.0.0.0) swMSM (Version: 12.0.0.1) The Sims 2 The Sims 2 University The Sims Medieval (Version: 2.0.113) The Sims Medieval Pirates and Nobles (Version: 2.0.109) Toolbar Cleaner 1.1 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Visual C++ 8.0 Runtime Setup Package (x64) (Version: 9.0.0.623) Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2) VLC media player 1.1.11 (Version: 1.1.11) VoiceOver Kit (Version: 1.42.128.0) WELLON Uninstall (Version: 4.1.0) Wii Xploder Cheat Saves and Media Manager (Version: 1.0.9.1) Windows Live Communications Platform (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3508.1109) Windows Live ID Sign-in Assistant (Version: 7.250.4225.0) Windows Live Installer (Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3508.1109) Windows Live Movie Maker (Version: 15.4.3502.0922) Windows Live Photo Common (Version: 15.4.3502.0922) Windows Live Photo Gallery (Version: 15.4.3502.0922) Windows Live PIMT Platform (Version: 15.4.3508.1109) Windows Live SOXE (Version: 15.4.3502.0922) Windows Live SOXE Definitions (Version: 15.4.3502.0922) Windows Live UX Platform (Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (Version: 15.4.3508.1109) Windows Mobile Device Updater Component (Version: 04.08.2345.00) WinRAR archiver WinUAE 2.4.1 (Version: 2.4.1) XAMPP 1.7.4 Zune (Version: 04.08.2345.00) Zune Language Pack (CHS) (Version: 04.08.2345.00) Zune Language Pack (CHT) (Version: 04.08.2345.00) Zune Language Pack (CSY) (Version: 04.08.2345.00) Zune Language Pack (DAN) (Version: 04.08.2345.00) Zune Language Pack (DEU) (Version: 04.08.2345.00) Zune Language Pack (ELL) (Version: 04.08.2345.00) Zune Language Pack (ESP) (Version: 04.08.2345.00) Zune Language Pack (FIN) (Version: 04.08.2345.00) Zune Language Pack (FRA) (Version: 04.08.2345.00) Zune Language Pack (HUN) (Version: 04.08.2345.00) Zune Language Pack (IND) (Version: 04.08.2345.00) Zune Language Pack (ITA) (Version: 04.08.2345.00) Zune Language Pack (JPN) (Version: 04.08.2345.00) Zune Language Pack (KOR) (Version: 04.08.2345.00) Zune Language Pack (MSL) (Version: 04.08.2345.00) Zune Language Pack (NLD) (Version: 04.08.2345.00) Zune Language Pack (NOR) (Version: 04.08.2345.00) Zune Language Pack (PLK) (Version: 04.08.2345.00) Zune Language Pack (PTB) (Version: 04.08.2345.00) Zune Language Pack (PTG) (Version: 04.08.2345.00) Zune Language Pack (RUS) (Version: 04.08.2345.00) Zune Language Pack (SVE) (Version: 04.08.2345.00) ========================= Devices: ================================ Name: Activision Xbox360 Spyro Portal Description: Activision Xbox360 Spyro Portal Class Guid: {4a9c2fa7-d63f-44c5-a247-bb3289a3739f} Manufacturer: Activision Service: WinUSB Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: SBRE Description: SBRE Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: SBRE Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ========================= Memory info: =================================== Percentage of memory in use: 40% Total physical RAM: 2047.55 MB Available physical RAM: 1225.46 MB Total Pagefile: 4095.11 MB Available Pagefile: 2544.92 MB Total Virtual: 4095.88 MB Available Virtual: 3966.95 MB ========================= Partitions: ===================================== 2 Drive c: () (Fixed) (Total:931.41 GB) (Free:534.21 GB) NTFS 4 Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ========================= Users: ======================================== User accounts for \\DAMO-PC Administrator Damo Guest ========================= Minidump Files ================================== No minidump file found **** End of log **** -
Another Google Redirect issue - repost
Tehkella replied to Tehkella's topic in Resolved Malware Removal Logs
Done as instructed - still redirecting unfortunately! -
Another Google Redirect issue - repost
Tehkella replied to Tehkella's topic in Resolved Malware Removal Logs
PS redirecting is happening again, I believe it reoccurs when the PC is restarted -
Another Google Redirect issue - repost
Tehkella replied to Tehkella's topic in Resolved Malware Removal Logs
Farbar Service Scanner Version: 07-11-2012 Ran by Damo (administrator) on 09-11-2012 at 12:01:23 Running from "C:\Users\Damo\Downloads" Microsoft Windows 7 Professional Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is set to Disabled. The default start type is Auto. The ImagePath of wscsvc service is OK. The ServiceDll of wscsvc service is OK. Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log **** -
Another Google Redirect issue - repost
Tehkella replied to Tehkella's topic in Resolved Malware Removal Logs
PS I still can't enable or turn on Windows Security Center - I am getting a different message now though "Error 1058 The service cannot be started, either because it is disabled or because it has no enabled devices associated with it" (same message for Windows Defender -
Another Google Redirect issue - repost
Tehkella replied to Tehkella's topic in Resolved Malware Removal Logs
Seems to be okay now, but this happened last time too. Was okay for a day or so, and then reoccurred. I'll report again tomorrow. -
Another Google Redirect issue - repost
Tehkella replied to Tehkella's topic in Resolved Malware Removal Logs
ComboFix 12-11-06.03 - Damo 08/11/2012 18:44:12.5.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.2048.920 [GMT 11:00] Running from: c:\users\Damo\Desktop\ComboFix.exe Command switches used :: c:\users\Damo\Desktop\CFScript.txt SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-10-08 to 2012-11-08 ))))))))))))))))))))))))))))))) . . 2012-11-08 07:56 . 2012-11-08 07:56 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-07 19:35 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{81B5F4C2-FC5A-4115-9645-A7D4474C589F}\mpengine.dll 2012-11-06 10:39 . 2012-11-06 10:39 -------- d-----w- c:\users\Damo\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 2012-11-04 12:57 . 2012-11-04 12:57 -------- d-----w- c:\users\Damo\AppData\Roaming\PDAppFlex 2012-11-04 12:55 . 2012-11-04 12:55 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2012-11-04 12:52 . 2012-11-04 12:52 -------- d-----w- c:\program files\Adobe 2012-11-04 12:52 . 2012-11-04 12:53 -------- d-----w- c:\program files\Common Files\Adobe 2012-11-04 09:26 . 2012-11-04 09:26 -------- d-----w- c:\users\Damo\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant 2012-11-04 09:26 . 2012-11-04 09:26 -------- d-----w- c:\program files (x86)\Adobe Download Assistant 2012-11-01 13:05 . 2012-11-04 12:53 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2012-10-30 12:25 . 2012-10-30 12:25 -------- d-----w- c:\programdata\Kaspersky Lab 2012-10-29 23:59 . 2012-10-29 23:59 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-10-29 23:58 . 2012-10-29 23:58 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-10-29 23:58 . 2012-10-29 23:58 -------- d-----w- c:\program files (x86)\Java 2012-10-24 23:02 . 2012-10-24 23:02 86016 --sha-r- c:\windows\SysWow64\WMNetMgre.dll 2012-10-14 11:58 . 2012-08-21 02:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-10-14 11:57 . 2012-10-14 11:57 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-10-14 11:57 . 2012-10-14 11:57 -------- d-----w- c:\program files\iTunes 2012-10-14 11:57 . 2012-10-14 11:57 -------- d-----w- c:\program files\iPod 2012-10-10 19:55 . 2012-08-20 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2012-10-10 19:55 . 2012-08-20 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-10-10 19:55 . 2012-08-20 15:33 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-10-10 19:55 . 2012-08-20 18:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-10-10 19:55 . 2012-08-20 17:32 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2012-10-10 19:55 . 2012-08-20 18:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-10-10 19:55 . 2012-08-20 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-10-10 19:55 . 2012-08-20 17:32 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll 2012-10-10 19:55 . 2012-08-20 15:38 2048 ----a-w- c:\windows\SysWow64\user.exe 2012-10-10 19:54 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-10-10 19:54 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-10-10 19:53 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-10 19:53 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-10-10 19:53 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll 2012-10-10 19:53 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll 2012-10-10 19:53 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll 2012-10-10 19:53 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-10 19:53 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-10 19:53 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-10-10 19:53 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-10-10 19:53 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-29 23:58 . 2012-05-10 12:11 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-10-29 23:58 . 2010-12-03 12:38 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-10-11 13:49 . 2010-06-03 23:53 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-10-09 06:38 . 2012-06-22 08:20 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-09 06:38 . 2011-07-19 08:12 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-24 11:15 . 2012-09-22 14:26 17810944 ----a-w- c:\windows\system32\mshtml.dll 2012-08-24 10:39 . 2012-09-22 14:26 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-08-24 10:31 . 2012-09-22 14:26 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 10:22 . 2012-09-22 14:26 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-08-24 10:21 . 2012-09-22 14:26 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 10:20 . 2012-09-22 14:26 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 10:18 . 2012-09-22 14:26 237056 ----a-w- c:\windows\system32\url.dll 2012-08-24 10:17 . 2012-09-22 14:26 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-08-24 10:14 . 2012-09-22 14:26 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 10:14 . 2012-09-22 14:26 816640 ----a-w- c:\windows\system32\jscript.dll 2012-08-24 10:13 . 2012-09-22 14:26 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 10:12 . 2012-09-22 14:26 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-08-24 10:11 . 2012-09-22 14:26 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-08-24 10:10 . 2012-09-22 14:26 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-08-24 10:09 . 2012-09-22 14:26 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-24 10:04 . 2012-09-22 14:26 248320 ----a-w- c:\windows\system32\ieui.dll 2012-08-24 06:59 . 2012-09-22 14:26 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-08-24 06:51 . 2012-09-22 14:26 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-08-24 06:51 . 2012-09-22 14:26 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-08-24 06:47 . 2012-09-22 14:26 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-08-24 06:47 . 2012-09-22 14:26 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-08-24 06:43 . 2012-09-22 14:26 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-08-22 18:12 . 2012-09-12 11:35 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 18:12 . 2012-09-12 11:35 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-12 11:35 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-12 11:35 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 21:01 . 2012-09-26 10:10 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-08-21 02:01 . 2010-06-04 11:19 125872 ----a-w- c:\windows\system32\GEARAspi64.dll 2012-08-21 02:01 . 2010-06-04 11:19 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll 2012-08-20 17:38 . 2012-10-10 19:56 44032 ----a-w- c:\windows\apppatch\acwow64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Vid"="c:\program files (x86)\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080] "AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-02 252848] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312] . c:\users\Damo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ PMB Media Check Tool.lnk - c:\program files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-6-5 333088] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 LVUVC64;Logitech Webcam 120(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288] R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2008-05-01 23552] R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2008-05-01 18432] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-04 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2007-10-23 53488] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-06-13 503352] S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-06 191000] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312] S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-06 30232] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-04-13 45432] . . Contents of the 'Scheduled Tasks' folder . 2012-11-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 06:38] . 2012-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-07 23:28] . 2012-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-07 23:28] . 2012-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4206473431-1901331103-635293204-1000Core.job - c:\users\Damo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-17 10:54] . 2012-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4206473431-1901331103-635293204-1000UA.job - c:\users\Damo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-17 10:54] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-03 446392] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.ninemsn.com.au/ uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyServer = proxy.tas.gov.au:8080 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 10.1.1.1 FF - ProfilePath - c:\users\Damo\AppData\Roaming\Mozilla\Firefox\Profiles\lis43cba.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.igoogle.com FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q= FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\09\00\19\04;\16?" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-08 18:58:56 ComboFix-quarantined-files.txt 2012-11-08 07:58 ComboFix2.txt 2012-11-07 00:37 ComboFix3.txt 2012-10-29 01:50 . Pre-Run: 576,447,893,504 bytes free Post-Run: 576,138,129,408 bytes free . - - End Of File - - 698F868057E42EC647488998983ED785 -
Another Google Redirect issue - repost
Tehkella replied to Tehkella's topic in Resolved Malware Removal Logs
ComboFix 12-11-06.03 - Damo 07/11/2012 11:24:39.4.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.2048.1032 [GMT 11:00] Running from: c:\users\Damo\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-10-07 to 2012-11-07 ))))))))))))))))))))))))))))))) . . 2012-11-07 00:34 . 2012-11-07 00:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-06 10:39 . 2012-11-06 10:39 -------- d-----w- c:\users\Damo\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 2012-11-04 12:57 . 2012-11-04 12:57 -------- d-----w- c:\users\Damo\AppData\Roaming\PDAppFlex 2012-11-04 12:55 . 2012-11-04 12:55 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2012-11-04 12:52 . 2012-11-04 12:52 -------- d-----w- c:\program files\Adobe 2012-11-04 12:52 . 2012-11-04 12:53 -------- d-----w- c:\program files\Common Files\Adobe 2012-11-04 09:26 . 2012-11-04 09:26 -------- d-----w- c:\users\Damo\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant 2012-11-04 09:26 . 2012-11-04 09:26 -------- d-----w- c:\program files (x86)\Adobe Download Assistant 2012-11-01 13:05 . 2012-11-04 12:53 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2012-10-30 12:25 . 2012-10-30 12:25 -------- d-----w- c:\programdata\Kaspersky Lab 2012-10-29 23:59 . 2012-10-29 23:59 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-10-29 23:58 . 2012-10-29 23:58 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-10-29 23:58 . 2012-10-29 23:58 -------- d-----w- c:\program files (x86)\Java 2012-10-27 14:06 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{842DE97E-A020-4FDF-841F-09AC0934677A}\mpengine.dll 2012-10-24 23:02 . 2012-10-24 23:02 86016 --sha-r- c:\windows\SysWow64\WMNetMgre.dll 2012-10-14 11:58 . 2012-08-21 02:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-10-14 11:57 . 2012-10-14 11:57 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-10-14 11:57 . 2012-10-14 11:57 -------- d-----w- c:\program files\iTunes 2012-10-14 11:57 . 2012-10-14 11:57 -------- d-----w- c:\program files\iPod 2012-10-10 19:55 . 2012-08-20 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2012-10-10 19:55 . 2012-08-20 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-10-10 19:55 . 2012-08-20 15:33 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-10-10 19:55 . 2012-08-20 18:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-10-10 19:55 . 2012-08-20 17:32 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2012-10-10 19:55 . 2012-08-20 18:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-10-10 19:55 . 2012-08-20 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-10-10 19:55 . 2012-08-20 17:32 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll 2012-10-10 19:55 . 2012-08-20 15:38 2048 ----a-w- c:\windows\SysWow64\user.exe 2012-10-10 19:54 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-10-10 19:54 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-10-10 19:53 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-10 19:53 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-10-10 19:53 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll 2012-10-10 19:53 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll 2012-10-10 19:53 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll 2012-10-10 19:53 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-10 19:53 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-10 19:53 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-10-10 19:53 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-10-10 19:53 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-10-08 12:33 . 2012-10-08 12:33 -------- d-----w- c:\programdata\GFI Software . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-29 23:58 . 2012-05-10 12:11 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-10-29 23:58 . 2010-12-03 12:38 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-10-11 13:49 . 2010-06-03 23:53 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-10-09 06:38 . 2012-06-22 08:20 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-09 06:38 . 2011-07-19 08:12 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-24 11:15 . 2012-09-22 14:26 17810944 ----a-w- c:\windows\system32\mshtml.dll 2012-08-24 10:39 . 2012-09-22 14:26 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-08-24 10:31 . 2012-09-22 14:26 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 10:22 . 2012-09-22 14:26 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-08-24 10:21 . 2012-09-22 14:26 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 10:20 . 2012-09-22 14:26 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 10:18 . 2012-09-22 14:26 237056 ----a-w- c:\windows\system32\url.dll 2012-08-24 10:17 . 2012-09-22 14:26 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-08-24 10:14 . 2012-09-22 14:26 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 10:14 . 2012-09-22 14:26 816640 ----a-w- c:\windows\system32\jscript.dll 2012-08-24 10:13 . 2012-09-22 14:26 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 10:12 . 2012-09-22 14:26 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-08-24 10:11 . 2012-09-22 14:26 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-08-24 10:10 . 2012-09-22 14:26 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-08-24 10:09 . 2012-09-22 14:26 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-24 10:04 . 2012-09-22 14:26 248320 ----a-w- c:\windows\system32\ieui.dll 2012-08-24 06:59 . 2012-09-22 14:26 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-08-24 06:51 . 2012-09-22 14:26 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-08-24 06:51 . 2012-09-22 14:26 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-08-24 06:47 . 2012-09-22 14:26 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-08-24 06:47 . 2012-09-22 14:26 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-08-24 06:43 . 2012-09-22 14:26 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-08-22 18:12 . 2012-09-12 11:35 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 18:12 . 2012-09-12 11:35 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-12 11:35 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-12 11:35 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 21:01 . 2012-09-26 10:10 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-08-21 02:01 . 2010-06-04 11:19 125872 ----a-w- c:\windows\system32\GEARAspi64.dll 2012-08-21 02:01 . 2010-06-04 11:19 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll 2012-08-20 17:38 . 2012-10-10 19:56 44032 ----a-w- c:\windows\apppatch\acwow64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Vid"="c:\program files (x86)\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080] "AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-02 252848] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312] . c:\users\Damo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ PMB Media Check Tool.lnk - c:\program files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-6-5 333088] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 LVUVC64;Logitech Webcam 120(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288] R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2008-05-01 23552] R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2008-05-01 18432] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-04 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2007-10-23 53488] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-06-13 503352] S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-06 191000] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312] S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-06 30232] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-04-13 45432] . . Contents of the 'Scheduled Tasks' folder . 2012-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 06:38] . 2012-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-07 23:28] . 2012-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-07 23:28] . 2012-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4206473431-1901331103-635293204-1000Core.job - c:\users\Damo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-17 10:54] . 2012-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4206473431-1901331103-635293204-1000UA.job - c:\users\Damo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-17 10:54] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-03 446392] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.ninemsn.com.au/ uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyServer = proxy.tas.gov.au:8080 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 10.1.1.1 FF - ProfilePath - c:\users\Damo\AppData\Roaming\Mozilla\Firefox\Profiles\lis43cba.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.igoogle.com FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q= FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) Wow6432Node-HKCU-Run-AdobeBridge - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\09\00\19\04;\16?" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-07 11:37:59 ComboFix-quarantined-files.txt 2012-11-07 00:37 ComboFix2.txt 2012-10-29 01:50 . Pre-Run: 578,970,832,896 bytes free Post-Run: 578,765,815,808 bytes free . - - End Of File - - E65CA9387E4CD9D7D0AF406544687E14 -
Another Google Redirect issue - repost
Tehkella replied to Tehkella's topic in Resolved Malware Removal Logs
RogueKiller V8.2.2 [11/03/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Damo [Admin rights] Mode : Scan -- Date : 11/06/2012 10:47:49 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤ [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (proxy.tas.gov.au:8080) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HD103UJ SCSI Disk Device +++++ --- User --- [MBR] cbc5efb889713f5252e7b2760d26ae46 [bSP] e2ca7023a011e17d37dfab3273a6374f : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[2]_S_11062012_02d1047.txt >> RKreport[1].txt ; RKreport[2]_S_11062012_02d1047.txt