TechSpot

Redirect (infection

Inactive
By mulo100
Jun 24, 2011
  1. Hello, I've a redirect problem with all my browsers.
    Just installed Kaspersky in trial mode, and it alerts me that my browsers try to redirect to

    update.php?v=2 Denied: http://dnupdates.cc/update.php?v=2 (analysis using the database of suspicious URLs) 24/06/2011 20:19:56

    Also google search is very problematic.
    How can I solve...? I wish I've not to format my system :-((...
     
  2. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. mulo100

    mulo100 TS Rookie Topic Starter

    MBAM log

    alwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Versione database: 6937

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    24/06/2011 14:18:31
    mbam-log-2011-06-24 (14-18-31).txt

    Tipo di scansione: Scansione completa (C:\|)
    Elementi esaminati: 356791
    Tempo impiegato: 27 minuti, 20 secondi

    Processi infetti in memoria: 0
    Moduli di memoria infetti: 0
    Chiavi di registro infette: 0
    Valori di registro infetti: 0
    Voci infette nei dati di registro: 0
    Cartelle infette: 0
    File infetti: 0

    Processi infetti in memoria:
    (Non sono stati rilevati elementi nocivi)

    Moduli di memoria infetti:
    (Non sono stati rilevati elementi nocivi)

    Chiavi di registro infette:
    (Non sono stati rilevati elementi nocivi)

    Valori di registro infetti:
    (Non sono stati rilevati elementi nocivi)

    Voci infette nei dati di registro:
    (Non sono stati rilevati elementi nocivi)

    Cartelle infette:
    (Non sono stati rilevati elementi nocivi)

    File infetti:
    (Non sono stati rilevati elementi nocivi)

    GMER has an empty log






    DDS (Ver_2011-06-23.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Administrator at 21:44:08 on 2011-06-24
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1040.18.4096.2252 [GMT 2:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\Installer\MSIDF5A.tmp
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
    C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Parallels\Parallels Tools\Services\coherence.exe
    C:\Program Files (x86)\Parallels\Parallels Tools\Services\coherence.exe
    C:\Program Files (x86)\Parallels\Parallels Tools\Services\prl_tools_service.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Parallels\Parallels Tools\Services\WOW\coherence.exe
    C:\Program Files (x86)\Parallels\Parallels Tools\Services\prl_tools.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files (x86)\Parallels\Parallels Tools\SIA\SharedIntApp.exe
    C:\Program Files (x86)\Parallels\Parallels Tools\prl_cc.exe
    C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtblfs.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    \\psf\Home\Desktop\iexr988v.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.it/
    mSearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    {555d4d79-4bd2-4094-a395-cfc534424a05}
    uRun: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
    uRun: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    mRun: [Parallels Shared Internet Applications] "C:\Program Files (x86)\Parallels\Parallels Tools\SIA\SharedIntApp.exe" /start
    mRun: [Parallels Tools Center] "C:\Program Files (x86)\Parallels\Parallels Tools\prl_cc.exe"
    mRun: [<NO NAME>]
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    uPolicies-explorer: NoSimpleNetIDList = 1 (0x1)
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: <NO NAME> =
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: I&nvia a OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
    DPF: {08FD87EF-2A15-11D1-AF00-00A0C91F4B89} - hxxp://cartogis.provincia.genova.it/cartogis/activeX/webplot.cab
    DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://mondoconvenienza3dvp.2020.net/Core/Player/2020PlayerAX_Win32.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 10.211.55.1
    TCP: Interfaces\{CC36D908-6019-4473-81E9-0CBE90E40919} : DhcpNameServer = 10.211.55.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
    IFEO: ltu.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
    IFEO: revit.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
    {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
    {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}
    {AE7CD045-E861-484f-8273-0445EE161910}
    {B4F3A835-0E21-4959-BA22-42B3008E02FF}
    {DBC80044-A445-435b-BC74-9C25C1C588A9}
    {E33CF602-D945-461A-83F0-819F76A199F8}
    {F4971EE7-DAA0-4053-9964-665D8EE6A077}
    {47833539-D0C5-4125-9FA8-0819E2EAAC93}
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    mRun-x64: [Parallels Shared Internet Applications] "C:\Program Files (x86)\Parallels\Parallels Tools\SIA\SharedIntApp.exe" /start
    mRun-x64: [Parallels Tools Center] "C:\Program Files (x86)\Parallels\Parallels Tools\prl_cc.exe"
    mRun-x64: [(Predefinito)]
    mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    IFEO-X64: ltu.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
    IFEO-X64: revit.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qc6i5wcn.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 prl_pv64;prl_pv64;C:\Windows\system32\DRIVERS\prl_pv64.sys --> C:\Windows\system32\DRIVERS\prl_pv64.sys [?]
    R0 prl_strg;Parallels paravirt disk filter;C:\Windows\system32\DRIVERS\prl_strg.sys --> C:\Windows\system32\DRIVERS\prl_strg.sys [?]
    R0 prl_tg;Parallels Tool Device;C:\Windows\system32\DRIVERS\prl_tg.sys --> C:\Windows\system32\DRIVERS\prl_tg.sys [?]
    R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
    R1 prl_fs;Parallels Shared Folders;C:\Windows\system32\DRIVERS\prl_fs.sys --> C:\Windows\system32\DRIVERS\prl_fs.sys [?]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 20992]
    R2 AntiVirScheduler;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-5-7 136360]
    R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-5-7 269480]
    R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-2-2 18656]
    R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
    R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [2011-4-24 202296]
    R2 HyperDeskCustomThemeEnabler;HyperDesk's Custom Theme Enabler;C:\Windows\Installer\MSIDF5A.tmp [2011-3-26 102400]
    R2 Parallels Coherence Service;Parallels Coherence Service;C:\Program Files (x86)\Parallels\Parallels Tools\Services\coherence.exe [2010-11-2 34632]
    R2 Parallels Tools Service;Parallels Tools Service;C:\Program Files (x86)\Parallels\Parallels Tools\Services\prl_tools_service.exe [2010-11-2 219976]
    R2 prl_memdev;Parallels Memdev Driver;\??\C:\Windows\system32\drivers\prl_memdev.sys --> C:\Windows\system32\drivers\prl_memdev.sys [?]
    R2 prl_time;Parallels Time Synchronization Helper;\??\C:\Windows\system32\drivers\prl_time.sys --> C:\Windows\system32\drivers\prl_time.sys [?]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-12-14 2019648]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    R3 prl_dd;Parallels Display Adapter (WDDM);C:\Windows\system32\DRIVERS\prl_kmdd.sys --> C:\Windows\system32\DRIVERS\prl_kmdd.sys [?]
    R3 prl_eth5;Parallels Ethernet Adapter;C:\Windows\system32\DRIVERS\prl_eth5.sys --> C:\Windows\system32\DRIVERS\prl_eth5.sys [?]
    R3 prl_mouf;Parallels Mouse Synchronization Device;C:\Windows\system32\DRIVERS\prl_mouf.sys --> C:\Windows\system32\DRIVERS\prl_mouf.sys [?]
    R3 prl_sound;Parallels Audio Controller;C:\Windows\system32\DRIVERS\prl_sound.sys --> C:\Windows\system32\DRIVERS\prl_sound.sys [?]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-7 11856]
    S1 prl_boot;prl_boot;C:\Windows\system32\Drivers\prl_boot.sys --> C:\Windows\system32\Drivers\prl_boot.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 AMDAC97;AMD AC'97 Audio Driver (WDM);C:\Windows\system32\drivers\AMDAC97.sys --> C:\Windows\system32\drivers\AMDAC97.sys [?]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-5-7 1431888]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== File Associations ===============
    .
    .scr=AutoCADScriptFile
    .
    =============== Created Last 30 ================
    .
    2011-06-24 11:33:43 -------- d-----w- C:\Users\Administrator\AppData\Local\VS Revo Group
    2011-06-24 11:33:34 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
    2011-06-24 11:33:33 -------- d-----w- C:\Program Files\VS Revo Group
    2011-06-24 11:28:50 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Malwarebytes
    2011-06-24 11:28:36 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-06-24 11:28:36 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-06-24 11:28:32 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-06-24 11:28:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-06-22 19:29:33 147856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
    2011-06-22 19:18:50 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-06-21 20:15:27 -------- d-----w- C:\Users\Administrator\AppData\Roaming\KW
    2011-06-21 20:13:20 -------- d-----w- C:\ProgramData\Kaspersky Lab
    2011-06-21 20:13:20 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
    2011-06-21 19:34:54 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
    2011-06-21 19:34:54 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
    2011-06-06 19:55:44 183696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2011-06-06 19:55:34 53656 ----a-w- C:\Windows\System32\AdobePDF.dll
    2011-06-06 19:55:32 24984 ----a-w- C:\Windows\System32\AdobePDFUI.dll
    .
    ==================== Find3M ====================
    .
    2011-06-20 17:49:19 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-05-28 03:06:58 3135488 ----a-w- C:\Windows\System32\win32k.sys
    2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
    2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
    2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
    2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
    2011-04-24 21:14:48 234896 ----a-w- C:\Windows\System32\klogon.dll
    2011-04-23 01:29:25 2303488 ----a-w- C:\Windows\System32\jscript9.dll
    2011-04-23 01:19:19 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-04-22 23:35:56 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-04-22 23:25:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    2011-04-09 07:02:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe
    2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
    2011-03-27 06:12:09 20486144 ----a-w- C:\Windows\System32\imageres.dll
    .
    ============= FINISH: 21:44:50,06 ===============


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 07/05/2010 20:55:21
    System Uptime: 24/06/2011 07:26:47 (14 hours ago)
    .
    Motherboard: Parallels Software International Inc. | | Parallels Virtual Platform
    Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz | CPU Socket #0 | 2800/466mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 64 GiB total, 14,568 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    V: is NetworkDisk (PrlSF) - 1 GiB total, 0 GiB free.
    W: is NetworkDisk (PrlSF) - 932 GiB total, 552,307 GiB free.
    X: is NetworkDisk (PrlSF) - 466 GiB total, 14,674 GiB free.
    Y: is NetworkDisk (PrlSF) - 931 GiB total, 328,878 GiB free.
    Z: is NetworkDisk (PrlSF) - 931 GiB total, 328,878 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: prl_boot
    Device ID: ROOT\LEGACY_PRL_BOOT\0000
    Manufacturer:
    Name: prl_boot
    PNP Device ID: ROOT\LEGACY_PRL_BOOT\0000
    Service: prl_boot
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Add-on per la Firma Digitale con Adobe Acrobat v.4.0.3
    Adobe Acrobat X Pro - English, Fran├žais, Deutsch
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Akamai NetSession Interface
    Avira AntiVir Personal - Free Antivirus
    BufferChm
    C4400
    eMule MorphXT 12.1
    Google Chrome
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)
    HPPhotoGadget
    InstallFont
    Java Auto Updater
    Java(TM) 6 Update 24
    JDownloader
    Kaspersky Anti-Virus 2012
    Malwarebytes' Anti-Malware versione 1.51.0.1200
    Microsoft Report Viewer Redistributable 2008 (KB971119)
    Microsoft Silverlight
    Microsoft Visual Basic PowerPacks 2.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
    Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
    Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
    Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
    Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)
    Microsoft Visual Studio Tools for Applications 2.0 - ENU
    Microsoft Visual Studio Tools for Applications 2.0 Runtime
    Mozilla Firefox 5.0 (x86 it)
    MSVC80_x86_v2
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Plugin Antirecaptcha
    PS_AIO_03_C4400_Software_Min
    Scan
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Suite Aster 4.2.6
    Tag&Rename 3.5.5
    TerMus-G v.14.00a
    Toolbox
    UnloadSupport
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    VirtualCloneDrive
    Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177
    Visual C++ 9.0 CRT (x86) WinSXS MSM
    WebReg
    Winamp
    Winamp Detector Plug-in
    Windows 7 USB/DVD Download Tool
    .
    ==== End Of File ===========================
     
  4. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    You're running two AV programs, Avira and Kaspersky.
    One of them has to go.
    Your choice.

    When done....

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.