Rosanne Posted April 26, 2012 ID:546158 Share Posted April 26, 2012 HI, another one!this is the Kaspersky report - 11:40:32.0107 0460 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:4311:40:33.0150 0460 ============================================================11:40:33.0151 0460 Current date / time: 2012/04/26 11:40:33.015011:40:33.0151 0460 SystemInfo:11:40:33.0151 0460 11:40:33.0151 0460 OS Version: 6.1.7600 ServicePack: 0.011:40:33.0151 0460 Product type: Workstation11:40:33.0151 0460 ComputerName: ROSANNE-PC11:40:33.0151 0460 UserName: rosanne11:40:33.0151 0460 Windows directory: C:\Windows11:40:33.0151 0460 System windows directory: C:\Windows11:40:33.0151 0460 Running under WOW6411:40:33.0151 0460 Processor architecture: Intel x6411:40:33.0152 0460 Number of processors: 111:40:33.0152 0460 Page size: 0x100011:40:33.0152 0460 Boot type: Normal boot11:40:33.0152 0460 ============================================================11:40:34.0608 0460 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004011:40:34.0652 0460 ============================================================11:40:34.0652 0460 \Device\Harddisk0\DR0:11:40:34.0652 0460 MBR partitions:11:40:34.0652 0460 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD11:40:34.0652 0460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x111E478411:40:34.0652 0460 ============================================================11:40:34.0774 0460 C: <-> \Device\Harddisk0\DR0\Partition111:40:34.0774 0460 ============================================================11:40:34.0774 0460 Initialize success11:40:34.0774 0460 ============================================================11:41:10.0080 3208 ============================================================11:41:10.0081 3208 Scan started11:41:10.0081 3208 Mode: Manual; SigCheck; TDLFS; 11:41:10.0081 3208 ============================================================11:41:10.0921 3208 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys11:41:12.0848 3208 1394ohci - ok11:41:12.0955 3208 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys11:41:13.0004 3208 ACPI - ok11:41:13.0046 3208 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys11:41:13.0205 3208 AcpiPmi - ok11:41:13.0518 3208 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys11:41:13.0625 3208 adp94xx - ok11:41:13.0681 3208 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys11:41:13.0733 3208 adpahci - ok11:41:13.0895 3208 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys11:41:13.0946 3208 adpu320 - ok11:41:14.0003 3208 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll11:41:14.0199 3208 AeLookupSvc - ok11:41:14.0282 3208 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys11:41:14.0390 3208 AFD - ok11:41:14.0442 3208 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys11:41:14.0476 3208 agp440 - ok11:41:14.0544 3208 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe11:41:14.0614 3208 ALG - ok11:41:14.0682 3208 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys11:41:14.0699 3208 aliide - ok11:41:14.0715 3208 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys11:41:14.0732 3208 amdide - ok11:41:14.0763 3208 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys11:41:14.0810 3208 AmdK8 - ok11:41:14.0836 3208 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys11:41:14.0859 3208 AmdPPM - ok11:41:14.0934 3208 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys11:41:14.0954 3208 amdsata - ok11:41:15.0000 3208 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys11:41:15.0029 3208 amdsbs - ok11:41:15.0049 3208 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys11:41:15.0068 3208 amdxata - ok11:41:15.0110 3208 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys11:41:15.0216 3208 AppID - ok11:41:15.0242 3208 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll11:41:15.0314 3208 AppIDSvc - ok11:41:15.0345 3208 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll11:41:15.0462 3208 Appinfo - ok11:41:15.0521 3208 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys11:41:15.0541 3208 arc - ok11:41:15.0567 3208 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys11:41:15.0587 3208 arcsas - ok11:41:15.0652 3208 aswFsBlk (5a68b880c16ad5a6aa20b49a47ffff24) C:\Windows\system32\drivers\aswFsBlk.sys11:41:15.0764 3208 aswFsBlk - ok11:41:15.0832 3208 aswMonFlt (230613be2d3da8053879be5ed2848f2d) C:\Windows\system32\drivers\aswMonFlt.sys11:41:15.0848 3208 aswMonFlt - ok11:41:15.0871 3208 aswRdr (0dc1996ae4178d7d14744ef6b3082313) C:\Windows\system32\drivers\aswRdr.sys11:41:15.0889 3208 aswRdr - ok11:41:15.0941 3208 aswSnx (b6ff911c23775cdfdd49612d92637af4) C:\Windows\system32\drivers\aswSnx.sys11:41:15.0985 3208 aswSnx - ok11:41:16.0058 3208 aswSP (5a590d8516376aed1829fc07d3bdaa4b) C:\Windows\system32\drivers\aswSP.sys11:41:16.0106 3208 aswSP - ok11:41:16.0122 3208 aswTdi (3239c0082fb0c1c4ee323730b85690a5) C:\Windows\system32\drivers\aswTdi.sys11:41:16.0140 3208 aswTdi - ok11:41:16.0170 3208 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys11:41:16.0237 3208 AsyncMac - ok11:41:16.0273 3208 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys11:41:16.0292 3208 atapi - ok11:41:16.0411 3208 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll11:41:16.0493 3208 AudioEndpointBuilder - ok11:41:16.0508 3208 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll11:41:16.0564 3208 AudioSrv - ok11:41:16.0700 3208 avast! Antivirus (c76769f246250edad34a5581419e9d60) C:\Program Files\AVAST Software\Avast\AvastSvc.exe11:41:16.0732 3208 avast! Antivirus - ok11:41:16.0788 3208 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll11:41:16.0919 3208 AxInstSV - ok11:41:16.0980 3208 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys11:41:17.0080 3208 b06bdrv - ok11:41:17.0137 3208 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys11:41:17.0190 3208 b57nd60a - ok11:41:17.0420 3208 BCM43XX (b44879610f2dc4a046b14befa3ae72de) C:\Windows\system32\DRIVERS\bcmwl664.sys11:41:17.0547 3208 BCM43XX - ok11:41:17.0650 3208 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll11:41:17.0800 3208 BDESVC - ok11:41:17.0865 3208 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys11:41:17.0921 3208 Beep - ok11:41:18.0059 3208 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll11:41:18.0193 3208 BFE - ok11:41:18.0358 3208 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll11:41:18.0488 3208 BITS - ok11:41:18.0632 3208 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys11:41:18.0682 3208 blbdrive - ok11:41:18.0762 3208 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys11:41:18.0866 3208 bowser - ok11:41:18.0907 3208 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys11:41:18.0964 3208 BrFiltLo - ok11:41:18.0979 3208 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys11:41:19.0018 3208 BrFiltUp - ok11:41:19.0058 3208 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll11:41:19.0163 3208 Browser - ok11:41:19.0211 3208 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys11:41:19.0315 3208 Brserid - ok11:41:19.0355 3208 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys11:41:19.0396 3208 BrSerWdm - ok11:41:19.0456 3208 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys11:41:19.0507 3208 BrUsbMdm - ok11:41:19.0539 3208 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys11:41:19.0580 3208 BrUsbSer - ok11:41:19.0627 3208 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys11:41:19.0690 3208 BTHMODEM - ok11:41:19.0750 3208 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll11:41:19.0821 3208 bthserv - ok11:41:19.0846 3208 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys11:41:19.0928 3208 cdfs - ok11:41:20.0045 3208 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys11:41:20.0180 3208 cdrom - ok11:41:20.0255 3208 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll11:41:20.0348 3208 CertPropSvc - ok11:41:20.0398 3208 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys11:41:20.0421 3208 circlass - ok11:41:20.0473 3208 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys11:41:20.0585 3208 CLFS - ok11:41:20.0732 3208 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe11:41:20.0753 3208 clr_optimization_v2.0.50727_32 - ok11:41:20.0829 3208 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe11:41:20.0847 3208 clr_optimization_v2.0.50727_64 - ok11:41:21.0065 3208 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe11:41:21.0176 3208 clr_optimization_v4.0.30319_32 - ok11:41:21.0330 3208 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe11:41:21.0377 3208 clr_optimization_v4.0.30319_64 - ok11:41:21.0423 3208 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys11:41:21.0476 3208 CmBatt - ok11:41:21.0517 3208 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys11:41:21.0536 3208 cmdide - ok11:41:21.0605 3208 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys11:41:21.0652 3208 CNG - ok11:41:21.0688 3208 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys11:41:21.0709 3208 Compbatt - ok11:41:21.0742 3208 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys11:41:21.0784 3208 CompositeBus - ok11:41:21.0805 3208 COMSysApp - ok11:41:21.0829 3208 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys11:41:21.0848 3208 crcdisk - ok11:41:21.0912 3208 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll11:41:22.0273 3208 CryptSvc - ok11:41:22.0639 3208 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE11:41:22.0686 3208 cvhsvc - ok11:41:22.0878 3208 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll11:41:22.0953 3208 DcomLaunch - ok11:41:23.0026 3208 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll11:41:23.0114 3208 defragsvc - ok11:41:23.0271 3208 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys11:41:23.0369 3208 DfsC - ok11:41:23.0448 3208 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll11:41:23.0644 3208 Dhcp - ok11:41:23.0683 3208 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys11:41:23.0783 3208 discache - ok11:41:23.0844 3208 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys11:41:23.0863 3208 Disk - ok11:41:23.0977 3208 DKbFltr (d5bcb77be83cf99f508943945d46343d) C:\Windows\SysWOW64\Drivers\DKbFltr.sys11:41:24.0025 3208 DKbFltr - ok11:41:24.0081 3208 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll11:41:24.0160 3208 Dnscache - ok11:41:24.0197 3208 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll11:41:24.0295 3208 dot3svc - ok11:41:24.0359 3208 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys11:41:24.0410 3208 Dot4 - ok11:41:24.0447 3208 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys11:41:24.0483 3208 Dot4Print - ok11:41:24.0516 3208 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys11:41:24.0541 3208 dot4usb - ok11:41:24.0568 3208 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll11:41:24.0656 3208 DPS - ok11:41:24.0704 3208 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys11:41:24.0737 3208 drmkaud - ok11:41:24.0851 3208 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys11:41:24.0905 3208 DXGKrnl - ok11:41:24.0950 3208 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll11:41:25.0016 3208 EapHost - ok11:41:25.0260 3208 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys11:41:25.0370 3208 ebdrv - ok11:41:25.0498 3208 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe11:41:25.0551 3208 EFS - ok11:41:25.0640 3208 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe11:41:25.0698 3208 ehRecvr - ok11:41:25.0735 3208 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe11:41:25.0829 3208 ehSched - ok11:41:25.0916 3208 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys11:41:25.0948 3208 elxstor - ok11:41:26.0079 3208 ePowerSvc (fb67aa8ac61b9365add546139a21bed6) C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe11:41:26.0121 3208 ePowerSvc - ok11:41:26.0210 3208 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys11:41:26.0262 3208 ErrDev - ok11:41:26.0328 3208 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll11:41:26.0414 3208 EventSystem - ok11:41:26.0454 3208 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys11:41:26.0533 3208 exfat - ok11:41:26.0564 3208 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys11:41:26.0637 3208 fastfat - ok11:41:26.0737 3208 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe11:41:26.0825 3208 Fax - ok11:41:26.0854 3208 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys11:41:26.0885 3208 fdc - ok11:41:26.0948 3208 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll11:41:27.0013 3208 fdPHost - ok11:41:27.0050 3208 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll11:41:27.0109 3208 FDResPub - ok11:41:27.0141 3208 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys11:41:27.0164 3208 FileInfo - ok11:41:27.0189 3208 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys11:41:27.0255 3208 Filetrace - ok11:41:27.0285 3208 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys11:41:27.0322 3208 flpydisk - ok11:41:27.0375 3208 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys11:41:27.0399 3208 FltMgr - ok11:41:27.0499 3208 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll11:41:27.0617 3208 FontCache - ok11:41:27.0688 3208 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe11:41:27.0705 3208 FontCache3.0.0.0 - ok11:41:27.0779 3208 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys11:41:27.0800 3208 FsDepends - ok11:41:27.0844 3208 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys11:41:27.0863 3208 Fs_Rec - ok11:41:27.0926 3208 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys11:41:27.0962 3208 fvevol - ok11:41:27.0987 3208 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys11:41:28.0012 3208 gagp30kx - ok11:41:28.0032 3208 GEARAspiWDM - ok11:41:28.0110 3208 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll11:41:28.0165 3208 gpsvc - ok11:41:28.0335 3208 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe11:41:28.0383 3208 Greg_Service - ok11:41:28.0493 3208 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe11:41:28.0516 3208 gupdate - ok11:41:28.0554 3208 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe11:41:28.0570 3208 gupdatem - ok11:41:28.0615 3208 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe11:41:28.0644 3208 gusvc - ok11:41:28.0769 3208 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys11:41:28.0837 3208 hcw85cir - ok11:41:28.0876 3208 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys11:41:28.0920 3208 HdAudAddService - ok11:41:28.0952 3208 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys11:41:28.0987 3208 HDAudBus - ok11:41:29.0025 3208 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys11:41:29.0064 3208 HidBatt - ok11:41:29.0098 3208 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys11:41:29.0147 3208 HidBth - ok11:41:29.0198 3208 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys11:41:29.0232 3208 HidIr - ok11:41:29.0281 3208 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll11:41:29.0330 3208 hidserv - ok11:41:29.0377 3208 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys11:41:29.0431 3208 HidUsb - ok11:41:29.0470 3208 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll11:41:29.0533 3208 hkmsvc - ok11:41:29.0572 3208 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll11:41:29.0647 3208 HomeGroupListener - ok11:41:29.0676 3208 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll11:41:29.0721 3208 HomeGroupProvider - ok11:41:29.0873 3208 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll11:41:29.0904 3208 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning11:41:29.0905 3208 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)11:41:29.0951 3208 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll11:41:29.0989 3208 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning11:41:29.0989 3208 hpqddsvc - detected UnsignedFile.Multi.Generic (1)11:41:30.0030 3208 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys11:41:30.0046 3208 HpSAMD - ok11:41:30.0128 3208 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys11:41:30.0203 3208 HTTP - ok11:41:30.0226 3208 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys11:41:30.0245 3208 hwpolicy - ok11:41:30.0271 3208 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys11:41:30.0295 3208 i8042prt - ok11:41:30.0362 3208 IAANTMON (660bf3255a1eb18ed803fd2fba6ae400) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe11:41:30.0386 3208 IAANTMON - ok11:41:30.0456 3208 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys11:41:30.0477 3208 iaStor - ok11:41:30.0548 3208 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys11:41:30.0586 3208 iaStorV - ok11:41:30.0711 3208 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe11:41:30.0750 3208 idsvc - ok11:41:31.0463 3208 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys11:41:31.0861 3208 igfx - ok11:41:32.0059 3208 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys11:41:32.0076 3208 iirsp - ok11:41:32.0276 3208 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll11:41:32.0393 3208 IKEEXT - ok11:41:32.0908 3208 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\Windows\system32\drivers\RTKVHD64.sys11:41:32.0988 3208 IntcAzAudAddService - ok11:41:33.0534 3208 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys11:41:33.0552 3208 intelide - ok11:41:33.0611 3208 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys11:41:33.0656 3208 intelppm - ok11:41:33.0707 3208 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll11:41:33.0769 3208 IPBusEnum - ok11:41:33.0803 3208 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys11:41:33.0865 3208 IpFilterDriver - ok11:41:34.0245 3208 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll11:41:34.0391 3208 iphlpsvc - ok11:41:34.0424 3208 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys11:41:34.0447 3208 IPMIDRV - ok11:41:34.0494 3208 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys11:41:34.0583 3208 IPNAT - ok11:41:34.0625 3208 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys11:41:34.0663 3208 IRENUM - ok11:41:34.0703 3208 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys11:41:34.0721 3208 isapnp - ok11:41:34.0756 3208 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys11:41:34.0824 3208 iScsiPrt - ok11:41:34.0862 3208 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys11:41:34.0887 3208 kbdclass - ok11:41:34.0919 3208 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys11:41:34.0949 3208 kbdhid - ok11:41:35.0016 3208 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe11:41:35.0036 3208 KeyIso - ok11:41:35.0093 3208 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys11:41:35.0120 3208 KSecDD - ok11:41:35.0303 3208 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys11:41:35.0335 3208 KSecPkg - ok11:41:35.0407 3208 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys11:41:35.0541 3208 ksthunk - ok11:41:37.0949 3208 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll11:41:38.0106 3208 KtmRm - ok11:41:38.0178 3208 L1C (2377ec4cc3e356655b996f39b43486b6) C:\Windows\system32\DRIVERS\L1C62x64.sys11:41:38.0249 3208 L1C - ok11:41:38.0297 3208 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll11:41:38.0458 3208 LanmanServer - ok11:41:38.0512 3208 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll11:41:38.0598 3208 LanmanWorkstation - ok11:41:38.0677 3208 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys11:41:38.0771 3208 lltdio - ok11:41:38.0818 3208 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll11:41:38.0922 3208 lltdsvc - ok11:41:38.0968 3208 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll11:41:39.0025 3208 lmhosts - ok11:41:39.0096 3208 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys11:41:39.0117 3208 LSI_FC - ok11:41:39.0155 3208 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys11:41:39.0183 3208 LSI_SAS - ok11:41:39.0224 3208 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys11:41:39.0243 3208 LSI_SAS2 - ok11:41:39.0280 3208 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys11:41:39.0302 3208 LSI_SCSI - ok11:41:39.0333 3208 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys11:41:39.0382 3208 luafv - ok11:41:39.0419 3208 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll11:41:39.0456 3208 Mcx2Svc - ok11:41:39.0505 3208 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys11:41:39.0520 3208 megasas - ok11:41:39.0551 3208 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys11:41:39.0612 3208 MegaSR - ok11:41:39.0646 3208 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll11:41:39.0714 3208 MMCSS - ok11:41:39.0735 3208 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys11:41:39.0792 3208 Modem - ok11:41:39.0816 3208 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys11:41:39.0851 3208 monitor - ok11:41:39.0873 3208 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys11:41:39.0891 3208 mouclass - ok11:41:39.0944 3208 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys11:41:39.0970 3208 mouhid - ok11:41:39.0993 3208 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys11:41:40.0019 3208 mountmgr - ok11:41:40.0051 3208 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys11:41:40.0073 3208 mpio - ok11:41:40.0105 3208 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys11:41:40.0197 3208 mpsdrv - ok11:41:40.0323 3208 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll11:41:40.0418 3208 MpsSvc - ok11:41:40.0462 3208 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys11:41:40.0493 3208 MRxDAV - ok11:41:40.0545 3208 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys11:41:40.0592 3208 mrxsmb - ok11:41:40.0634 3208 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys11:41:40.0681 3208 mrxsmb10 - ok11:41:40.0718 3208 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys11:41:40.0752 3208 mrxsmb20 - ok11:41:40.0783 3208 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys11:41:40.0808 3208 msahci - ok11:41:40.0838 3208 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys11:41:40.0879 3208 msdsm - ok11:41:40.0933 3208 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe11:41:40.0990 3208 MSDTC - ok11:41:41.0021 3208 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys11:41:41.0088 3208 Msfs - ok11:41:41.0159 3208 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys11:41:41.0216 3208 mshidkmdf - ok11:41:41.0240 3208 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys11:41:41.0258 3208 msisadrv - ok11:41:41.0295 3208 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll11:41:41.0385 3208 MSiSCSI - ok11:41:41.0395 3208 msiserver - ok11:41:41.0434 3208 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys11:41:41.0486 3208 MSKSSRV - ok11:41:41.0518 3208 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys11:41:41.0582 3208 MSPCLOCK - ok11:41:41.0601 3208 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys11:41:41.0647 3208 MSPQM - ok11:41:41.0679 3208 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys11:41:41.0718 3208 MsRPC - ok11:41:41.0748 3208 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys11:41:41.0767 3208 mssmbios - ok11:41:41.0788 3208 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys11:41:41.0838 3208 MSTEE - ok11:41:41.0852 3208 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys11:41:41.0890 3208 MTConfig - ok11:41:41.0933 3208 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys11:41:41.0954 3208 Mup - ok11:41:42.0016 3208 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll11:41:42.0097 3208 napagent - ok11:41:42.0158 3208 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys11:41:42.0209 3208 NativeWifiP - ok11:41:42.0291 3208 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys11:41:42.0334 3208 NDIS - ok11:41:42.0376 3208 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys11:41:42.0447 3208 NdisCap - ok11:41:42.0490 3208 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys11:41:42.0556 3208 NdisTapi - ok11:41:42.0587 3208 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys11:41:42.0640 3208 Ndisuio - ok11:41:42.0673 3208 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys11:41:42.0725 3208 NdisWan - ok11:41:42.0756 3208 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys11:41:42.0834 3208 NDProxy - ok11:41:42.0902 3208 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll11:41:42.0921 3208 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning11:41:42.0921 3208 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)11:41:42.0962 3208 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys11:41:43.0020 3208 NetBIOS - ok11:41:43.0054 3208 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys11:41:43.0131 3208 NetBT - ok11:41:43.0165 3208 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe11:41:43.0187 3208 Netlogon - ok11:41:43.0267 3208 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll11:41:43.0348 3208 Netman - ok11:41:43.0402 3208 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll11:41:43.0481 3208 netprofm - ok11:41:43.0573 3208 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe11:41This is the Combofix report - ComboFix 12-04-25.02 - rosanne 26/04/2012 12:53:00.3.1 - x64Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.954.320 [GMT 1:00]Running from: c:\users\rosanne\Downloads\ComboFix.exeAV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..---- Previous Run -------.C:\Install.exec:\program files (x86)\Common Files\emachines.ico..((((((((((((((((((((((((( Files Created from 2012-03-26 to 2012-04-26 )))))))))))))))))))))))))))))))..2012-04-26 12:01 . 2012-04-26 12:01 -------- d-----w- c:\users\Default\AppData\Local\temp2012-04-26 10:41 . 2012-04-26 10:41 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{87F1C745-13BC-4090-9234-3489B8F25BA6}\offreg.dll2012-04-26 10:25 . 2012-04-26 10:25 -------- d-----w- c:\programdata\boost_interprocess2012-04-25 11:20 . 2012-04-25 11:21 -------- d-----w- c:\users\rosanne\AppData\Local\jZip2012-04-25 11:20 . 2012-04-25 11:21 -------- d-----w- c:\program files (x86)\Searchqu Toolbar2012-04-25 11:20 . 2012-04-25 11:20 -------- d-----w- c:\program files (x86)\jZip2012-04-24 09:50 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{87F1C745-13BC-4090-9234-3489B8F25BA6}\mpengine.dll2012-04-12 22:57 . 2012-04-12 22:57 0 ----a-w- c:\windows\SysWow64\sho4F04.tmp2012-04-12 22:46 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys2012-04-12 22:46 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll2012-04-12 22:46 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll2012-04-12 22:46 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll2012-04-12 22:46 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll2012-04-12 22:46 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll2012-04-12 22:46 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-03-08 17:45 . 2012-03-08 17:45 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe2012-03-08 17:45 . 2012-03-08 17:45 161792 ----a-w- c:\windows\SysWow64\msls31.dll2012-03-08 17:45 . 2012-03-08 17:45 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll2012-03-08 17:45 . 2012-03-08 17:45 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe2012-03-08 17:45 . 2012-03-08 17:45 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll2012-03-08 17:45 . 2012-03-08 17:45 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll2012-03-08 17:45 . 2012-03-08 17:45 74752 ----a-w- c:\windows\SysWow64\iesetup.dll2012-03-08 17:45 . 2012-03-08 17:45 63488 ----a-w- c:\windows\SysWow64\tdc.ocx2012-03-08 17:45 . 2012-03-08 17:45 420864 ----a-w- c:\windows\SysWow64\vbscript.dll2012-03-08 17:45 . 2012-03-08 17:45 367104 ----a-w- c:\windows\SysWow64\html.iec2012-03-08 17:45 . 2012-03-08 17:45 35840 ----a-w- c:\windows\SysWow64\imgutil.dll2012-03-08 17:45 . 2012-03-08 17:45 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll2012-03-08 17:45 . 2012-03-08 17:45 152064 ----a-w- c:\windows\SysWow64\wextract.exe2012-03-08 17:45 . 2012-03-08 17:45 150528 ----a-w- c:\windows\SysWow64\iexpress.exe2012-03-08 17:45 . 2012-03-08 17:45 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe2012-03-08 17:45 . 2012-03-08 17:45 11776 ----a-w- c:\windows\SysWow64\mshta.exe2012-03-08 17:45 . 2012-03-08 17:45 101888 ----a-w- c:\windows\SysWow64\admparse.dll2012-03-08 17:45 . 2012-03-08 17:45 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2012-03-08 17:45 . 2012-03-08 17:45 222208 ----a-w- c:\windows\system32\msls31.dll2012-03-08 17:45 . 2012-03-08 17:45 173056 ----a-w- c:\windows\system32\ieUnatt.exe2012-03-08 17:45 . 2012-03-08 17:45 12288 ----a-w- c:\windows\system32\mshta.exe2012-03-08 17:45 . 2012-03-08 17:45 114176 ----a-w- c:\windows\system32\admparse.dll2012-03-08 17:45 . 2012-03-08 17:45 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2012-03-08 17:45 . 2012-03-08 17:45 85504 ----a-w- c:\windows\system32\iesetup.dll2012-03-08 17:45 . 2012-03-08 17:45 76800 ----a-w- c:\windows\system32\tdc.ocx2012-03-08 17:45 . 2012-03-08 17:45 603648 ----a-w- c:\windows\system32\vbscript.dll2012-03-08 17:45 . 2012-03-08 17:45 49664 ----a-w- c:\windows\system32\imgutil.dll2012-03-08 17:45 . 2012-03-08 17:45 48640 ----a-w- c:\windows\system32\mshtmler.dll2012-03-08 17:45 . 2012-03-08 17:45 448512 ----a-w- c:\windows\system32\html.iec2012-03-08 17:45 . 2012-03-08 17:45 30720 ----a-w- c:\windows\system32\licmgr10.dll2012-03-08 17:45 . 2012-03-08 17:45 165888 ----a-w- c:\windows\system32\iexpress.exe2012-03-08 17:45 . 2012-03-08 17:45 160256 ----a-w- c:\windows\system32\wextract.exe2012-03-08 17:45 . 2012-03-08 17:45 135168 ----a-w- c:\windows\system32\IEAdvpack.dll2012-03-08 17:45 . 2012-03-08 17:45 111616 ----a-w- c:\windows\system32\iesysprep.dll2012-02-23 09:18 . 2011-10-24 12:06 279656 ------w- c:\windows\system32\MpSigStub.exe2012-02-15 06:27 . 2012-03-14 11:11 1031680 ----a-w- c:\windows\system32\rdpcore.dll2012-02-15 05:44 . 2012-03-14 11:11 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll2012-02-15 04:47 . 2012-03-14 11:11 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys2012-02-15 04:46 . 2012-03-14 11:11 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys2012-02-10 06:18 . 2012-03-14 16:57 1541120 ----a-w- c:\windows\system32\DWrite.dll2012-02-10 06:17 . 2012-03-14 16:56 1837568 ----a-w- c:\windows\system32\d3d10warp.dll2012-02-10 06:17 . 2012-03-14 16:57 320512 ----a-w- c:\windows\system32\d3d10_1core.dll2012-02-10 06:17 . 2012-03-14 16:56 902656 ----a-w- c:\windows\system32\d2d1.dll2012-02-10 06:17 . 2012-03-14 16:56 197120 ----a-w- c:\windows\system32\d3d10_1.dll2012-02-10 05:41 . 2012-03-14 16:57 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll2012-02-10 05:41 . 2012-03-14 16:56 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll2012-02-10 05:41 . 2012-03-14 16:56 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll2012-02-10 05:41 . 2012-03-14 16:56 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll2012-02-10 05:41 . 2012-03-14 16:56 739840 ----a-w- c:\windows\SysWow64\d2d1.dll2012-02-04 23:39 . 2012-02-04 23:39 0 ----a-w- c:\windows\SysWow64\shoC20F.tmp2012-02-03 04:16 . 2012-03-14 16:57 3143168 ----a-w- c:\windows\system32\win32k.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-03 39408].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157128]"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=SUFIMkstMks5WjQtN0hHWDktQUY3SUUtTjI3UFctTw&inst=NzYtOTQ1NDg2Mzg4LVNUMTJPSSsxLUREVCswLUVVTEErMS1TVDEyQVBQKzE∏=94&ver=2012.0.1831&mid=d88b85d8284747d1a035a113f0fdc29c-695c596040b3b540245e656d9bc042f3c89eee26" [?].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=c:\progra~2\SEARCH~1\Datamngr\datamngr.dll c:\progra~2\SEARCH~1\Datamngr\IEBHO.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-14 135664]R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-14 135664]R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]S1 aswSnx;aswSnx; [x]S1 aswSP;aswSP; [x]S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]S2 aswFsBlk;aswFsBlk; [x]S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [2009-09-30 844320]S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.Contents of the 'Scheduled Tasks' folder.2012-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-14 17:01].2012-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-14 17:01].2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2456797310-3782677554-3662687650-1002Core.job- c:\users\rosanne\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-16 17:03].2012-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2456797310-3782677554-3662687650-1002UA.job- c:\users\rosanne\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-16 17:03]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2011-09-06 20:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]"Acer ePower Management"="c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2009-09-30 823840]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"LoadAppInit_DLLs"=0x1"AppInit_DLLs"=c:\progra~2\SEARCH~1\Datamngr\x64\datamngr.dll c:\progra~2\SEARCH~1\Datamngr\x64\IEBHO.dll.------- Supplementary Scan -------.uStart Page = hxxp://www.searchnu.com/102uLocal Page = c:\windows\system32\blank.htmmStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&m=e525&r=273608100615l0474z135r44424237mLocal Page = c:\windows\SysWOW64\blank.htmIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.1.1.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Toolbar-10 - (no file)Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exeToolbar-Locked - (no file)Toolbar-10 - (no file)HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exeAddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exeAddRemove-Yahoo! Toolbar - c:\progra~2\Yahoo!\Common\UNYT_W~1.EXE...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files\AVAST Software\Avast\AvastSvc.exec:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exec:\program files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe.**************************************************************************.Completion time: 2012-04-26 13:12:29 - machine was rebootedComboFix-quarantined-files.txt 2012-04-26 12:12.Pre-Run: 102,850,105,344 bytes freePost-Run: 102,476,615,680 bytes free.- - End Of File - - CDF3376C4CBB6B4718CAFA09B85B2769searchnu no longer opens new browser pages, am i all ok again?Thanks,, Link to post Share on other sites More sharing options...
Maniac Posted April 26, 2012 ID:546251 Share Posted April 26, 2012 Hello Rosanne and ! My name is Maniac and I will be glad to help you solve your malware problem.Please note:If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Download OTL to your DesktopDouble click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic. Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 1, 2012 ID:547868 Share Posted May 1, 2012 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts