Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

searchqu removal help


  • This topic is locked This topic is locked
9 replies to this topic

#1 stefano27

stefano27

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 PM

Posted 11 August 2011 - 04:51 AM

Hello,
I need an help removing searchqu infection from my win7 x64 laptop.
It seems that this is affecting searches made with Google Chrome (my primarly browser) but not Internet Explorer.
Please see DDS output below

thanks in advance
stefano

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Stefano at 11:33:53 on 2011-08-11
Microsoft Windows 7 Professional 6.1.7600.0.1252.39.1040.18.4061.2138 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe
C:\Program Files (x86)\Windows jZip Toolbar\Datamngr\datamngrUI.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Windows\Samsung\PanelMgr\caller64.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.jzip.com/
uDefault_Page_URL = hxxp://asus.msn.com
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: jZip Toolbar: {1e48c56f-08cd-43aa-a6ef-c1ec891551ab} - C:\PROGRA~2\WIF0E7~1\Datamngr\ToolBar\jzipdtx.dll
BHO: UrlHelper Class: {41c4aa37-1ddd-4345-b8dc-734e4b38414d} - C:\PROGRA~2\WIF0E7~1\Datamngr\IEBHO.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - C:\ProgramData\Partner\Partner.dll
BHO: Guida per l'accesso a Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: jZip Toolbar: {1e48c56f-08cd-43aa-a6ef-c1ec891551ab} - C:\PROGRA~2\WIF0E7~1\Datamngr\ToolBar\jzipdtx.dll
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
mRun: [CLX3180_Scan2Pc] C:\Windows\Twain_32\Samsung\CLX3180\Scan2pc.exe
mRun: [3180 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe"
mRun: [DATAMNGR] C:\PROGRA~2\WIF0E7~1\Datamngr\DATAMN~1.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&sporta in Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{2B01D53E-EFA7-417B-ADCB-3727DB3E48CB} : DhcpNameServer = 208.67.222.222 208.67.220.220
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
AppInit_DLLs: C:\PROGRA~2\WIF0E7~1\Datamngr\datamngr.dll C:\PROGRA~2\WIF0E7~1\Datamngr\IEBHO.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{1e48c56f-08cd-43aa-a6ef-c1ec891551ab}
{41C4AA37-1DDD-4345-B8DC-734E4B38414D}
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AA58ED58-01DD-4d91-8333-CF10577473F7}
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
{21FA44EF-376D-4D53-9B0F-8A89D3229068}
{1e48c56f-08cd-43aa-a6ef-c1ec891551ab}
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
mRun-x64: [CLX3180_Scan2Pc] C:\Windows\Twain_32\Samsung\CLX3180\Scan2pc.exe
mRun-x64: [3180 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe"
mRun-x64: [DATAMNGR] C:\PROGRA~2\WIF0E7~1\Datamngr\DATAMN~1.EXE
AppInit_DLLs-X64: C:\PROGRA~2\WIF0E7~1\Datamngr\datamngr.dll C:\PROGRA~2\WIF0E7~1\Datamngr\IEBHO.dll
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
============= SERVICES / DRIVERS ===============
.
R0 lullaby;lullaby;C:\Windows\system32\DRIVERS\lullaby.sys --> C:\Windows\system32\DRIVERS\lullaby.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 AntiVirMailService;Avira AntiVir MailGuard;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-7-28 339624]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-7-28 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-7-28 269480]
R2 AntiVirWebService;Avira AntiVir WebGuard;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2011-7-28 421032]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2010-10-28 14904]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 Samsung Network Fax Server;Samsung Network Fax Server;C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe [2011-8-1 216576]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2011-8-1 11576]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-28 135664]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 gupdatem;Servizio Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-28 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2010-10-28 332272]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 StorSvc;Servizio di archiviazione;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-08-10 10:35:31 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-08-10 10:35:21 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-08-10 10:35:19 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-08-10 10:35:18 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-08-07 05:41:00 -------- d-----w- C:\ProgramData\boost_interprocess
2011-08-05 13:39:04 -------- d-----w- C:\Program Files (x86)\Windows jZip Toolbar
2011-08-01 04:38:39 474624 ----a-w- C:\Windows\prinst.exe
2011-08-01 04:38:19 229888 ----a-r- C:\Windows\System32\NetFaxPort64.dll
2011-08-01 04:38:06 81920 ----a-w- C:\Windows\SysWow64\ssdevm.dll
2011-08-01 04:36:59 77312 ----a-w- C:\Windows\SysWow64\LTTLB13n.dll
2011-08-01 04:35:30 -------- d-----w- C:\Program Files (x86)\Readiris10
2011-08-01 04:35:18 -------- d-----w- C:\Program Files (x86)\SmarThru 4
2011-08-01 04:33:01 138776 ----a-r- C:\Windows\SysWow64\TWAINDSM.dll
2011-08-01 04:32:54 -------- d-----w- C:\Program Files\Scan Assistant
2011-08-01 04:32:42 -------- d-----w- C:\Users\Stefano\AppData\Local\S2PC
2011-08-01 04:32:21 490600 ----a-w- C:\Windows\ssndii.exe
2011-08-01 04:32:19 -------- d-----w- C:\Program Files (x86)\SamsungPrinterLiveUpdate
2011-08-01 04:32:18 -------- d-----w- C:\Windows\Samsung
2011-08-01 04:32:16 113768 ----a-w- C:\Windows\Wiainst.exe
2011-08-01 04:31:52 33792 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\sst2cpc.dll
2011-08-01 04:31:30 27648 ----a-w- C:\Windows\System32\sst2cl6.dll
2011-08-01 04:31:05 89600 ----a-w- C:\Windows\System32\sst2cci.dll
2011-08-01 04:31:05 151552 ----a-w- C:\Windows\System32\sst2cci.exe
2011-08-01 04:30:34 74240 ----a-w- C:\Windows\System32\ssdevm64.dll
2011-08-01 04:30:28 44544 ----a-w- C:\Windows\SysWow64\msxml4a.dll
2011-08-01 04:30:24 38160 ----a-w- C:\Windows\SysWow64\msxml2r.dll
2011-08-01 04:30:24 21776 ----a-w- C:\Windows\SysWow64\msxml2a.dll
2011-08-01 04:30:23 701440 ----a-w- C:\Windows\SysWow64\msxml2.dll
2011-08-01 04:29:06 49152 ----a-w- C:\Windows\SysWow64\Ssusbpn.dll
2011-08-01 04:29:06 43520 ----a-w- C:\Windows\System32\Ssusbp64.dll
2011-08-01 04:28:58 98816 ----a-w- C:\Windows\System32\SaSegFlt.dll
2011-08-01 04:28:58 55808 ----a-w- C:\Windows\System32\SaErHdlr.dll
2011-08-01 04:28:58 333312 ----a-w- C:\Windows\System32\SaMinDrv.dll
2011-08-01 04:28:58 129536 ----a-w- C:\Windows\System32\SaImgFlt.dll
2011-08-01 04:26:52 -------- d-----w- C:\Program Files (x86)\Samsung
2011-08-01 04:20:36 11576 ------w- C:\Windows\SysWow64\drivers\SSPORT.SYS
2011-07-29 10:12:24 -------- d-----w- C:\Users\Stefano\AppData\Local\Diagnostics
2011-07-29 09:11:46 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-07-29 09:11:46 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-07-29 09:11:46 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-07-29 09:11:45 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-07-29 09:11:45 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-07-29 09:11:45 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-07-29 09:11:45 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-07-29 09:04:25 2566144 ----a-w- C:\Windows\System32\esent.dll
2011-07-29 09:04:25 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-07-29 09:04:24 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-07-29 09:04:24 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-07-29 09:04:24 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
2011-07-29 09:04:24 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-07-29 09:04:24 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-07-29 09:04:24 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-07-29 09:04:23 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-07-29 09:04:23 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-07-29 09:04:23 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-07-29 08:53:59 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2011-07-29 08:51:23 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-07-29 08:50:41 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2011-07-29 08:50:29 -------- d-----w- C:\Users\Stefano\AppData\Local\Microsoft Help
2011-07-29 08:48:06 -------- d-----w- C:\ProgramData\ASUS
2011-07-29 08:48:04 -------- d-----w- C:\Users\Stefano\AppData\Local\ASUS
2011-07-29 08:38:56 -------- d-----w- C:\Windows\System32\appmgmt
2011-07-29 08:36:26 -------- d-----w- C:\Users\Stefano\AppData\Local\Adobe
2011-07-29 08:28:23 64624 ----a-w- C:\Windows\System32\drivers\vmci.sys
2011-07-29 08:28:21 76400 ----a-w- C:\Windows\System32\drivers\vmx86.sys
2011-07-29 08:28:21 38512 ----a-w- C:\Windows\System32\drivers\hcmon.sys
2011-07-29 08:27:58 53296 ----a-w- C:\Windows\System32\vnetinst.dll
2011-07-29 08:27:58 20016 ----a-w- C:\Windows\System32\drivers\vmnetadapter.sys
2011-07-29 08:27:54 326256 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe
2011-07-29 08:27:50 399984 ----a-w- C:\Windows\SysWow64\vmnat.exe
2011-07-29 08:27:50 30320 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys
2011-07-29 08:27:49 56368 ----a-r- C:\Windows\System32\vmnetbridge.dll
2011-07-29 08:27:49 38960 ----a-r- C:\Windows\System32\drivers\vmnetbridge.sys
2011-07-29 08:27:49 24112 ----a-r- C:\Windows\System32\drivers\vmnet.sys
2011-07-29 08:27:47 920176 ----a-w- C:\Windows\System32\vnetlib64.dll
2011-07-29 08:27:26 29808 ----a-w- C:\Windows\System32\drivers\VMkbd.sys
2011-07-29 08:27:25 37680 ----a-w- C:\Windows\System32\drivers\vmusb.sys
2011-07-29 08:26:25 -------- d-----w- C:\Program Files (x86)\VMware
2011-07-29 07:25:49 -------- d-----w- C:\Users\Stefano\AppData\Local\Thunderbird
2011-07-29 06:04:57 -------- d-----w- C:\Program Files (x86)\MozBackup
2011-07-28 16:26:22 -------- d-----r- C:\Program Files (x86)\Skype
2011-07-28 16:18:48 -------- d-----w- C:\Users\Stefano\AppData\Roaming\Avira
2011-07-28 16:14:54 98120 ----a-w- C:\Windows\System32\drivers\avfwim.sys
2011-07-28 16:14:54 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2011-07-28 16:14:54 126792 ----a-w- C:\Windows\System32\drivers\avfwot.sys
2011-07-28 16:14:54 -------- d-----w- C:\ProgramData\Avira
2011-07-28 16:14:54 -------- d-----w- C:\Program Files (x86)\Avira
2011-07-28 14:32:11 -------- d-----w- C:\Windows\SysWow64\Wat
2011-07-28 14:32:11 -------- d-----w- C:\Windows\System32\Wat
2011-07-28 13:59:51 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-07-28 13:59:51 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-07-28 13:43:23 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2011-07-28 13:42:54 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-07-28 13:40:25 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-07-28 13:40:22 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-07-28 13:40:22 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-07-28 05:56:54 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-07-28 05:56:54 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-07-28 05:56:54 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-07-28 05:56:54 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-07-28 05:56:54 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-07-28 05:56:54 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-07-28 05:56:54 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-07-28 05:56:54 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-07-28 05:56:54 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-07-28 05:56:54 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-07-28 05:56:45 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2011-07-28 05:53:48 148992 ----a-w- C:\Windows\System32\t2embed.dll
2011-07-28 05:53:48 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2011-07-28 05:53:09 395776 ----a-w- C:\Windows\System32\webio.dll
2011-07-28 05:53:09 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2011-07-28 05:53:08 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
2011-07-28 05:53:08 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe
2011-07-28 05:53:08 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll
2011-07-28 05:53:05 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-07-28 05:53:05 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-07-28 05:51:58 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-07-28 05:44:19 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2011-07-28 05:44:19 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2011-07-28 05:35:45 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-07-28 05:35:45 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-07-28 05:35:43 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-07-28 05:35:43 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-07-28 05:35:43 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-07-28 05:35:43 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-07-28 05:35:43 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-07-28 05:33:25 3134464 ----a-w- C:\Windows\System32\win32k.sys
2011-07-28 05:30:03 3138048 ----a-w- C:\Windows\System32\mstscax.dll
2011-07-28 05:30:02 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll
2011-07-28 05:30:02 1097216 ----a-w- C:\Windows\System32\mstsc.exe
2011-07-28 05:30:02 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe
2011-07-28 05:28:34 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2011-07-28 05:28:34 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2011-07-28 05:28:34 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2011-07-28 05:28:33 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2011-07-28 05:27:14 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-07-28 05:27:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-07-28 05:23:25 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-07-28 05:23:24 112000 ----a-w- C:\Windows\System32\consent.exe
2011-07-28 05:23:22 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-07-28 05:22:31 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2011-07-28 05:22:31 720896 ----a-w- C:\Windows\System32\odbc32.dll
2011-07-28 05:22:31 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
2011-07-28 05:22:31 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2011-07-28 05:22:31 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2011-07-28 05:22:31 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2011-07-28 05:22:31 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2011-07-28 05:22:30 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2011-07-28 05:22:30 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2011-07-28 05:22:30 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2011-07-28 05:21:33 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2011-07-28 05:21:33 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2011-07-27 15:29:05 -------- d-----w- C:\Users\Stefano\AppData\Local\Google
2011-07-27 15:26:39 -------- d-----w- C:\Users\Stefano\AppData\Roaming\Asus WebStorage
2011-07-27 15:26:23 -------- d-----w- C:\Users\Stefano\AppData\Local\SRS Labs
2011-07-27 15:24:49 61792 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2011-07-27 15:23:34 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2011-07-27 15:23:34 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2011-07-27 15:23:27 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-07-27 15:22:39 -------- d-----w- C:\Program Files (x86)\Microsoft
2011-07-27 15:22:18 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
2011-07-27 15:21:39 -------- d-----w- C:\Windows\PCHEALTH
2011-07-27 15:21:31 4865408 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\dd31bce31cc4c70\Silverlight.2.0.exe
2011-07-27 15:21:16 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d41eb4661cc4c70\DSETUP.dll
2011-07-27 15:21:16 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d41eb4661cc4c70\DXSETUP.exe
2011-07-27 15:21:16 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d41eb4661cc4c70\dsetup32.dll
2011-07-27 15:20:35 144137544 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlcD173.tmp
2011-07-27 15:20:29 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-07-27 15:18:32 -------- d-sh--we C:\Programmi
2011-07-27 15:18:32 -------- d-sh--we C:\ProgramData\Preferiti
2011-07-27 15:18:32 -------- d-sh--we C:\ProgramData\Modelli
2011-07-27 15:18:32 -------- d-sh--we C:\ProgramData\Menu Avvio
2011-07-27 15:18:32 -------- d-sh--we C:\ProgramData\Documenti
2011-07-27 15:18:32 -------- d-sh--we C:\ProgramData\Dati applicazioni
2011-07-27 15:18:32 -------- d-sh--we C:\Program Files\File comuni
.
==================== Find3M ====================
.
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 05:17:46 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:26:12 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:26:11 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:21:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:44:55 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-15 09:58:31 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-06-15 09:58:31 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2011-06-15 09:04:46 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-06-15 09:04:46 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-06-15 09:04:46 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-06-15 09:04:46 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2011-06-15 09:04:46 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2009-04-08 17:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll
.
============= FINISH: 11:34:44,01 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:01 PM

Posted 11 August 2011 - 07:48 AM

Hi,

Please uninstall the Windows jZip Toolbar as this one is responsible for searchqu.
Make sure your Internet Explorer is closed when you uninstall.

Then reboot! Important.

After reboot, open Internet Explorer and choose another startpage (for example Google).

Let me know if that fixed your issue.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 stefano27

stefano27
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 PM

Posted 11 August 2011 - 08:46 AM

Hi
first of all, thank you for your reply.

I uninstalled Windows jZip Toolbar, reboot and then changed the home page for both IE and Chrome to www.google.it, cleaned browser cache, but the issue is still here.
When I wrote something in the location box, I get the result from searchqu.com

I re-ran DDS.scr, and jZip seems to be still present in the registry even if I have no C:\PROGRA~2\WIF0E7~1\Datamngr\ToolBar\jzipdtx.dll (not even the C:\PROGRA~2\WIF0E7~1 folder).

Here is the new DDS report.

thank you for your help
stefano

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Stefano at 15:27:13 on 2011-08-11
Microsoft Windows 7 Professional 6.1.7600.0.1252.39.1040.18.4061.2573 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\Samsung\PanelMgr\caller64.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.it/
uDefault_Page_URL = hxxp://asus.msn.com
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: jZip Toolbar: {1e48c56f-08cd-43aa-a6ef-c1ec891551ab} - C:\PROGRA~2\WIF0E7~1\Datamngr\ToolBar\jzipdtx.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - C:\ProgramData\Partner\Partner.dll
BHO: Guida per l'accesso a Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: jZip Toolbar: {1e48c56f-08cd-43aa-a6ef-c1ec891551ab} - C:\PROGRA~2\WIF0E7~1\Datamngr\ToolBar\jzipdtx.dll
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
mRun: [CLX3180_Scan2Pc] C:\Windows\Twain_32\Samsung\CLX3180\Scan2pc.exe
mRun: [3180 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&sporta in Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{2B01D53E-EFA7-417B-ADCB-3727DB3E48CB} : DhcpNameServer = 208.67.222.222 208.67.220.220
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
AppInit_DLLs:
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{1e48c56f-08cd-43aa-a6ef-c1ec891551ab}
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AA58ED58-01DD-4d91-8333-CF10577473F7}
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
{21FA44EF-376D-4D53-9B0F-8A89D3229068}
{1e48c56f-08cd-43aa-a6ef-c1ec891551ab}
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
mRun-x64: [CLX3180_Scan2Pc] C:\Windows\Twain_32\Samsung\CLX3180\Scan2pc.exe
mRun-x64: [3180 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe"
AppInit_DLLs-X64:
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
============= SERVICES / DRIVERS ===============
.
R0 lullaby;lullaby;C:\Windows\system32\DRIVERS\lullaby.sys --> C:\Windows\system32\DRIVERS\lullaby.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 AntiVirMailService;Avira AntiVir MailGuard;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-7-28 339624]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-7-28 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-7-28 269480]
R2 AntiVirWebService;Avira AntiVir WebGuard;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2011-7-28 421032]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2010-10-28 14904]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 Samsung Network Fax Server;Samsung Network Fax Server;C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe [2011-8-1 216576]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2011-8-1 11576]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-28 135664]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 gupdatem;Servizio Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-28 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2010-10-28 332272]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 StorSvc;Servizio di archiviazione;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-08-11 13:23:58 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2011-08-10 10:35:31 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-08-10 10:35:21 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-08-10 10:35:19 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-08-10 10:35:18 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-08-07 05:41:00 -------- d-----w- C:\ProgramData\boost_interprocess
2011-08-01 04:38:39 474624 ----a-w- C:\Windows\prinst.exe
2011-08-01 04:38:19 229888 ----a-r- C:\Windows\System32\NetFaxPort64.dll
2011-08-01 04:38:06 81920 ----a-w- C:\Windows\SysWow64\ssdevm.dll
2011-08-01 04:36:59 77312 ----a-w- C:\Windows\SysWow64\LTTLB13n.dll
2011-08-01 04:35:30 -------- d-----w- C:\Program Files (x86)\Readiris10
2011-08-01 04:35:18 -------- d-----w- C:\Program Files (x86)\SmarThru 4
2011-08-01 04:33:01 138776 ----a-r- C:\Windows\SysWow64\TWAINDSM.dll
2011-08-01 04:32:54 -------- d-----w- C:\Program Files\Scan Assistant
2011-08-01 04:32:42 -------- d-----w- C:\Users\Stefano\AppData\Local\S2PC
2011-08-01 04:32:21 490600 ----a-w- C:\Windows\ssndii.exe
2011-08-01 04:32:19 -------- d-----w- C:\Program Files (x86)\SamsungPrinterLiveUpdate
2011-08-01 04:32:18 -------- d-----w- C:\Windows\Samsung
2011-08-01 04:32:16 113768 ----a-w- C:\Windows\Wiainst.exe
2011-08-01 04:31:52 33792 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\sst2cpc.dll
2011-08-01 04:31:30 27648 ----a-w- C:\Windows\System32\sst2cl6.dll
2011-08-01 04:31:05 89600 ----a-w- C:\Windows\System32\sst2cci.dll
2011-08-01 04:31:05 151552 ----a-w- C:\Windows\System32\sst2cci.exe
2011-08-01 04:30:34 74240 ----a-w- C:\Windows\System32\ssdevm64.dll
2011-08-01 04:30:28 44544 ----a-w- C:\Windows\SysWow64\msxml4a.dll
2011-08-01 04:30:24 38160 ----a-w- C:\Windows\SysWow64\msxml2r.dll
2011-08-01 04:30:24 21776 ----a-w- C:\Windows\SysWow64\msxml2a.dll
2011-08-01 04:30:23 701440 ----a-w- C:\Windows\SysWow64\msxml2.dll
2011-08-01 04:29:06 49152 ----a-w- C:\Windows\SysWow64\Ssusbpn.dll
2011-08-01 04:29:06 43520 ----a-w- C:\Windows\System32\Ssusbp64.dll
2011-08-01 04:28:58 98816 ----a-w- C:\Windows\System32\SaSegFlt.dll
2011-08-01 04:28:58 55808 ----a-w- C:\Windows\System32\SaErHdlr.dll
2011-08-01 04:28:58 333312 ----a-w- C:\Windows\System32\SaMinDrv.dll
2011-08-01 04:28:58 129536 ----a-w- C:\Windows\System32\SaImgFlt.dll
2011-08-01 04:26:52 -------- d-----w- C:\Program Files (x86)\Samsung
2011-08-01 04:20:36 11576 ------w- C:\Windows\SysWow64\drivers\SSPORT.SYS
2011-07-29 10:12:24 -------- d-----w- C:\Users\Stefano\AppData\Local\Diagnostics
2011-07-29 09:11:46 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-07-29 09:11:46 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-07-29 09:11:46 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-07-29 09:11:45 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-07-29 09:11:45 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-07-29 09:11:45 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-07-29 09:11:45 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-07-29 09:04:25 2566144 ----a-w- C:\Windows\System32\esent.dll
2011-07-29 09:04:25 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-07-29 09:04:24 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-07-29 09:04:24 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-07-29 09:04:24 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
2011-07-29 09:04:24 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-07-29 09:04:24 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-07-29 09:04:24 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-07-29 09:04:23 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-07-29 09:04:23 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-07-29 09:04:23 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-07-29 08:53:59 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2011-07-29 08:51:23 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-07-29 08:50:41 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2011-07-29 08:50:29 -------- d-----w- C:\Users\Stefano\AppData\Local\Microsoft Help
2011-07-29 08:48:06 -------- d-----w- C:\ProgramData\ASUS
2011-07-29 08:48:04 -------- d-----w- C:\Users\Stefano\AppData\Local\ASUS
2011-07-29 08:38:56 -------- d-----w- C:\Windows\System32\appmgmt
2011-07-29 08:36:26 -------- d-----w- C:\Users\Stefano\AppData\Local\Adobe
2011-07-29 08:28:23 64624 ----a-w- C:\Windows\System32\drivers\vmci.sys
2011-07-29 08:28:21 76400 ----a-w- C:\Windows\System32\drivers\vmx86.sys
2011-07-29 08:28:21 38512 ----a-w- C:\Windows\System32\drivers\hcmon.sys
2011-07-29 08:27:58 53296 ----a-w- C:\Windows\System32\vnetinst.dll
2011-07-29 08:27:58 20016 ----a-w- C:\Windows\System32\drivers\vmnetadapter.sys
2011-07-29 08:27:54 326256 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe
2011-07-29 08:27:50 399984 ----a-w- C:\Windows\SysWow64\vmnat.exe
2011-07-29 08:27:50 30320 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys
2011-07-29 08:27:49 56368 ----a-r- C:\Windows\System32\vmnetbridge.dll
2011-07-29 08:27:49 38960 ----a-r- C:\Windows\System32\drivers\vmnetbridge.sys
2011-07-29 08:27:49 24112 ----a-r- C:\Windows\System32\drivers\vmnet.sys
2011-07-29 08:27:47 920176 ----a-w- C:\Windows\System32\vnetlib64.dll
2011-07-29 08:27:26 29808 ----a-w- C:\Windows\System32\drivers\VMkbd.sys
2011-07-29 08:27:25 37680 ----a-w- C:\Windows\System32\drivers\vmusb.sys
2011-07-29 08:26:25 -------- d-----w- C:\Program Files (x86)\VMware
2011-07-29 07:25:49 -------- d-----w- C:\Users\Stefano\AppData\Local\Thunderbird
2011-07-29 06:04:57 -------- d-----w- C:\Program Files (x86)\MozBackup
2011-07-28 16:26:22 -------- d-----r- C:\Program Files (x86)\Skype
2011-07-28 16:18:48 -------- d-----w- C:\Users\Stefano\AppData\Roaming\Avira
2011-07-28 16:14:54 98120 ----a-w- C:\Windows\System32\drivers\avfwim.sys
2011-07-28 16:14:54 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2011-07-28 16:14:54 126792 ----a-w- C:\Windows\System32\drivers\avfwot.sys
2011-07-28 16:14:54 -------- d-----w- C:\ProgramData\Avira
2011-07-28 16:14:54 -------- d-----w- C:\Program Files (x86)\Avira
2011-07-28 14:32:11 -------- d-----w- C:\Windows\SysWow64\Wat
2011-07-28 14:32:11 -------- d-----w- C:\Windows\System32\Wat
2011-07-28 13:59:51 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-07-28 13:59:51 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-07-28 13:43:23 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2011-07-28 13:42:54 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-07-28 13:40:25 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-07-28 13:40:22 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-07-28 13:40:22 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-07-28 05:56:54 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-07-28 05:56:54 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-07-28 05:56:54 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-07-28 05:56:54 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-07-28 05:56:54 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-07-28 05:56:54 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-07-28 05:56:54 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-07-28 05:56:54 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-07-28 05:56:54 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-07-28 05:56:54 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-07-28 05:56:45 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2011-07-28 05:53:48 148992 ----a-w- C:\Windows\System32\t2embed.dll
2011-07-28 05:53:48 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2011-07-28 05:53:09 395776 ----a-w- C:\Windows\System32\webio.dll
2011-07-28 05:53:09 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2011-07-28 05:53:08 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
2011-07-28 05:53:08 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe
2011-07-28 05:53:08 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll
2011-07-28 05:53:05 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-07-28 05:53:05 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-07-28 05:51:58 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-07-28 05:44:19 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2011-07-28 05:44:19 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2011-07-28 05:35:45 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-07-28 05:35:45 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-07-28 05:35:43 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-07-28 05:35:43 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-07-28 05:35:43 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-07-28 05:35:43 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-07-28 05:35:43 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-07-28 05:33:25 3134464 ----a-w- C:\Windows\System32\win32k.sys
2011-07-28 05:30:03 3138048 ----a-w- C:\Windows\System32\mstscax.dll
2011-07-28 05:30:02 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll
2011-07-28 05:30:02 1097216 ----a-w- C:\Windows\System32\mstsc.exe
2011-07-28 05:30:02 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe
2011-07-28 05:28:34 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2011-07-28 05:28:34 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2011-07-28 05:28:34 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2011-07-28 05:28:33 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2011-07-28 05:27:14 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-07-28 05:27:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-07-28 05:23:25 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-07-28 05:23:24 112000 ----a-w- C:\Windows\System32\consent.exe
2011-07-28 05:23:22 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-07-28 05:22:31 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2011-07-28 05:22:31 720896 ----a-w- C:\Windows\System32\odbc32.dll
2011-07-28 05:22:31 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
2011-07-28 05:22:31 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2011-07-28 05:22:31 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2011-07-28 05:22:31 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2011-07-28 05:22:31 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2011-07-28 05:22:30 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2011-07-28 05:22:30 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2011-07-28 05:22:30 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2011-07-28 05:21:33 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2011-07-28 05:21:33 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2011-07-27 15:29:05 -------- d-----w- C:\Users\Stefano\AppData\Local\Google
2011-07-27 15:26:39 -------- d-----w- C:\Users\Stefano\AppData\Roaming\Asus WebStorage
2011-07-27 15:26:23 -------- d-----w- C:\Users\Stefano\AppData\Local\SRS Labs
2011-07-27 15:24:49 61792 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2011-07-27 15:23:34 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2011-07-27 15:23:34 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2011-07-27 15:23:27 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-07-27 15:22:39 -------- d-----w- C:\Program Files (x86)\Microsoft
2011-07-27 15:22:18 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
2011-07-27 15:21:39 -------- d-----w- C:\Windows\PCHEALTH
2011-07-27 15:21:31 4865408 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\dd31bce31cc4c70\Silverlight.2.0.exe
2011-07-27 15:21:16 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d41eb4661cc4c70\DSETUP.dll
2011-07-27 15:21:16 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d41eb4661cc4c70\DXSETUP.exe
2011-07-27 15:21:16 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d41eb4661cc4c70\dsetup32.dll
2011-07-27 15:20:35 144137544 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlcD173.tmp
2011-07-27 15:20:29 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-07-27 15:18:32 -------- d-sh--we C:\Programmi
2011-07-27 15:18:32 -------- d-sh--we C:\ProgramData\Preferiti
2011-07-27 15:18:32 -------- d-sh--we C:\ProgramData\Modelli
2011-07-27 15:18:32 -------- d-sh--we C:\ProgramData\Menu Avvio
2011-07-27 15:18:32 -------- d-sh--we C:\ProgramData\Documenti
2011-07-27 15:18:32 -------- d-sh--we C:\ProgramData\Dati applicazioni
2011-07-27 15:18:32 -------- d-sh--we C:\Program Files\File comuni
.
==================== Find3M ====================
.
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 05:17:46 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:26:12 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:26:11 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:21:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:44:55 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-15 09:58:31 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-06-15 09:58:31 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2011-06-15 09:04:46 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-06-15 09:04:46 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-06-15 09:04:46 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-06-15 09:04:46 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2011-06-15 09:04:46 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2009-04-08 17:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll
.
============= FINISH: 15:28:14,92 ===============

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:01 PM

Posted 11 August 2011 - 08:58 AM

Hi,

Was your Internet explorer closed when you uninstalled the toolbar? And did you reboot afterwards?

In either way, since this log doesn't show if values are orphaned, please run HijackThis instead and post the log.
With HijackThis it's easier to delete leftovers...

Edited by miekiemoes, 11 August 2011 - 08:59 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:01 PM

Posted 11 August 2011 - 09:03 AM

Also:

When I wrote something in the location box, I get the result from searchqu.com

What browser is this? Firefox, Internet Explorer, Google Chrome?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 stefano27

stefano27
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 PM

Posted 11 August 2011 - 09:08 AM

Hi
I closed IE before uninstalling, but probably something remains in memory, infact when I try to reboot the system it complains there is a IE running even if nothing is in the toolbar.

about result being returned by searchqu.com, I experienced this with both Google Chrome and Internet Explorer (FF is not yet installed on this box).

below the HijackThis report

thanks
stefano


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:03:54, on 11/08/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: jZip Toolbar - {1e48c56f-08cd-43aa-a6ef-c1ec891551ab} - C:\PROGRA~2\WIF0E7~1\Datamngr\ToolBar\jzipdtx.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: jZip Toolbar - {1e48c56f-08cd-43aa-a6ef-c1ec891551ab} - C:\PROGRA~2\WIF0E7~1\Datamngr\ToolBar\jzipdtx.dll (file missing)
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [CLX3180_Scan2Pc] C:\Windows\Twain_32\Samsung\CLX3180\Scan2pc.exe
O4 - HKLM\..\Run: [3180 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe"
O4 - Global Startup: FancyStart daemon.lnk = ?
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\Partner.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung Network Fax Server - Samsung Electronics Co., Ltd. - C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12345 bytes

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:01 PM

Posted 11 August 2011 - 09:22 AM

Hi,

Rightclick HijackThis and select to run as administrator.

Select the following entries:

O2 - BHO: jZip Toolbar - {1e48c56f-08cd-43aa-a6ef-c1ec891551ab} - C:\PROGRA~2\WIF0E7~1\Datamngr\ToolBar\jzipdtx.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
O3 - Toolbar: jZip Toolbar - {1e48c56f-08cd-43aa-a6ef-c1ec891551ab} - C:\PROGRA~2\WIF0E7~1\Datamngr\ToolBar\jzipdtx.dll (file missing)

Click the fix checked button below.

Once again, make sure your Internet explorer is closed.

Then read here: http://deletemalware.blogspot.com/2011/05/how-to-remove-searchqu-uninstall-guide.html how to adjust/correct the settings in your browser again.
It's also for Google chrome there.
Note, in your case, it may be listed as search.jzip or so.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 stefano27

stefano27
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 PM

Posted 11 August 2011 - 09:52 AM

It works!
I removed the entries, read the document and made the changes it suggested, reboot and...voilą :)
thank you very much for your help
stefano

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:01 PM

Posted 11 August 2011 - 09:56 AM

Glad I could help :)
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:01 PM

Posted 15 September 2011 - 01:30 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users