Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Cant remove Q-Word Search

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Cant remove Q-Word Search

Unread postby sarasara » December 22nd, 2010, 5:03 pm

malaware bytes to follow

SystemLook 04.09.10 by jpshortstuff
Log created at 20:02 on 22/12/2010 by User
Administrator - Elevation successful

========== contents ==========

C:\Program Files\ffdshow\openIE.js - Opened succesfully.

//Check if number of passed arguments is 2 or 3
var oArgs = WScript.Arguments;
if (oArgs.Count() < 2 | oArgs.Count() > 3)
showError();
else
reportArgs();

//Shows error message
function showError()
{
var timeout = 10;
var title = "Error";
var button = 48;
var oWSH = WScript.CreateObject("WScript.Shell");
var result = oWSH.Popup("Application name and/or revision number missing!\n\nThis window will close automatically in 10 seconds...", timeout, title, button);
if (result == 1) { //Quit immediately after OK button was clicked
WScript.Quit();
}
WScript.Quit(); //Quit anyway after timeout...
}

//Pass arguments via HTTP GET method to the compmgr.php script
function reportArgs()
{
//Compose URL
if (oArgs.Count() == 2)
var strURL = "http://ffdshow-tryout.sourceforge.net/compmgr.php?app=" + oArgs(0) + "&rev=" + oArgs(1);
if (oArgs.Count() == 3)
var strURL = "http://ffdshow-tryout.sourceforge.net/compmgr.php?app=" + oArgs(0) + "&rev=" + oArgs(1) + "&type=" + oArgs(2);

//Create IE object
var oIE = WScript.CreateObject("InternetExplorer.Application", "IE_");

//Customize IE window
oIE.Left = 50;
oIE.Top = 100;
oIE.Height = 320;
oIE.Width = 380;
oIE.MenuBar = 0;
oIE.ToolBar = 0;
oIE.StatusBar = 0;

//Finally open URL and show browser window
oIE.Navigate(strURL);
oIE.Visible = true;

//Send scripting host to sleep
WScript.Sleep(10000);

//Close browser window after wscript.exe wakes up
oIE.Quit();
}

//OnQuit-Event gets fired when browser window gets
//closed before (click on Close-button) or after timeout
function IE_OnQuit()
{
WScript.Quit();
}


C:\Documents and Settings\All Users\Application Data\W3i\InstallIQUpdater\updater.log - Opened succesfully.

L1:2010.12.11_16:30:33.0828[0350] InstallIQUpdater version 1.1.2.0 starting...
L1:2010.12.11_16:30:33.0828[0350] Loading settings...
L1:2010.12.11_16:30:33.0828[0350] Settings loaded.
L1:2010.12.11_16:30:33.0828[0350] Loading settings...
L1:2010.12.11_16:30:33.0843[0350] Settings loaded.
L1:2010.12.11_16:30:33.0843[0350] Configured run at startup.
L1:2010.12.11_16:30:33.0859[0350] Starting exception logger...
L1:2010.12.11_16:30:33.0875[0350] Loading install items: C(file path)data.xml
L1:2010.12.11_16:30:33.0875[0350] added install item: ac7c2a63-cb32-49c5-9a8d-181421a9acec, /iqu/items/item[1], FFDShow Codec Pack
L1:2010.12.11_16:30:33.0875[0350] Loading updates: C(file path)upgrades.xml


-= EOF =-
sarasara
Regular Member
 
Posts: 52
Joined: December 11th, 2010, 6:06 pm
Advertisement
Register to Remove

Re: Cant remove Q-Word Search

Unread postby sarasara » December 22nd, 2010, 5:23 pm

Updated quick scan: (Q -Word still on Google toolbar.)

Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Database version: 5363

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22/12/2010 20:19:44
mbam-log-2010-12-22 (20-19-44).txt

Scan type: Quick scan
Objects scanned: 133277
Time elapsed: 1 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
sarasara
Regular Member
 
Posts: 52
Joined: December 11th, 2010, 6:06 pm

Re: Cant remove Q-Word Search

Unread postby deltalima » December 22nd, 2010, 5:30 pm

Updated quick scan: (Q -Word still on Google toolbar.)


If you try to change the search settings (the small arrow next to the magnifying glass on the right hand side) then chose Manage Search Providers, what happens if you try to delete Q-word?
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Cant remove Q-Word Search

Unread postby sarasara » December 22nd, 2010, 5:48 pm

deltalima wrote:
Updated quick scan: (Q -Word still on Google toolbar.)


If you try to change the search settings (the small arrow next to the magnifying glass on the right hand side) then chose Manage Search Providers, what happens if you try to delete Q-word?
This was one of early stages of the first report.

When I do that I get Q- Word Default, search suggestions: not available. It won't delete as 'remove' is greyed. And no alternative search engine's offered.

I got the impression from the original thread of suggestions I followed that programmers at Q- search are following developments and ammending their software to outwit them, because the history of the thread shows things worked at earlier stages that did not work later in terms of removal.

Have to go now but back tomorrow if thats ok. Thank's for all the help, gnight :)
sarasara
Regular Member
 
Posts: 52
Joined: December 11th, 2010, 6:06 pm

Re: Cant remove Q-Word Search

Unread postby deltalima » December 22nd, 2010, 6:20 pm

Hi sarasara,

I got the impression from the original thread of suggestions I followed that programmers at Q- search are following developments and ammending their software to outwit them.


That is the case with much of the current malware, it is constantly being modified to make it more difficult to remove.

Let's take a look at the system as it is now after the changes that have been made.

RSIT (Random's System Information Tool)

Please download RSIT by random/random... and save it to your desktop.
  • Double click on RSIT.exe to run it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... 2 logs files...will be produced.
  • The first one, "log.txt", << will be maximized
  • The second one, "info.txt", << will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Cant remove Q-Word Search

Unread postby sarasara » December 23rd, 2010, 7:15 am

Hi Deltalima,
Got a bit confused there hope the second file is correct one which I C&P'd from 'Hijack This' on the desktop.
sara :)

Logfile of random's system information tool 1.08 (written by random/random)
Run by User at 2010-12-23 10:16:27
Microsoft Windows XP Professional Service Pack 3
System drive C: has 196 GB (78%) free of 250 GB
Total RAM: 3070 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:16:39, on 23/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\J1TO3T2Q\RSIT[1].exe
C:\Program Files\trend micro\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Download Accelerator Plus Integration - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 10.115.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1176277750
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} (Java Plug-in 1.6.0_19) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD7A2FBB-B1CB-42AC-8346-7C5B364219E3}: NameServer = 156.154.70.22,156.154.71.22
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7535 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-527237240-1614895754-1801674531-1001.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-527237240-1614895754-1801674531-1001.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{3866EC9F-E3F4-48A5-8B98-F29D52B3E338}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-11-27 382720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-24 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-11-24 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
Download Accelerator Plus Integration - C:\PROGRA~1\DAP\DAPIEL~1.DLL [2010-11-21 141568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F053C368-5458-45B2-9B4D-D8914BDDDBFF} - TextAloud - C:\PROGRA~1\TEXTAL~1\TAForIE.dll [2009-01-14 660992]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2006-12-12 19456]
"CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2006-12-12 20480]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-07-07 1753192]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-07-09 13923432]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-07-09 110696]
"TkBellExe"=C:\Program Files\Real\RealPlayer\update\realsched.exe [2010-11-27 274608]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-11-29 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-12-13 421160]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-09-10 2500552]
"COMODO"=C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe [2010-11-19 210648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"=C:\Program Files\Download Manager\DLM.exe [2009-10-27 1103216]
"Steam"=C:\Program Files\Steam\Steam.exe [2010-11-17 1242448]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CLPSLS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CAPCOM\Dark Void Demo\Launcher.exe"="C:\Program Files\CAPCOM\Dark Void Demo\Launcher.exe:*:Enabled:Dark Void Demo (DX10)"
"C:\Program Files\Steam\SteamApps\common\mafia ii - public demo\launcher.exe"="C:\Program Files\Steam\SteamApps\common\mafia ii - public demo\launcher.exe:*:Enabled:Mafia II - Demo"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
Last edited by sarasara on December 23rd, 2010, 7:26 am, edited 1 time in total.
sarasara
Regular Member
 
Posts: 52
Joined: December 11th, 2010, 6:06 pm

Re: Cant remove Q-Word Search

Unread postby sarasara » December 23rd, 2010, 7:18 am

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-12-23 10:14:03 ----D---- C:\rsit
2010-12-21 20:23:59 ----HD---- C:\VritualRoot
2010-12-21 20:12:48 ----D---- C:\Documents and Settings\All Users\Application Data\Comodo
2010-12-21 20:12:42 ----D---- C:\Program Files\COMODO
2010-12-21 19:48:49 ----SHD---- C:\RECYCLER
2010-12-21 19:43:11 ----A---- C:\ComboFix.txt
2010-12-21 19:33:56 ----RASHD---- C:\cmdcons
2010-12-21 19:28:58 ----A---- C:\WINDOWS\zip.exe
2010-12-21 19:28:58 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-12-21 19:28:58 ----A---- C:\WINDOWS\SWSC.exe
2010-12-21 19:28:58 ----A---- C:\WINDOWS\SWREG.exe
2010-12-21 19:28:58 ----A---- C:\WINDOWS\sed.exe
2010-12-21 19:28:58 ----A---- C:\WINDOWS\PEV.exe
2010-12-21 19:28:58 ----A---- C:\WINDOWS\NIRCMD.exe
2010-12-21 19:28:58 ----A---- C:\WINDOWS\MBR.exe
2010-12-21 19:28:58 ----A---- C:\WINDOWS\grep.exe
2010-12-21 19:28:52 ----D---- C:\WINDOWS\ERDNT
2010-12-21 19:28:06 ----D---- C:\Qoobox
2010-12-18 22:46:45 ----D---- C:\Program Files\Strategy First
2010-12-18 22:38:47 ----D---- C:\Program Files\iPod
2010-12-18 22:38:46 ----D---- C:\Program Files\iTunes
2010-12-18 21:45:39 ----D---- C:\Program Files\QuickTime
2010-12-16 09:23:09 ----A---- C:\WINDOWS\system32\javaws.exe
2010-12-16 09:23:09 ----A---- C:\WINDOWS\system32\javaw.exe
2010-12-16 09:23:09 ----A---- C:\WINDOWS\system32\java.exe
2010-12-11 22:28:19 ----D---- C:\Program Files\Trend Micro
2010-12-11 20:17:42 ----D---- C:\Documents and Settings\User\Application Data\Malwarebytes
2010-12-11 20:17:29 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-12-11 20:17:29 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-12-11 20:17:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-12-11 20:17:25 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-12-11 18:48:17 ----A---- C:\WINDOWS\system32\lsdelete.exe
2010-12-11 18:34:31 ----A---- C:\WINDOWS\system32\drivers\Lbd.sys
2010-12-11 18:34:26 ----A---- C:\WINDOWS\system32\drivers\SBREDrv.sys
2010-12-11 18:00:48 ----HDC---- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2010-12-11 16:31:50 ----D---- C:\Program Files\ProtectDisc Driver Installer
2010-12-11 16:31:12 ----D---- C:\Program Files\CAPCOM
2010-12-06 13:18:06 ----DC---- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-12-06 13:17:50 ----D---- C:\Program Files\Lavasoft
2010-12-06 13:17:50 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-12-02 11:39:23 ----D---- C:\Program Files\ffdshow
2010-12-02 11:36:41 ----D---- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
2010-12-02 11:35:01 ----D---- C:\Program Files\W3i
2010-12-02 11:35:01 ----D---- C:\Documents and Settings\All Users\Application Data\W3i
2010-12-02 11:33:08 ----D---- C:\Documents and Settings\User\Application Data\Yahoo!
2010-11-27 23:03:08 ----D---- C:\Program Files\Common Files\xing shared
2010-11-27 23:01:51 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2010-11-27 23:01:00 ----A---- C:\WINDOWS\system32\pndx5032.dll
2010-11-27 23:01:00 ----A---- C:\WINDOWS\system32\pndx5016.dll
2010-11-27 23:00:54 ----A---- C:\WINDOWS\system32\pncrt.dll
2010-11-27 21:35:28 ----D---- C:\Program Files\Common Files\eSellerate
2010-11-27 21:35:03 ----D---- C:\Program Files\2C09381C82B740BFAB17C805414BE85D
2010-11-25 21:19:15 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

======List of files/folders modified in the last 1 months======

2010-12-23 10:10:52 ----SD---- C:\WINDOWS\Tasks
2010-12-23 09:36:31 ----D---- C:\WINDOWS\Temp
2010-12-23 09:36:30 ----D---- C:\Program Files\Steam
2010-12-23 09:36:04 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-23 01:03:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-23 00:44:47 ----D---- C:\WINDOWS
2010-12-22 21:45:38 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-12-22 20:14:26 ----D---- C:\WINDOWS\system32\drivers
2010-12-22 14:50:28 ----AH---- C:\WINDOWS\system32\FFASTLOG.TXT
2010-12-22 14:50:15 ----D---- C:\Config.Msi
2010-12-22 14:49:01 ----SHD---- C:\WINDOWS\Installer
2010-12-22 14:48:13 ----RD---- C:\Program Files
2010-12-22 14:46:57 ----D---- C:\WINDOWS\system32
2010-12-22 14:46:37 ----HD---- C:\WINDOWS\inf
2010-12-21 19:40:52 ----A---- C:\WINDOWS\system.ini
2010-12-21 19:40:44 ----D---- C:\WINDOWS\Prefetch
2010-12-21 19:39:38 ----D---- C:\WINDOWS\system32\drivers\etc
2010-12-21 19:37:52 ----D---- C:\WINDOWS\system32\config
2010-12-21 19:35:57 ----D---- C:\WINDOWS\AppPatch
2010-12-21 19:35:54 ----D---- C:\Program Files\Common Files
2010-12-21 19:33:59 ----RASH---- C:\boot.ini
2010-12-19 14:01:56 ----D---- C:\Program Files\TextAloud
2010-12-18 23:22:35 ----D---- C:\WINDOWS\Minidump
2010-12-18 22:38:47 ----D---- C:\Program Files\Common Files\Apple
2010-12-16 09:23:06 ----D---- C:\Program Files\Java
2010-12-15 23:32:01 ----D---- C:\WINDOWS\Debug
2010-12-15 19:29:28 ----D---- C:\WINDOWS\system32\CatRoot
2010-12-15 19:25:53 ----D---- C:\Program Files\Internet Explorer
2010-12-15 19:03:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-12-15 19:02:49 ----D---- C:\WINDOWS\ie8updates
2010-12-15 19:02:44 ----HD---- C:\WINDOWS\$hf_mig$
2010-12-15 19:01:04 ----A---- C:\WINDOWS\system32\MRT.exe
2010-12-15 19:00:48 ----D---- C:\Program Files\Outlook Express
2010-12-11 22:28:19 ----SD---- C:\Documents and Settings\User\Application Data\Microsoft
2010-12-11 21:59:40 ----D---- C:\WINDOWS\system
2010-12-11 18:34:31 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-12-11 18:00:33 ----D---- C:\WINDOWS\WinSxS
2010-12-11 16:32:08 ----D---- C:\WINDOWS\system32\wbem
2010-12-11 16:32:07 ----D---- C:\WINDOWS\Registration
2010-12-11 16:31:45 ----D---- C:\Program Files\Deep Silver
2010-12-03 11:41:00 ----D---- C:\WINDOWS\system32\en-US
2010-11-27 23:04:18 ----D---- C:\Documents and Settings\User\Application Data\Real
2010-11-27 23:03:12 ----D---- C:\Program Files\Real

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2010-09-10 91560]
R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
R0 ohci1394;VIA OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x); C:\WINDOWS\System32\drivers\sfsync03.sys [2005-12-06 35328]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-11-03 63488]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2010-09-10 239240]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2010-09-10 25240]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-04-13 21035]
R2 Vcs;Vcs support; \??\C:\WINDOWS\system32\Drivers\Vcs.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2010-04-13 60800]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2006-12-19 511288]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2007-06-18 514560]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2006-12-19 14648]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2006-12-19 156984]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2006-12-19 90936]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 ha20x2k;Creative 20X HAL Driver; C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 1160504]
R3 hidusb;HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2010-04-13 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2010-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-07-09 10604128]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2009-07-01 66688]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2009-07-01 13824]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2006-12-19 128312]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2007-12-26 272128]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 UsbFltr;Razer Copperhead Driver; C:\WINDOWS\system32\drivers\copperhd.sys [2005-11-02 11596]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM); C:\WINDOWS\system32\DRIVERS\vcsvad.sys [2008-12-26 17792]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []
S3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2010-07-01 34896]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-10-16 37664]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376]
R2 CLPSLS;COMODO livePCsupport Service; C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2010-11-19 151432]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-09-10 1901056]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-11-12 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-12-03 1389400]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-17 311296]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-07-09 155752]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-12-13 820008]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
sarasara
Regular Member
 
Posts: 52
Joined: December 11th, 2010, 6:06 pm

Re: Cant remove Q-Word Search

Unread postby sarasara » December 23rd, 2010, 7:23 am

OTL logfile created on: 20/12/2010 19:39:30 - Run 3
OTL by OldTimer - Version 3.2.17.4 Folder = C:\Documents and Settings\User\Desktop\hijack this
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 244.14 Gb Total Space | 191.42 Gb Free Space | 78.40% Space Free | Partition Type: NTFS
Drive D: | 221.61 Gb Total Space | 194.94 Gb Free Space | 87.97% Space Free | Partition Type: NTFS
Drive G: | 699.57 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 2.67 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MARIA-PC3000 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\User\Desktop\hijack this\OTL_1.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\DAP\DAP.exe (SpeedBit Ltd.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\Ctxfihlp.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\system32\CtHelper.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\system32\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
PRC - C:\Program Files\Microsoft Office\Office\OSA.EXE ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\User\Desktop\hijack this\OTL_1.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\CTAGENT.DLL (Creative Technology Ltd)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)


========== Driver Services (SafeList) ==========

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (SCREAMINGBDRIVER) -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (kl2) -- C:\WINDOWS\system32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (kl1) -- C:\WINDOWS\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab ZAO)
DRV - (acedrv11) -- C:\WINDOWS\system32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (VCSVADHWSer) Avnex Virtual Audio Device (WDM) -- C:\WINDOWS\system32\drivers\vcsvad.sys (Avnex)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (RTLWUSB) -- C:\WINDOWS\system32\drivers\wg111v2.sys (NETGEAR Inc.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ha20x2k) -- C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (sfsync03) StarForce Protection Synchronization Driver (version 3.x) -- C:\WINDOWS\System32\drivers\sfsync03.sys (Protection Technology)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (UsbFltr) -- C:\WINDOWS\system32\drivers\copperhd.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (Vcs) -- C:\WINDOWS\system32\drivers\Vcs.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C2 EC 86 52 3D 5E CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {99a0337c-6303-4879-b72e-500fd9aaca8c}:1.0.8
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.4.0.1

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/27 23:02:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/18 21:46:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/18 21:46:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010/09/27 13:07:40 | 000,000,000 | ---D | M]

[2010/04/12 01:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2010/04/13 16:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\uh1w18zb.default\extensions
[2010/04/12 01:47:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\uh1w18zb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/12/16 09:23:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/28 16:53:47 | 000,000,000 | ---D | M] (TextAloud Firefox Plugin) -- C:\Program Files\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}
[2010/09/27 12:21:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/19 19:08:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/16 09:23:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/09/27 13:09:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2010/09/27 13:09:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/13 16:15:58 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/04/01 16:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/01 16:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/01 16:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/01 16:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2001/08/23 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Download Accelerator Plus Integration) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (TextAloud) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files\TextAloud\TAForIE.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/ ... 10.115.cab (CDownloadCtrl Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 1176277750 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/13 16:00:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/06/27 10:26:18 | 000,000,050 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/07/31 16:26:36 | 000,000,027 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/18 23:22:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2010/12/18 22:56:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\US2
[2010/12/18 22:46:45 | 000,000,000 | ---D | C] -- C:\Program Files\Strategy First
[2010/12/18 22:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/12/18 22:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/12/18 21:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/12/18 19:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\GMER Rootkit Scanner
[2010/12/18 19:48:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\hijack this
[2010/12/16 09:23:09 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/16 09:23:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/12/16 09:23:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/11 22:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/12/11 20:17:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2010/12/11 20:17:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/11 20:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/12/11 20:17:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/11 20:17:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/11 18:34:31 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/12/11 18:34:26 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/12/11 18:04:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Sunbelt Software
[2010/12/11 18:00:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2010/12/11 16:31:50 | 000,000,000 | ---D | C] -- C:\Program Files\ProtectDisc Driver Installer
[2010/12/11 16:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\CAPCOM
sarasara
Regular Member
 
Posts: 52
Joined: December 11th, 2010, 6:06 pm

Re: Cant remove Q-Word Search

Unread postby sarasara » December 23rd, 2010, 7:23 am

[2010/12/06 13:18:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010/12/06 13:17:50 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/12/06 13:17:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/12/02 11:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2010/12/02 11:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
[2010/12/02 11:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\W3i
[2010/12/02 11:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\W3i
[2010/12/02 11:33:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Yahoo!
[2010/11/29 17:38:30 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/11/29 17:38:30 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/11/27 23:03:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/11/27 23:01:51 | 000,199,904 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/11/27 23:01:00 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/11/27 23:01:00 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/11/27 23:00:54 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2010/11/27 21:35:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\eSellerate
[2010/11/27 21:35:03 | 000,000,000 | ---D | C] -- C:\Program Files\2C09381C82B740BFAB17C805414BE85D
[2010/11/25 21:19:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/12/12 09:47:24 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[5 C:\Documents and Settings\User\My Documents\*.tmp files -> C:\Documents and Settings\User\My Documents\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/20 20:28:59 | 000,064,756 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000007-00000000-00000006-00001102-00000005-00291102}.rfx
[2010/12/20 20:28:59 | 000,053,800 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000007-00000000-00000006-00001102-00000005-00291102}.rfx
[2010/12/20 20:28:59 | 000,053,800 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000007-00000000-00000006-00001102-00000005-00291102}.rfx
[2010/12/20 20:28:59 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/12/20 20:28:59 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/12/20 20:28:50 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\userinit.exe
[2010/12/20 19:35:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-527237240-1614895754-1801674531-1001.job
[2010/12/20 19:35:12 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-527237240-1614895754-1801674531-1001.job
[2010/12/20 19:33:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/20 19:33:03 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/12/20 19:33:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/20 19:03:54 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - blenkarni's YouTube (2).url
[2010/12/20 18:53:27 | 004,947,968 | -H-- | M] () -- C:\ffastun0.ffx
[2010/12/20 18:53:27 | 000,376,832 | -H-- | M] () -- C:\ffastun.ffl
[2010/12/20 18:53:27 | 000,118,784 | -H-- | M] () -- C:\ffastun.ffo
[2010/12/20 18:53:27 | 000,004,460 | -H-- | M] () -- C:\ffastun.ffa
[2010/12/20 18:47:49 | 036,785,355 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Video #007 Schools Teaching Kids About Islam. 20.12.10.flv
[2010/12/20 17:46:59 | 000,000,301 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - football club.url
[2010/12/20 17:45:07 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Conservative Radio - Listen Online.url
[2010/12/20 16:08:13 | 000,000,325 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MalWare Removal • View topic - Cant remove Q-Word Search (2).url
[2010/12/20 16:00:32 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3866EC9F-E3F4-48A5-8B98-F29D52B3E338}.job
[2010/12/20 15:55:43 | 000,000,301 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MalWare Removal • View topic - referred from malware forum.url
[2010/12/20 15:21:35 | 000,000,373 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - the who.url
[2010/12/20 12:35:22 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\User\Desktop\newworldorderuk.url
[2010/12/19 21:50:21 | 000,000,356 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Sign in to Yahoo!.url
[2010/12/19 21:20:38 | 000,000,263 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - robinarielmedia's Channel.url
[2010/12/19 16:11:56 | 016,746,974 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Hizb ut Tahrir March for Gaza.flv
[2010/12/18 22:52:55 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ubersoldier 2.lnk
[2010/12/18 22:00:47 | 000,000,295 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - ironmaiden's Channel.url
[2010/12/18 21:18:14 | 000,000,301 | ---- | M] () -- C:\Documents and Settings\User\Desktop\The Savage Nation Forum.url
[2010/12/18 21:11:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/18 21:05:52 | 000,000,220 | ---- | M] () -- C:\Documents and Settings\User\Desktop\TheHill.com.url
[2010/12/18 19:09:59 | 000,000,263 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - EnglishDemocrat's Channel.url
[2010/12/18 14:37:36 | 000,000,315 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Mark Thompson, Director-General of the BBC - Common Purpose training - WhatDoTheyKnow.url
[2010/12/18 13:30:41 | 000,000,257 | ---- | M] () -- C:\Documents and Settings\User\Desktop\The Surfing Rabbi.url
[2010/12/17 23:05:41 | 000,000,255 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - SikhWorldTV's Channel.url
[2010/12/17 15:16:50 | 000,000,233 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Michael Savage Show.url
[2010/12/17 14:28:04 | 000,000,379 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - elvis.url
[2010/12/16 21:34:28 | 000,000,375 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - islamism.url
[2010/12/16 18:39:05 | 000,000,287 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MalWare Removal • View topic - Cant remove Q-Word Search.url
[2010/12/16 15:43:38 | 000,000,407 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - MarxistFascistUK's Channel (2).url
[2010/12/15 19:25:56 | 000,330,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/14 22:36:45 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/14 22:35:28 | 013,496,102 | ---- | M] () -- C:\Documents and Settings\User\My Documents\EDL - Gutsy female EDL member silenced at 'Islamophobia' conference.flv
[2010/12/14 16:22:22 | 243,189,356 | ---- | M] () -- C:\Documents and Settings\User\My Documents\The Day the Dollar Died.avi
[2010/12/14 15:53:46 | 043,015,983 | ---- | M] () -- C:\Documents and Settings\User\My Documents\The Day the Dollar Died.flv
[2010/12/14 15:37:00 | 000,000,307 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - american militia.url
[2010/12/14 13:24:53 | 000,000,278 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Mark Levin Show.url
[2010/12/13 19:49:55 | 000,000,259 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - Goodfightlads's Channel.url
[2010/12/13 18:58:10 | 000,000,403 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - meir kahane.url
[2010/12/13 18:19:44 | 000,000,261 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - Patriotic English song.url
[2010/12/13 16:02:52 | 008,697,084 | ---- | M] () -- C:\Documents and Settings\User\My Documents\counterfeet's Channel.flv
[2010/12/13 14:46:21 | 000,000,291 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - the kiss.url
[2010/12/12 23:20:47 | 000,000,261 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - Remember Great Britain .url
[2010/12/12 18:07:31 | 000,000,249 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - clarkewi's Channel.url
[2010/12/12 00:09:45 | 000,000,877 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware (2).lnk
[2010/12/11 22:32:48 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\HiJackThis.lnk
[2010/12/11 22:02:48 | 000,000,608 | ---- | M] () -- C:\Documents and Settings\User\Desktop\The Qword search engine is overriding google as the default at the top right corner even after I have delete it. - Web Search Help.url
[2010/12/11 22:01:42 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/12/11 21:15:03 | 030,295,162 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Tommy Robinson Peterborough part two.flv
[2010/12/11 20:53:04 | 046,445,311 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Tommy Robinson Peterborough Part 1.flv
[2010/12/11 19:53:36 | 000,000,297 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Strange pop-ups and other malware.url
[2010/12/11 18:34:26 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/12/11 18:00:47 | 000,000,895 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/12/11 17:47:19 | 000,000,230 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Remove qword.dll - qword.dll Manual and Automatic Removal Instructions.url
[2010/12/11 17:33:27 | 000,000,232 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Tech PC Forums • Index page.url
[2010/12/11 17:04:03 | 000,000,261 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - Episode 6 - Alan Partridge's - Mid Morning Matters.url
[2010/12/11 17:01:06 | 000,000,387 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - geert wilders.url
[2010/12/11 13:56:46 | 000,000,251 | ---- | M] () -- C:\Documents and Settings\User\Desktop\The Manning Report.url
[2010/12/11 12:44:30 | 018,134,668 | ---- | M] () -- C:\Documents and Settings\User\My Documents\English Speaking Schoolchildren a Minority in British Schools3.flv
[2010/12/10 20:48:53 | 000,000,405 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - israel punk music.url
[2010/12/10 11:09:53 | 010,417,091 | ---- | M] () -- C:\Documents and Settings\User\My Documents\EDL Rabbi Meir Kahane- The First US victim of Al Quada.mp4
[2010/12/09 21:24:20 | 000,000,281 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - idf.url
[2010/12/09 18:47:58 | 000,000,289 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - england.url
[2010/12/09 15:07:53 | 005,501,895 | ---- | M] () -- C:\Documents and Settings\User\My Documents\EDL Michael Savage.flv
[2010/12/09 11:52:40 | 246,228,712 | ---- | M] () -- C:\Documents and Settings\User\My Documents\EDL Rabbi Schrifrens Address To The British Resistance.avi
[2010/12/09 11:35:21 | 044,850,687 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Surfing rabbi - Nachum Shifren at EDL Demo in London.flv
[2010/12/08 10:05:59 | 000,114,243 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/12/08 10:05:59 | 000,097,859 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/12/07 21:00:48 | 000,000,443 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - punk uk.url
[2010/12/07 20:33:30 | 000,000,283 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - army.url
[2010/12/07 14:41:38 | 000,000,397 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - radio caroline.url
[2010/12/06 19:10:52 | 000,000,393 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - punk israel.url
[2010/12/06 11:12:44 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Newsmax - Newsmax.com - Breaking News, Politics, Commentary.url
[2010/12/05 15:40:15 | 000,000,914 | ---- | M] () -- C:\Documents and Settings\User\Desktop\A Free Press for a Free People.url
[2010/12/04 20:17:27 | 027,055,395 | ---- | M] () -- C:\Documents and Settings\User\My Documents\goodbyeweyman's Channel.flv
[2010/12/03 21:39:16 | 015,695,940 | ---- | M] () -- C:\Documents and Settings\User\My Documents\EDL Pete McKenna.flv
[2010/12/03 09:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/12/03 09:05:33 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/12/02 11:18:49 | 062,298,450 | ---- | M] () -- C:\Documents and Settings\User\My Documents\English Defence League support Israel.flv
[2010/12/01 19:45:17 | 018,057,260 | ---- | M] () -- C:\Documents and Settings\User\My Documents\PopModal The Conservative Alternative to YouTube - Jackie Mason Endorsement of Rabbi Shifren.flv
[2010/11/30 15:47:29 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - Fashion in the 1950's.url
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/29 17:38:30 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/11/29 17:38:30 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/11/29 16:56:32 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes (2).lnk
[2010/11/29 12:00:03 | 014,244,862 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Guramit Singh's Speech EDL Nuneaton 27 Nov 2010.flv
[2010/11/29 11:02:10 | 034,738,820 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Robert Spencer - so what if Feisal Abdul Rauf is really what he says he is.flv
[2010/11/28 15:29:01 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/11/28 14:14:04 | 086,857,287 | ---- | M] () -- C:\Documents and Settings\User\My Documents\THE GLORIOUS EDL.flv
[2010/11/28 11:39:46 | 004,157,293 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Are Muslim Nurses Killing Patients.flv
[2010/11/28 11:19:25 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
[2010/11/27 23:01:51 | 000,199,904 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/11/27 23:01:00 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/11/27 23:01:00 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/11/27 23:00:54 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2010/11/27 20:45:28 | 000,001,244 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Shortcut to 1940's Fashion - Ladies Boudoir.flv.lnk
[2010/11/27 20:45:13 | 000,001,129 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Shortcut to 50'sGirl.flv.lnk
[2010/11/27 14:27:15 | 000,000,247 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - vidcat1's Channel.url
[2010/11/24 21:08:26 | 000,000,261 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - famouspictures's Channel.url
[2010/11/24 17:15:00 | 007,703,836 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Saudi King Heads to U.S. for Medical Treatment.flv
[2010/11/22 15:15:18 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
[2010/11/22 11:26:40 | 000,000,425 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Ronald Reagan Speech – 1964 Republican National Convention « Counterculture Con HQ.url
[2010/11/21 20:15:50 | 000,014,568 | ---- | M] () -- C:\Documents and Settings\User\My Documents\boat001[1].gif
[2010/11/20 20:43:26 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[5 C:\Documents and Settings\User\My Documents\*.tmp files -> C:\Documents and Settings\User\My Documents\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/20 18:15:24 | 036,785,355 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Video #007 Schools Teaching Kids About Islam. 20.12.10.flv
[2010/12/20 17:46:59 | 000,000,301 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - football club.url
[2010/12/20 16:08:13 | 000,000,325 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MalWare Removal • View topic - Cant remove Q-Word Search (2).url
[2010/12/19 16:02:24 | 016,746,974 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Hizb ut Tahrir March for Gaza.flv
[2010/12/18 23:35:05 | 000,000,373 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - the who.url
[2010/12/18 22:52:55 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ubersoldier 2.lnk
[2010/12/18 22:00:47 | 000,000,295 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - ironmaiden's Channel.url
[2010/12/18 19:09:59 | 000,000,263 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - EnglishDemocrat's Channel.url
[2010/12/18 14:37:36 | 000,000,315 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Mark Thompson, Director-General of the BBC - Common Purpose training - WhatDoTheyKnow.url
[2010/12/18 13:30:41 | 000,000,257 | ---- | C] () -- C:\Documents and Settings\User\Desktop\The Surfing Rabbi.url
[2010/12/17 23:05:41 | 000,000,255 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - SikhWorldTV's Channel.url
[2010/12/17 14:28:04 | 000,000,379 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - elvis.url
[2010/12/16 18:33:27 | 000,000,301 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MalWare Removal • View topic - referred from malware forum.url
[2010/12/16 15:43:38 | 000,000,407 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - MarxistFascistUK's Channel (2).url
[2010/12/14 22:35:27 | 013,496,102 | ---- | C] () -- C:\Documents and Settings\User\My Documents\EDL - Gutsy female EDL member silenced at 'Islamophobia' conference.flv
[2010/12/14 16:26:28 | 243,189,356 | ---- | C] () -- C:\Documents and Settings\User\My Documents\The Day the Dollar Died.avi
[2010/12/14 15:37:00 | 000,000,307 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - american militia.url
[2010/12/14 15:30:25 | 043,015,983 | ---- | C] () -- C:\Documents and Settings\User\My Documents\The Day the Dollar Died.flv
[2010/12/13 22:25:57 | 000,000,220 | ---- | C] () -- C:\Documents and Settings\User\Desktop\TheHill.com.url
[2010/12/13 19:49:55 | 000,000,259 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - Goodfightlads's Channel.url
[2010/12/13 18:19:44 | 000,000,261 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - Patriotic English song.url
[2010/12/13 16:00:12 | 008,697,084 | ---- | C] () -- C:\Documents and Settings\User\My Documents\counterfeet's Channel.flv
[2010/12/12 23:20:47 | 000,000,261 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - Remember Great Britain .url
[2010/12/12 18:07:31 | 000,000,249 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - clarkewi's Channel.url
[2010/12/12 00:09:45 | 000,000,877 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware (2).lnk
[2010/12/11 22:45:34 | 000,000,287 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MalWare Removal • View topic - Cant remove Q-Word Search.url
[2010/12/11 22:29:21 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\HiJackThis.lnk
[2010/12/11 22:01:42 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/12/11 20:56:31 | 030,295,162 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Tommy Robinson Peterborough part two.flv
[2010/12/11 20:52:29 | 046,445,311 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Tommy Robinson Peterborough Part 1.flv
[2010/12/11 19:53:36 | 000,000,297 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Strange pop-ups and other malware.url
[2010/12/11 19:47:38 | 000,000,608 | ---- | C] () -- C:\Documents and Settings\User\Desktop\The Qword search engine is overriding google as the default at the top right corner even after I have delete it. - Web Search Help.url
[2010/12/11 18:48:17 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/12/11 18:00:47 | 000,000,895 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/12/11 17:47:19 | 000,000,230 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Remove qword.dll - qword.dll Manual and Automatic Removal Instructions.url
[2010/12/11 16:24:28 | 000,000,261 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - Episode 6 - Alan Partridge's - Mid Morning Matters.url
[2010/12/11 12:44:29 | 018,134,668 | ---- | C] () -- C:\Documents and Settings\User\My Documents\English Speaking Schoolchildren a Minority in British Schools3.flv
[2010/12/10 18:24:54 | 000,000,375 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - islamism.url
[2010/12/10 11:04:57 | 010,417,091 | ---- | C] () -- C:\Documents and Settings\User\My Documents\EDL Rabbi Meir Kahane- The First US victim of Al Quada.mp4
[2010/12/09 22:23:35 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-527237240-1614895754-1801674531-1001.job
[2010/12/09 21:24:20 | 000,000,281 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - idf.url
[2010/12/09 20:22:47 | 000,000,405 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - israel punk music.url
[2010/12/09 17:55:23 | 000,000,289 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - england.url
[2010/12/09 15:04:45 | 005,501,895 | ---- | C] () -- C:\Documents and Settings\User\My Documents\EDL Michael Savage.flv
[2010/12/09 11:53:14 | 246,228,712 | ---- | C] () -- C:\Documents and Settings\User\My Documents\EDL Rabbi Schrifrens Address To The British Resistance.avi
[2010/12/09 11:17:03 | 044,850,687 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Surfing rabbi - Nachum Shifren at EDL Demo in London.flv
[2010/12/08 23:32:04 | 000,000,403 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - meir kahane.url
[2010/12/08 10:45:56 | 000,000,301 | ---- | C] () -- C:\Documents and Settings\User\Desktop\The Savage Nation Forum.url
[2010/12/07 14:41:38 | 000,000,397 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - radio caroline.url
[2010/12/06 22:00:44 | 000,000,387 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - geert wilders.url
[2010/12/06 19:10:52 | 000,000,393 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - punk israel.url
[2010/12/06 13:43:11 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/12/05 22:26:36 | 000,000,283 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - army.url
[2010/12/05 22:17:17 | 000,000,291 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - the kiss.url
[2010/12/05 13:56:54 | 000,000,251 | ---- | C] () -- C:\Documents and Settings\User\Desktop\The Manning Report.url
[2010/12/04 20:02:18 | 027,055,395 | ---- | C] () -- C:\Documents and Settings\User\My Documents\goodbyeweyman's Channel.flv
[2010/12/04 16:58:00 | 000,000,278 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Mark Levin Show.url
[2010/12/04 11:04:16 | 000,000,443 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - punk uk.url
[2010/12/03 21:39:16 | 015,695,940 | ---- | C] () -- C:\Documents and Settings\User\My Documents\EDL Pete McKenna.flv
[2010/12/02 10:45:57 | 062,298,450 | ---- | C] () -- C:\Documents and Settings\User\My Documents\English Defence League support Israel.flv
[2010/12/01 19:20:56 | 018,057,260 | ---- | C] () -- C:\Documents and Settings\User\My Documents\PopModal The Conservative Alternative to YouTube - Jackie Mason Endorsement of Rabbi Shifren.flv
[2010/11/29 16:56:32 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes (2).lnk
[2010/11/29 11:51:48 | 014,244,862 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Guramit Singh's Speech EDL Nuneaton 27 Nov 2010.flv
[2010/11/29 10:49:03 | 034,738,820 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Robert Spencer - so what if Feisal Abdul Rauf is really what he says he is.flv
[2010/11/28 15:29:01 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/11/28 12:53:23 | 086,857,287 | ---- | C] () -- C:\Documents and Settings\User\My Documents\THE GLORIOUS EDL.flv
[2010/11/28 11:37:51 | 004,157,293 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Are Muslim Nurses Killing Patients.flv
[2010/11/28 11:19:25 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
[2010/11/27 20:45:28 | 000,001,244 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Shortcut to 1940's Fashion - Ladies Boudoir.flv.lnk
[2010/11/27 20:45:13 | 000,001,129 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Shortcut to 50'sGirl.flv.lnk
[2010/11/24 21:08:26 | 000,000,261 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - famouspictures's Channel.url
[2010/11/24 17:12:35 | 007,703,836 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Saudi King Heads to U.S. for Medical Treatment.flv
[2010/11/24 10:04:33 | 000,000,263 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - robinarielmedia's Channel.url
[2010/11/22 15:15:18 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
[2010/11/22 11:26:40 | 000,000,425 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Ronald Reagan Speech – 1964 Republican National Convention « Counterculture Con HQ.url
[2010/11/21 20:16:25 | 000,014,568 | ---- | C] () -- C:\Documents and Settings\User\My Documents\boat001[1].gif
[2010/11/20 20:43:26 | 000,002,329 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2010/11/03 00:04:20 | 000,187,856 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/20 15:30:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\SYSVCPDRV.SYS
[2010/09/20 15:28:50 | 000,006,852 | ---- | C] () -- C:\WINDOWS\System32\drivers\Vcs.sys
[2010/06/04 17:54:02 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini
[2010/05/24 18:54:01 | 000,000,088 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/05/16 18:18:58 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2010/04/29 19:27:14 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/29 11:34:51 | 000,000,207 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2010/04/24 11:03:48 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/13 17:10:36 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/04/13 16:52:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/04/13 16:10:47 | 000,966,765 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll
[2010/04/13 16:10:47 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\SCMLib.dll
[2010/04/13 16:10:47 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\RtlGina2.dll
[2008/04/14 05:41:56 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2008/04/14 05:41:56 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2008/04/14 05:41:56 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2008/04/14 05:41:56 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2008/04/14 05:41:56 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2006/12/19 06:15:20 | 000,065,154 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2006/12/12 09:48:22 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2006/11/30 07:01:26 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/05/18 06:03:24 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[1997/08/18 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/08/18 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B11E0DF

< End of report >
sarasara
Regular Member
 
Posts: 52
Joined: December 11th, 2010, 6:06 pm

Re: Cant remove Q-Word Search

Unread postby deltalima » December 23rd, 2010, 1:28 pm

Hi sarasara,

It's certainly managing to avoid detection, we need to remove some programs that may be interfering with our scans. We can reinstall them once we are finished if they are still required.

Please uninstall

Ad-Aware
And
Spybot - Search & Destroy

Now reboot the computer.

Now run another scan with OTL and post just the OTL.txt log.

When I do that I get Q- Word Default, search suggestions: not available. It won't delete as 'remove' is greyed. And no alternative search engine's offered.


At the bottom left it should say Find more search providers…, what happens if you click that? Can you add for example Google?
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Cant remove Q-Word Search

Unread postby sarasara » December 23rd, 2010, 2:14 pm

Hi Deltalima,

The procedure has worked this time. I think you may have already removed the root by the uninstallations or a previous scan allowing the menu which previously read 'not available' to work. I was able to make Google default and remove Q -Word....I hope.

I rebooted the system and the Q-Word is still gone.

So hopefully as is now well but I will keep the system under observation and report back if it reappears; perhaps re-triggered by a spawn.
So thank's a lot and hope all is clear,
regards,
sara. :)

OTL logfile created on: 23/12/2010 17:11:18 - Run 4
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 244.14 Gb Total Space | 191.30 Gb Free Space | 78.36% Space Free | Partition Type: NTFS
Drive D: | 221.61 Gb Total Space | 194.94 Gb Free Space | 87.97% Space Free | Partition Type: NTFS
Drive G: | 699.57 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 2.67 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MARIA-PC3000 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe (COMODO)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\Ctxfihlp.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\system32\CtHelper.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\system32\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
PRC - C:\Program Files\Microsoft Office\Office\OSA.EXE ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\User\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\guard32.dll (COMODO)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\CTAGENT.DLL (Creative Technology Ltd)


========== Win32 Services (SafeList) ==========

SRV - (wscsvc) -- C:\WINDOWS\System32\wscsvc.dll File not found
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (CLPSLS) -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe (COMODO)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (Inspect) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)
DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)
DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (SCREAMINGBDRIVER) -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (acedrv11) -- C:\WINDOWS\system32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (VCSVADHWSer) Avnex Virtual Audio Device (WDM) -- C:\WINDOWS\system32\drivers\vcsvad.sys (Avnex)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (RTLWUSB) -- C:\WINDOWS\system32\drivers\wg111v2.sys (NETGEAR Inc.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ha20x2k) -- C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (sfsync03) StarForce Protection Synchronization Driver (version 3.x) -- C:\WINDOWS\System32\drivers\sfsync03.sys (Protection Technology)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (UsbFltr) -- C:\WINDOWS\system32\drivers\copperhd.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (Vcs) -- C:\WINDOWS\system32\drivers\Vcs.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C2 EC 86 52 3D 5E CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {99a0337c-6303-4879-b72e-500fd9aaca8c}:1.0.8
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.4.0.1

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/27 23:02:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/18 21:46:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/18 21:46:14 | 000,000,000 | ---D | M]

[2010/04/12 01:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2010/04/13 16:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\uh1w18zb.default\extensions
[2010/04/12 01:47:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\uh1w18zb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/12/16 09:23:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/28 16:53:47 | 000,000,000 | ---D | M] (TextAloud Firefox Plugin) -- C:\Program Files\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}
[2010/09/27 12:21:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/19 19:08:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/16 09:23:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/13 16:15:58 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/04/01 16:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/01 16:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/01 16:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/01 16:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/12/21 19:39:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Download Accelerator Plus Integration) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (TextAloud) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files\TextAloud\TAForIE.dll ()
O4 - HKLM..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/ ... 10.115.cab (CDownloadCtrl Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 1176277750 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/13 16:00:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/06/27 10:26:18 | 000,000,050 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/07/31 16:26:36 | 000,000,027 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/23 17:09:51 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2010/12/23 17:08:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\otl
[2010/12/23 10:14:03 | 000,000,000 | ---D | C] -- C:\rsit
[2010/12/22 21:45:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2010/12/21 20:23:59 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2010/12/21 20:23:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\COMODO
[2010/12/21 20:12:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2010/12/21 20:12:42 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010/12/21 19:48:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/12/21 19:33:56 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/12/21 19:28:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/21 19:28:58 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/21 19:28:58 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/21 19:28:58 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/21 19:28:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/21 19:28:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/18 22:56:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\US2
[2010/12/18 22:46:45 | 000,000,000 | ---D | C] -- C:\Program Files\Strategy First
[2010/12/18 22:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/12/18 22:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/12/18 21:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/12/18 19:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\GMER Rootkit Scanner
[2010/12/18 19:48:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\hijack this
[2010/12/16 09:23:09 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/16 09:23:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/12/16 09:23:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/11 22:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/12/11 20:17:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2010/12/11 20:17:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/11 20:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/12/11 20:17:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/11 20:17:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/11 18:34:26 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/12/11 18:04:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Sunbelt Software
[2010/12/11 16:31:50 | 000,000,000 | ---D | C] -- C:\Program Files\ProtectDisc Driver Installer
[2010/12/11 16:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\CAPCOM
[2010/12/06 13:18:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010/12/06 13:17:50 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/12/06 13:17:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/12/02 11:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2010/12/02 11:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
[2010/12/02 11:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\W3i
[2010/12/02 11:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\W3i
[2010/12/02 11:33:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Yahoo!
[2010/11/29 17:38:30 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/11/29 17:38:30 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/11/27 23:03:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/11/27 23:01:51 | 000,199,904 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/11/27 23:01:00 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/11/27 23:01:00 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/11/27 23:00:54 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2010/11/27 21:35:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\eSellerate
[2010/11/27 21:35:03 | 000,000,000 | ---D | C] -- C:\Program Files\2C09381C82B740BFAB17C805414BE85D
[2010/11/25 21:19:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/12/12 09:47:24 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[5 C:\Documents and Settings\User\My Documents\*.tmp files -> C:\Documents and Settings\User\My Documents\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========
Last edited by sarasara on December 23rd, 2010, 2:29 pm, edited 3 times in total.
sarasara
Regular Member
 
Posts: 52
Joined: December 11th, 2010, 6:06 pm

Re: Cant remove Q-Word Search

Unread postby sarasara » December 23rd, 2010, 2:14 pm

[2010/12/23 17:10:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-527237240-1614895754-1801674531-1001.job
[2010/12/23 17:10:06 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-527237240-1614895754-1801674531-1001.job
[2010/12/23 17:09:58 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2010/12/23 17:05:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/23 17:04:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/23 17:03:59 | 000,064,756 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000007-00000000-00000006-00001102-00000005-00291102}.rfx
[2010/12/23 17:03:59 | 000,053,800 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000007-00000000-00000006-00001102-00000005-00291102}.rfx
[2010/12/23 17:03:59 | 000,053,800 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000007-00000000-00000006-00001102-00000005-00291102}.rfx
[2010/12/23 17:03:59 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/12/23 17:03:59 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/12/23 16:31:57 | 000,000,909 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy (2).lnk
[2010/12/23 15:46:13 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3866EC9F-E3F4-48A5-8B98-F29D52B3E338}.job
[2010/12/23 13:42:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/12/23 10:10:46 | 000,000,511 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Download Microsoft Digital Image.url
[2010/12/23 09:53:52 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2010/12/22 21:43:19 | 000,000,253 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - limoneador's Channel.url
[2010/12/22 21:27:58 | 000,000,271 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - PunkRockLibertarian's Channel.url
[2010/12/22 19:40:33 | 020,225,545 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Tommy Robinson talks about Police Tactics2.flv
[2010/12/22 19:03:20 | 000,376,832 | ---- | M] () -- C:\ffastunT.ffl
[2010/12/22 14:46:36 | 000,000,255 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - RancidElf32's Channel.url
[2010/12/21 20:12:47 | 000,000,927 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2010/12/21 19:39:38 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/21 19:33:59 | 000,000,471 | RHS- | M] () -- C:\boot.ini
[2010/12/21 19:21:40 | 000,000,263 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - nosurrender1969's Channel.url
[2010/12/21 19:19:23 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - blenkarni's YouTube (2).url
[2010/12/21 18:59:49 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Conservative Radio - Listen Online.url
[2010/12/21 18:03:37 | 004,947,968 | -H-- | M] () -- C:\ffastun0.ffx
[2010/12/21 18:03:37 | 000,376,832 | -H-- | M] () -- C:\ffastun.ffl
[2010/12/21 18:03:37 | 000,118,784 | -H-- | M] () -- C:\ffastun.ffo
[2010/12/21 18:03:37 | 000,004,460 | -H-- | M] () -- C:\ffastun.ffa
[2010/12/21 16:23:30 | 020,411,288 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Guramit Singh EDL Spokesman arrested3.flv
[2010/12/21 15:45:26 | 000,000,407 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - birmingham football club.url
[2010/12/21 15:07:11 | 009,585,502 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Shakespeare's Henry V Act III, Scene I by Laurence Olivier.flv
[2010/12/21 10:06:32 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\User\Desktop\newworldorderuk.url
[2010/12/21 09:51:23 | 000,000,213 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Jewish Defense League.url
[2010/12/20 23:29:56 | 000,000,264 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Why won't some files defrag.url
[2010/12/20 23:15:50 | 000,000,301 | ---- | M] () -- C:\Documents and Settings\User\Desktop\The Savage Nation Forum.url
[2010/12/20 20:28:50 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\userinit.exe
[2010/12/20 18:47:49 | 036,785,355 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Video #007 Schools Teaching Kids About Islam. 20.12.10.flv
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/20 17:46:59 | 000,000,301 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - football club.url
[2010/12/20 15:21:35 | 000,000,373 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - the who.url
[2010/12/19 21:50:21 | 000,000,356 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Sign in to Yahoo!.url
[2010/12/19 21:20:38 | 000,000,263 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - robinarielmedia's Channel.url
[2010/12/19 16:11:56 | 016,746,974 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Hizb ut Tahrir March for Gaza.flv
[2010/12/18 22:52:55 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ubersoldier 2.lnk
[2010/12/18 22:00:47 | 000,000,295 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - ironmaiden's Channel.url
[2010/12/18 21:11:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/18 21:05:52 | 000,000,220 | ---- | M] () -- C:\Documents and Settings\User\Desktop\TheHill.com.url
[2010/12/18 19:09:59 | 000,000,263 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - EnglishDemocrat's Channel.url
[2010/12/18 14:37:36 | 000,000,315 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Mark Thompson, Director-General of the BBC - Common Purpose training - WhatDoTheyKnow.url
[2010/12/18 13:30:41 | 000,000,257 | ---- | M] () -- C:\Documents and Settings\User\Desktop\The Surfing Rabbi.url
[2010/12/17 23:05:41 | 000,000,255 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - SikhWorldTV's Channel.url
[2010/12/17 15:16:50 | 000,000,233 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Michael Savage Show.url
[2010/12/17 14:28:04 | 000,000,379 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - elvis.url
[2010/12/16 21:34:28 | 000,000,375 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - islamism.url
[2010/12/16 15:43:38 | 000,000,407 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - MarxistFascistUK's Channel (2).url
[2010/12/15 19:25:56 | 000,330,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/14 22:36:45 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/14 22:35:28 | 013,496,102 | ---- | M] () -- C:\Documents and Settings\User\My Documents\EDL - Gutsy female EDL member silenced at 'Islamophobia' conference.flv
[2010/12/14 16:22:22 | 243,189,356 | ---- | M] () -- C:\Documents and Settings\User\My Documents\The Day the Dollar Died.avi
[2010/12/14 15:53:46 | 043,015,983 | ---- | M] () -- C:\Documents and Settings\User\My Documents\The Day the Dollar Died.flv
[2010/12/14 15:37:00 | 000,000,307 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - american militia.url
[2010/12/14 13:24:53 | 000,000,278 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Mark Levin Show.url
[2010/12/13 19:49:55 | 000,000,259 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - Goodfightlads's Channel.url
[2010/12/13 18:58:10 | 000,000,403 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - meir kahane.url
[2010/12/13 18:19:44 | 000,000,261 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - Patriotic English song.url
[2010/12/13 16:02:52 | 008,697,084 | ---- | M] () -- C:\Documents and Settings\User\My Documents\counterfeet's Channel.flv
[2010/12/13 14:46:21 | 000,000,291 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - the kiss.url
[2010/12/12 23:20:47 | 000,000,261 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - Remember Great Britain .url
[2010/12/12 18:07:31 | 000,000,249 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - clarkewi's Channel.url
[2010/12/12 00:09:45 | 000,000,877 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware (2).lnk
[2010/12/11 22:32:48 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\HiJackThis.lnk
[2010/12/11 22:02:48 | 000,000,608 | ---- | M] () -- C:\Documents and Settings\User\Desktop\The Qword search engine is overriding google as the default at the top right corner even after I have delete it. - Web Search Help.url
[2010/12/11 22:01:42 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/12/11 21:15:03 | 030,295,162 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Tommy Robinson Peterborough part two.flv
[2010/12/11 20:53:04 | 046,445,311 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Tommy Robinson Peterborough Part 1.flv
[2010/12/11 19:53:36 | 000,000,297 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Strange pop-ups and other malware.url
[2010/12/11 18:34:26 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/12/11 17:47:19 | 000,000,230 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Remove qword.dll - qword.dll Manual and Automatic Removal Instructions.url
[2010/12/11 17:33:27 | 000,000,232 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Tech PC Forums • Index page.url
[2010/12/11 17:04:03 | 000,000,261 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - Episode 6 - Alan Partridge's - Mid Morning Matters.url
[2010/12/11 17:01:06 | 000,000,387 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - geert wilders.url
[2010/12/11 13:56:46 | 000,000,251 | ---- | M] () -- C:\Documents and Settings\User\Desktop\The Manning Report.url
[2010/12/11 12:44:30 | 018,134,668 | ---- | M] () -- C:\Documents and Settings\User\My Documents\English Speaking Schoolchildren a Minority in British Schools3.flv
[2010/12/10 20:48:53 | 000,000,405 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - israel punk music.url
[2010/12/10 11:09:53 | 010,417,091 | ---- | M] () -- C:\Documents and Settings\User\My Documents\EDL Rabbi Meir Kahane- The First US victim of Al Quada.mp4
[2010/12/09 21:24:20 | 000,000,281 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - idf.url
[2010/12/09 18:47:58 | 000,000,289 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - england.url
[2010/12/09 15:07:53 | 005,501,895 | ---- | M] () -- C:\Documents and Settings\User\My Documents\EDL Michael Savage.flv
[2010/12/09 11:52:40 | 246,228,712 | ---- | M] () -- C:\Documents and Settings\User\My Documents\EDL Rabbi Schrifrens Address To The British Resistance.avi
[2010/12/09 11:35:21 | 044,850,687 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Surfing rabbi - Nachum Shifren at EDL Demo in London.flv
[2010/12/07 21:00:48 | 000,000,443 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - punk uk.url
[2010/12/07 20:33:30 | 000,000,283 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - army.url
[2010/12/07 14:41:38 | 000,000,397 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - radio caroline.url
[2010/12/06 19:10:52 | 000,000,393 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - punk israel.url
[2010/12/06 11:12:44 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Newsmax - Newsmax.com - Breaking News, Politics, Commentary.url
[2010/12/05 15:40:15 | 000,000,914 | ---- | M] () -- C:\Documents and Settings\User\Desktop\A Free Press for a Free People.url
[2010/12/04 20:17:27 | 027,055,395 | ---- | M] () -- C:\Documents and Settings\User\My Documents\goodbyeweyman's Channel.flv
[2010/12/03 21:39:16 | 015,695,940 | ---- | M] () -- C:\Documents and Settings\User\My Documents\EDL Pete McKenna.flv
[2010/12/02 11:18:49 | 062,298,450 | ---- | M] () -- C:\Documents and Settings\User\My Documents\English Defence League support Israel.flv
[2010/12/01 19:45:17 | 018,057,260 | ---- | M] () -- C:\Documents and Settings\User\My Documents\PopModal The Conservative Alternative to YouTube - Jackie Mason Endorsement of Rabbi Shifren.flv
[2010/11/30 15:47:29 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - Fashion in the 1950's.url
[2010/11/29 17:38:30 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/11/29 17:38:30 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/11/29 16:56:32 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes (2).lnk
[2010/11/29 12:00:03 | 014,244,862 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Guramit Singh's Speech EDL Nuneaton 27 Nov 2010.flv
[2010/11/29 11:02:10 | 034,738,820 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Robert Spencer - so what if Feisal Abdul Rauf is really what he says he is.flv
[2010/11/28 15:29:01 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/11/28 14:14:04 | 086,857,287 | ---- | M] () -- C:\Documents and Settings\User\My Documents\THE GLORIOUS EDL.flv
[2010/11/28 11:39:46 | 004,157,293 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Are Muslim Nurses Killing Patients.flv
[2010/11/28 11:19:25 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
[2010/11/27 23:01:51 | 000,199,904 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/11/27 23:01:00 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/11/27 23:01:00 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/11/27 23:00:54 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2010/11/27 20:45:28 | 000,001,244 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Shortcut to 1940's Fashion - Ladies Boudoir.flv.lnk
[2010/11/27 20:45:13 | 000,001,129 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Shortcut to 50'sGirl.flv.lnk
[2010/11/27 14:27:15 | 000,000,247 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - vidcat1's Channel.url
[2010/11/24 21:08:26 | 000,000,261 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - famouspictures's Channel.url
[2010/11/24 17:15:00 | 007,703,836 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Saudi King Heads to U.S. for Medical Treatment.flv
[5 C:\Documents and Settings\User\My Documents\*.tmp files -> C:\Documents and Settings\User\My Documents\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/23 16:31:57 | 000,000,909 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy (2).lnk
[2010/12/23 10:10:46 | 000,000,511 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Download Microsoft Digital Image.url
[2010/12/22 21:43:19 | 000,000,253 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - limoneador's Channel.url
[2010/12/22 21:27:58 | 000,000,271 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - PunkRockLibertarian's Channel.url
[2010/12/22 19:40:33 | 020,225,545 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Tommy Robinson talks about Police Tactics2.flv
[2010/12/22 18:54:12 | 000,376,832 | ---- | C] () -- C:\ffastunT.ffl
[2010/12/22 14:46:36 | 000,000,255 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - RancidElf32's Channel.url
[2010/12/21 20:12:47 | 000,000,927 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2010/12/21 19:33:56 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/12/21 19:28:58 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/21 19:28:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/21 19:28:58 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/21 19:28:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/21 19:28:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/21 19:21:40 | 000,000,263 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - nosurrender1969's Channel.url
[2010/12/21 16:14:35 | 020,411,288 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Guramit Singh EDL Spokesman arrested3.flv
[2010/12/21 15:01:32 | 009,585,502 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Shakespeare's Henry V Act III, Scene I by Laurence Olivier.flv
[2010/12/21 09:51:23 | 000,000,213 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Jewish Defense League.url
[2010/12/20 23:29:56 | 000,000,264 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Why won't some files defrag.url
[2010/12/20 22:47:29 | 000,000,407 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - birmingham football club.url
[2010/12/20 18:15:24 | 036,785,355 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Video #007 Schools Teaching Kids About Islam. 20.12.10.flv
[2010/12/20 17:46:59 | 000,000,301 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - football club.url
[2010/12/19 16:02:24 | 016,746,974 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Hizb ut Tahrir March for Gaza.flv
[2010/12/18 23:35:05 | 000,000,373 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - the who.url
[2010/12/18 22:52:55 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ubersoldier 2.lnk
[2010/12/18 22:00:47 | 000,000,295 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - ironmaiden's Channel.url
[2010/12/18 19:09:59 | 000,000,263 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - EnglishDemocrat's Channel.url
[2010/12/18 14:37:36 | 000,000,315 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Mark Thompson, Director-General of the BBC - Common Purpose training - WhatDoTheyKnow.url
[2010/12/18 13:30:41 | 000,000,257 | ---- | C] () -- C:\Documents and Settings\User\Desktop\The Surfing Rabbi.url
[2010/12/17 23:05:41 | 000,000,255 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - SikhWorldTV's Channel.url
[2010/12/17 14:28:04 | 000,000,379 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - elvis.url
[2010/12/16 15:43:38 | 000,000,407 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - MarxistFascistUK's Channel (2).url
[2010/12/14 22:35:27 | 013,496,102 | ---- | C] () -- C:\Documents and Settings\User\My Documents\EDL - Gutsy female EDL member silenced at 'Islamophobia' conference.flv
[2010/12/14 16:26:28 | 243,189,356 | ---- | C] () -- C:\Documents and Settings\User\My Documents\The Day the Dollar Died.avi
[2010/12/14 15:37:00 | 000,000,307 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - american militia.url
[2010/12/14 15:30:25 | 043,015,983 | ---- | C] () -- C:\Documents and Settings\User\My Documents\The Day the Dollar Died.flv
[2010/12/13 22:25:57 | 000,000,220 | ---- | C] () -- C:\Documents and Settings\User\Desktop\TheHill.com.url
[2010/12/13 19:49:55 | 000,000,259 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - Goodfightlads's Channel.url
[2010/12/13 18:19:44 | 000,000,261 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - Patriotic English song.url
[2010/12/13 16:00:12 | 008,697,084 | ---- | C] () -- C:\Documents and Settings\User\My Documents\counterfeet's Channel.flv
[2010/12/12 23:20:47 | 000,000,261 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - Remember Great Britain .url
[2010/12/12 18:07:31 | 000,000,249 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - clarkewi's Channel.url
[2010/12/12 00:09:45 | 000,000,877 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware (2).lnk
[2010/12/11 22:29:21 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\HiJackThis.lnk
[2010/12/11 22:01:42 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/12/11 20:56:31 | 030,295,162 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Tommy Robinson Peterborough part two.flv
[2010/12/11 20:52:29 | 046,445,311 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Tommy Robinson Peterborough Part 1.flv
[2010/12/11 19:53:36 | 000,000,297 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Strange pop-ups and other malware.url
[2010/12/11 19:47:38 | 000,000,608 | ---- | C] () -- C:\Documents and Settings\User\Desktop\The Qword search engine is overriding google as the default at the top right corner even after I have delete it. - Web Search Help.url
[2010/12/11 17:47:19 | 000,000,230 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Remove qword.dll - qword.dll Manual and Automatic Removal Instructions.url
[2010/12/11 16:24:28 | 000,000,261 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - Episode 6 - Alan Partridge's - Mid Morning Matters.url
[2010/12/11 12:44:29 | 018,134,668 | ---- | C] () -- C:\Documents and Settings\User\My Documents\English Speaking Schoolchildren a Minority in British Schools3.flv
[2010/12/10 18:24:54 | 000,000,375 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - islamism.url
[2010/12/10 11:04:57 | 010,417,091 | ---- | C] () -- C:\Documents and Settings\User\My Documents\EDL Rabbi Meir Kahane- The First US victim of Al Quada.mp4
[2010/12/09 22:23:35 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-527237240-1614895754-1801674531-1001.job
[2010/12/09 21:24:20 | 000,000,281 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - idf.url
[2010/12/09 20:22:47 | 000,000,405 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - israel punk music.url
[2010/12/09 17:55:23 | 000,000,289 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - england.url
[2010/12/09 15:04:45 | 005,501,895 | ---- | C] () -- C:\Documents and Settings\User\My Documents\EDL Michael Savage.flv
[2010/12/09 11:53:14 | 246,228,712 | ---- | C] () -- C:\Documents and Settings\User\My Documents\EDL Rabbi Schrifrens Address To The British Resistance.avi
[2010/12/09 11:17:03 | 044,850,687 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Surfing rabbi - Nachum Shifren at EDL Demo in London.flv
[2010/12/08 23:32:04 | 000,000,403 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - meir kahane.url
[2010/12/08 10:45:56 | 000,000,301 | ---- | C] () -- C:\Documents and Settings\User\Desktop\The Savage Nation Forum.url
[2010/12/07 14:41:38 | 000,000,397 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - radio caroline.url
[2010/12/06 22:00:44 | 000,000,387 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - geert wilders.url
[2010/12/06 19:10:52 | 000,000,393 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - punk israel.url
[2010/12/06 13:43:11 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/12/05 22:26:36 | 000,000,283 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - army.url
[2010/12/05 22:17:17 | 000,000,291 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - the kiss.url
[2010/12/05 13:56:54 | 000,000,251 | ---- | C] () -- C:\Documents and Settings\User\Desktop\The Manning Report.url
[2010/12/04 20:02:18 | 027,055,395 | ---- | C] () -- C:\Documents and Settings\User\My Documents\goodbyeweyman's Channel.flv
[2010/12/04 16:58:00 | 000,000,278 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Mark Levin Show.url
[2010/12/04 11:04:16 | 000,000,443 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - punk uk.url
[2010/12/03 21:39:16 | 015,695,940 | ---- | C] () -- C:\Documents and Settings\User\My Documents\EDL Pete McKenna.flv
[2010/12/02 10:45:57 | 062,298,450 | ---- | C] () -- C:\Documents and Settings\User\My Documents\English Defence League support Israel.flv
[2010/12/01 19:20:56 | 018,057,260 | ---- | C] () -- C:\Documents and Settings\User\My Documents\PopModal The Conservative Alternative to YouTube - Jackie Mason Endorsement of Rabbi Shifren.flv
[2010/11/29 16:56:32 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes (2).lnk
[2010/11/29 11:51:48 | 014,244,862 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Guramit Singh's Speech EDL Nuneaton 27 Nov 2010.flv
[2010/11/29 10:49:03 | 034,738,820 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Robert Spencer - so what if Feisal Abdul Rauf is really what he says he is.flv
[2010/11/28 15:29:01 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/11/28 12:53:23 | 086,857,287 | ---- | C] () -- C:\Documents and Settings\User\My Documents\THE GLORIOUS EDL.flv
[2010/11/28 11:37:51 | 004,157,293 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Are Muslim Nurses Killing Patients.flv
[2010/11/28 11:19:25 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
[2010/11/27 20:45:28 | 000,001,244 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Shortcut to 1940's Fashion - Ladies Boudoir.flv.lnk
[2010/11/27 20:45:13 | 000,001,129 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Shortcut to 50'sGirl.flv.lnk
[2010/11/24 21:08:26 | 000,000,261 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - famouspictures's Channel.url
[2010/11/24 17:12:35 | 007,703,836 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Saudi King Heads to U.S. for Medical Treatment.flv
[2010/11/24 10:04:33 | 000,000,263 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - robinarielmedia's Channel.url
[2010/11/03 00:04:20 | 000,187,856 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/20 15:30:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\SYSVCPDRV.SYS
[2010/09/20 15:28:50 | 000,006,852 | ---- | C] () -- C:\WINDOWS\System32\drivers\Vcs.sys
[2010/06/04 17:54:02 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini
[2010/05/24 18:54:01 | 000,000,088 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/05/16 18:18:58 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2010/04/29 19:27:14 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/29 11:34:51 | 000,000,207 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2010/04/24 11:03:48 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/13 17:10:36 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/04/13 16:52:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/04/13 16:10:47 | 000,966,765 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll
[2010/04/13 16:10:47 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\SCMLib.dll
[2010/04/13 16:10:47 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\RtlGina2.dll
[2008/04/14 05:41:56 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2008/04/14 05:41:56 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2008/04/14 05:41:56 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2008/04/14 05:41:56 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2008/04/14 05:41:56 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2006/12/19 06:15:20 | 000,065,154 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2006/12/12 09:48:22 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2006/11/30 07:01:26 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/05/18 06:03:24 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[1997/08/18 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/08/18 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B11E0DF

< End of report >
sarasara
Regular Member
 
Posts: 52
Joined: December 11th, 2010, 6:06 pm

Re: Cant remove Q-Word Search

Unread postby deltalima » December 23rd, 2010, 2:26 pm

Did you try

At the bottom left it should say Find more search providers…, what happens if you click that? Can you add for example Google?
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Cant remove Q-Word Search

Unread postby sarasara » December 23rd, 2010, 2:30 pm

Hi Deltalima,

The procedure has worked this time. I think you may have already removed the root by the uninstallations or a previous scan allowing the menu which previously read 'not available' to work. I was able to make Google default and remove Q -Word....I hope.

I rebooted the system and the Q-Word is still gone.

So hopefully all is now well but I will keep the system under observation and report back if it reappears; perhaps re-triggered by a spawn.
So thank's a lot and hope all is clear,
regards,
sara. :o
sarasara
Regular Member
 
Posts: 52
Joined: December 11th, 2010, 6:06 pm

Re: Cant remove Q-Word Search

Unread postby deltalima » December 23rd, 2010, 3:18 pm

Hi sarasara,

I rebooted the system and the Q-Word is still gone.


Excellent!

Now that you are clean, please follow these steps in order to keep your computer clean and secure.

Remove GMER

Delete the GMER icon from your desktop.

Uninstall ComboFix

  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.


Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 281 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware