Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Searchqu must die!! Computer advice needed

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Searchqu must die!! Computer advice needed

Unread postby sportjunkie07 » April 3rd, 2011, 2:28 am

After searching for a while and finding many possible solutions, I decided to come here for help. I was attempting to download StreamTorrent from hxxp://myp2p.eu, instead, I wound up downloading ilivid and the ninja-like Searchqu.

Searchqu will not go away and its toolbar and search engine have infected my computer for who knows what reason. It must go away..

I uninstalled ilivid (no problem there) and also uninstalled Searchqu, but Searchqu will not go away. I see there is a similar post on this forum page, but I figured the situation might be different than mine. I appreciate any help; here are my DDS and ATTACH logs:

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Tom at 0:54:08.94 on Sun 04/03/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3837.2452 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Tom\Desktop\malwareremoval\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchqu.com/406
mWinlogon: Userinit=userinit.exe
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIC55D~1\ToolBar\searchqudtx.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIC55D~1\ToolBar\searchqudtx.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs:
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
mRun-x64: [(Default)]
mRun-x64: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
AppInit_DLLs-X64: C:\PROGRA~2\WIC55D~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\WIC55D~1\Datamngr\x64\IEBHO.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\f6cggkyz.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=406&q=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-10-24 188928]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-7-2 203264]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2009-12-3 716872]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2011-3-6 228408]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-10-24 40832]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-3-6 220672]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-2 187392]
R3 WacomHidFilter;Wacom HID Filter;C:\Windows\System32\drivers\wacomhidfilter.sys [2009-6-17 13224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-13 136176]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
.
=============== Created Last 30 ================
.
2011-04-02 23:59:54 -------- d-----w- C:\Users\Tom\AppData\Roaming\StreamTorrent
2011-04-02 23:52:17 -------- d-----w- C:\Users\Tom\AppData\Local\Ilivid Player
2011-04-02 23:50:25 -------- d-----w- C:\Users\Tom\AppData\Local\PackageAware
2011-04-02 21:48:15 8424784 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{F54904AC-AF1B-4CF1-88A4-7539B7F62C26}\mpengine.dll
2011-03-27 06:17:32 601424 ------w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{E75E0C8A-0DA9-46C2-97A8-90F7979CF2F0}\gapaengine.dll
2011-03-13 07:54:29 -------- d-----w- C:\Users\Tom\AppData\Local\Google
2011-03-13 07:54:06 -------- d-----r- C:\Program Files (x86)\Skype
2011-03-09 22:22:44 1135104 ----a-w- C:\Windows\System32\FntCache.dll
2011-03-09 22:22:43 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-03-09 22:22:42 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-03-09 22:22:42 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-03-09 22:22:42 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2011-03-09 22:12:14 -------- d-----w- C:\Users\Tom\AppData\Roaming\Foxit Software
2011-03-08 23:32:19 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2011-03-08 23:32:19 723968 ----a-w- C:\Windows\System32\EncDec.dll
2011-03-08 23:32:19 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2011-03-08 23:32:18 850432 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-03-08 23:32:18 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-03-08 23:32:18 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-03-08 23:32:18 1118720 ----a-w- C:\Windows\System32\sbe.dll
2011-03-08 23:32:17 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-03-08 23:32:07 3138048 ----a-w- C:\Windows\System32\mstscax.dll
2011-03-08 23:32:07 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll
2011-03-08 23:32:06 1097216 ----a-w- C:\Windows\System32\mstsc.exe
2011-03-08 23:32:06 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe
2011-03-08 19:44:11 601424 ------w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-03-08 19:44:06 8424784 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-07 05:57:08 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-03-07 05:57:07 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-03-07 05:42:30 -------- d-----w- C:\Program Files\Motorola
2011-03-07 05:39:54 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2011-03-07 05:39:54 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2011-03-07 05:36:19 0 ----a-w- C:\Windows\ativpsrm.bin
2011-03-07 05:32:49 -------- d-----w- C:\Windows\Panther
2011-03-07 05:32:34 -------- d-sh--w- C:\Boot
2011-03-07 05:24:34 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
2011-03-07 05:22:07 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-03-07 05:22:06 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-03-07 05:22:06 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-03-07 05:22:06 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-03-07 05:22:06 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-03-07 05:22:06 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-03-07 05:22:06 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-03-07 05:22:06 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-03-07 05:22:06 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-03-07 05:22:05 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-03-07 05:16:10 -------- d-----w- C:\PROGRA~3\TrueSuite
2011-03-07 05:16:08 -------- d-----w- C:\Windows\System32\wocaffe
2011-03-07 05:16:08 -------- d-----w- C:\Program Files\TrueSuite
2011-03-07 05:16:03 -------- d-----w- C:\PROGRA~3\Downloaded Installations
2011-03-07 05:07:49 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2011-03-07 05:06:58 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-03-07 04:58:01 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-03-07 04:58:01 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-03-07 04:58:01 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2011-03-07 04:58:01 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-03-07 04:58:00 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2011-03-07 04:43:03 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2011-03-07 04:42:45 -------- d-----w- C:\Windows\PCHEALTH
2011-03-07 04:42:45 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-03-07 04:40:23 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2011-03-07 04:39:53 -------- d-----w- C:\Users\Tom\AppData\Local\Microsoft Help
2011-03-07 04:37:43 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-03-07 04:35:32 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-03-07 04:35:32 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-07 04:34:02 -------- d-----w- C:\Users\Tom\AppData\Local\Mozilla
2011-03-07 04:32:50 -------- d-----w- C:\Program Files (x86)\Foxit Software
2011-03-07 04:25:49 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-03-07 04:24:26 220672 ----a-w- C:\Windows\System32\wintrust.dll
2011-03-07 04:24:26 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2011-03-07 04:24:25 139264 ----a-w- C:\Windows\System32\cabview.dll
2011-03-07 04:24:25 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2011-03-07 04:18:43 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-03-07 04:18:28 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-03-07 04:18:14 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2011-03-07 04:10:16 -------- d-----w- C:\Users\Tom\AppData\Roaming\hpqLog
2011-03-07 04:09:54 1919968 ----a-w- C:\Windows\System32\drivers\wdfcoinstaller01005.dll
2011-03-07 04:09:54 18432 ----a-w- C:\Windows\System32\drivers\HpqKbFiltr.sys
2011-03-07 04:09:52 1885488 ----a-w- C:\Windows\SysWow64\BttnCmns.dll
2011-03-07 04:09:52 1885488 ----a-r- C:\Windows\SysWow64\BttnCmn.dll
2011-03-07 04:08:24 6656 ----a-w- C:\Windows\System32\bcmwlrc.dll
2011-03-07 04:08:23 95472 ----a-w- C:\Windows\System32\bcmwlcoi.dll
2011-03-07 04:08:23 3890688 ----a-w- C:\Windows\System32\bcmihvsrv64.dll
2011-03-07 04:08:23 3555328 ----a-w- C:\Windows\System32\bcmihvui64.dll
2011-03-07 04:08:23 2978296 ----a-w- C:\Windows\System32\drivers\BCMWL664.SYS
2011-03-07 04:08:23 -------- d-----w- C:\Program Files\Broadcom
2011-03-07 04:03:07 -------- d-----w- C:\Users\Tom\AppData\Local\ATI
2011-03-07 03:58:02 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2011-03-07 03:58:01 -------- d-sh--w- C:\Windows\Installer
2011-03-07 03:57:51 -------- d-----w- C:\Program Files\ATI Technologies
2011-03-07 03:57:45 -------- d-----w- C:\Program Files\ATI
2011-03-07 03:56:04 -------- d-----w- C:\Program Files\Synaptics
2011-03-07 03:54:10 67584 ----a-w- C:\Windows\System32\RtNicProp64.dll
2011-03-07 03:52:57 7347200 ----a-w- C:\Windows\System32\RTSUSTORicon.dll
2011-03-07 03:52:57 351744 ----a-w- C:\Windows\System32\RtsUStor.dll
2011-03-07 03:52:57 220672 ----a-w- C:\Windows\System32\drivers\RtsUStor.sys
2011-03-07 03:52:57 -------- d-----w- C:\Program Files (x86)\Realtek
2011-03-07 03:48:50 -------- d-----w- C:\SwSetup
2011-03-07 03:45:10 -------- d-----w- C:\Users\Tom\AppData\Local\VirtualStore
2011-03-07 03:40:58 -------- d-sh--w- C:\Recovery
.
==================== Find3M ====================
.
2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-01-17 06:17:00 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-01-17 05:38:38 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-01-07 08:07:24 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-01-07 08:07:24 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 07:31:10 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-01-07 07:31:10 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 0:54:52.53 ===============






.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 3/6/2011 11:37:47 PM
System Uptime: 4/2/2011 10:54:54 PM (2 hours ago)
.
Motherboard: Quanta | | 30F1
Processor: AMD Turion(tm) X2 Ultra Dual-Core Mobile ZM-82 | Socket M2/S1G1 | 2200/1800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 199.738 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\ENE0100\4&23FC94D0&0
Manufacturer:
Name:
PNP Device ID: ACPI\ENE0100\4&23FC94D0&0
Service:
.
==== System Restore Points ===================
.
RP12: 3/8/2011 3:00:10 AM - Windows Update
RP13: 3/8/2011 1:43:28 PM - Windows Update
RP15: 3/9/2011 12:10:58 PM - Windows Modules Installer
RP16: 3/9/2011 12:14:55 PM - Windows Modules Installer
RP17: 3/9/2011 3:11:09 PM - Windows Update
RP19: 3/10/2011 1:19:45 PM - Windows Modules Installer
RP20: 3/10/2011 4:50:29 PM - Windows Update
RP22: 3/11/2011 7:08:55 PM - Windows Update
RP23: 3/12/2011 7:32:00 AM - Windows Update
RP24: 3/12/2011 9:43:11 PM - Windows Update
RP25: 3/13/2011 5:29:03 AM - Windows Update
RP26: 3/14/2011 8:20:50 AM - Windows Update
RP27: 3/19/2011 5:48:39 PM - Windows Update
RP28: 3/22/2011 10:02:08 PM - Windows Update
RP29: 3/23/2011 11:45:16 PM - Windows Update
RP30: 3/24/2011 3:00:11 AM - Windows Update
RP31: 3/27/2011 1:16:52 AM - Windows Update
RP32: 3/28/2011 8:55:41 PM - Windows Update
RP33: 4/2/2011 4:47:55 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CyberLink YouCam
Definition update for Microsoft Office 2010 (KB982726)
Foxit Reader
Google Chrome
Google Update Helper
HP Quick Launch Buttons
HP Wireless Assistant
Java Auto Updater
Java(TM) 6 Update 24
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Mozilla Firefox (3.6.16)
QLBCASL
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Skype Toolbars
Skype™ 5.1
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2010 (KB2494150)
VLC media player 1.1.7
.
==== Event Viewer Messages From Past Week ========
.
4/2/2011 9:52:10 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer JENNIFOFO-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AF205589-68D3-4BA3-A04D-1B8E5BC3767D}. The master browser is stopping or an election is being forced.
4/2/2011 11:35:51 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer USER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AF205589-68D3-4BA3-A04D-1B8E5BC3767D}. The master browser is stopping or an election is being forced.
4/1/2011 3:21:10 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.319.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
4/1/2011 3:21:10 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.319.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
3/31/2011 12:56:11 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.319.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/31/2011 10:06:30 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer DAVID-VAIO that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AF205589-68D3-4BA3-A04D-1B8E5BC3767D}. The master browser is stopping or an election is being forced.
3/29/2011 11:02:14 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer ARCHIMEDES that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AF205589-68D3-4BA3-A04D-1B8E5BC3767D}. The master browser is stopping or an election is being forced.
3/29/2011 10:25:14 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.319.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
3/29/2011 10:25:14 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.319.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
3/28/2011 8:55:42 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer OWNER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AF205589-68D3-4BA3-A04D-1B8E5BC3767D}. The master browser is stopping or an election is being forced.
3/27/2011 5:54:13 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.235.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
3/27/2011 5:54:13 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.235.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
.
==== End Of File ===========================
sportjunkie07
Active Member
 
Posts: 2
Joined: April 3rd, 2011, 1:44 am
Advertisement
Register to Remove

Re: Searchqu must die!! Computer advice needed

Unread postby askey127 » April 6th, 2011, 7:03 am

Hi sportjunkie07,
-----------------------------------------------
Please Note Our Policy on the Use of P2P (Person to Person / Peer to Peer) file sharing programs
It is posted here: http://malwareremoval.com/forum/viewtopic.php?p=491394#p491394
As a condition of receiving our help, I have included the P2P program Stream Torrent in the removal instructions below, so we are not wasting our time.
If you have used this, you can be fairly confident this is a principal reason your computer is infected

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Frostwire, Stream Torrent, Vuze, Shareaza, Bitlord.
(Limewire has just been shut down by the courts).
Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Some of the recent infections can turn your machine into a doorstop.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Stream Torrent

Take extra care in answering questions posed by any Uninstaller.
---------------------------------------------
Run a Scan with OTL
  1. Please download OTL.exe by OldTimer and save it to your desktop.
  2. Right click on OTL.exe and select Run As Administrator to run it. If Windows UAC prompts you, please allow it.
    If you have a 64-bit version of Windows, check the box at the top, labeled Include 64 bit scans
  3. Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
  4. Click on the Run Scan button at the top left hand corner.
  5. OTL will start running. When done, 2 Notepad files will open; OTL.txt and Extras.txt.
    They will be saved on your desktop.
Please post the contents of these files.
You may use separate replies if you wish.
If any of the files are too large to post, you can split the oversize one(s) into multiple replies

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Searchqu must die!! Computer advice needed

Unread postby sportjunkie07 » April 6th, 2011, 7:12 pm

Thank you for the response, askey127,

I unistalled StreamTorrent as soon as I realized there was a rootkit, and I do not have any other file sharing programs on my computer.

Here are my OTL and Extras scans:



OTL Extras logfile created on: 4/6/2011 5:54:17 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Tom\Desktop\malwareremoval
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 200.29 Gb Free Space | 86.00% Space Free | Partition Type: NTFS

Computer Name: TOMCAT | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1991381348-1993913557-2874525089-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{3E062557-768F-D893-35D7-0DC43F3FD501}" = ATI Catalyst Install Manager
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8481A16-29D6-D810-151A-B2FB74605D7B}" = ccc-utility64
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{051F0288-9957-FE57-79A3-07AA49632818}" = CCC Help Spanish
"{05C4F488-C22E-9197-C6AA-901E43B96924}" = CCC Help Portuguese
"{09BAFD39-3108-784E-A856-4594A9393128}" = CCC Help Japanese
"{1061DF04-CF33-40B0-8360-D07C9BBEB122}" = HP Wireless Assistant
"{210085C3-8FBB-8B22-F61B-31999E117788}" = CCC Help Hungarian
"{225E84F0-97BD-FF02-AAE7-6B38E5153202}" = Catalyst Control Center Localization All
"{23EE4581-6200-C6AA-331C-BA774C8A5341}" = ccc-core-static
"{266D0EEA-E5A6-4A08-A0EE-5391D4EA44A7}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{31E068F1-38D7-B97E-AFAF-8FF9154A42A8}" = CCC Help Thai
"{32BCADC3-A873-30E4-F797-2D2F2A115C50}" = Catalyst Control Center Graphics Light
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C2B48CA-6621-FC2F-121F-FCC8594A35BD}" = CCC Help Russian
"{4D821FFA-6B99-907D-CD4E-582A8A0CFAF7}" = CCC Help Norwegian
"{4EB5D4BA-9529-C68C-4876-138AE6368FFF}" = CCC Help Czech
"{5AA9FF76-99FF-F027-6DDF-B401223E79E4}" = CCC Help Danish
"{65387BC1-71F5-2212-97A0-83DBA705372C}" = Catalyst Control Center Core Implementation
"{66D44191-3BC8-20A4-1D30-B8E40E4EA727}" = CCC Help Chinese Standard
"{6E8831AB-D568-7A0C-B291-C7F53F292D1D}" = CCC Help English
"{87820127-3C1E-557C-D358-DB0A28F738CD}" = Catalyst Control Center Graphics Previews Vista
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8D7CD021-6DA1-8538-124F-E5F94C830223}" = Catalyst Control Center Graphics Full Existing
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{A29549FD-65F3-440C-A552-6B8114CF319D}" = Skype Toolbars
"{A2F75E8C-E971-0345-7023-42F271D641B0}" = CCC Help Chinese Traditional
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B387C2F6-D342-B0DE-DA1A-2BE8D481B925}" = Catalyst Control Center Graphics Full New
"{B85F2B1F-319D-D0D8-CD9C-4A6CAE149E04}" = CCC Help Greek
"{C2A36E9E-9D1D-CDBE-F7D4-31441A2B79A7}" = Catalyst Control Center Graphics Previews Common
"{C7C4ED33-A6FB-D4A3-BD17-A7C2807721DA}" = CCC Help German
"{D09A13A7-C995-0946-2B3E-59394390941B}" = CCC Help Polish
"{D547C60A-ADB4-5ADF-F835-C0BCA38A8254}" = CCC Help Swedish
"{D683E55E-11C0-981B-09F4-B1F445FF65FF}" = CCC Help Turkish
"{DA4EB67F-D52E-DF18-69F6-A4FA8743416C}" = CCC Help Finnish
"{E28037A0-BC5F-4CF2-3381-CAC96010556E}" = Catalyst Control Center InstallProxy
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EA899D78-250A-8365-D64F-643F8D01A934}" = CCC Help Italian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F2D8ACF1-CB4D-4F9A-82C4-62B966D661DB}" = CCC Help Dutch
"{F325F331-3685-7625-4B22-A789E8F199F8}" = CCC Help French
"{F3BD3052-FF16-788B-4FFE-755FCCAC7F39}" = CCC Help Korean
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Foxit Reader" = Foxit Reader
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"VLC media player" = VLC media player 1.1.7

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/29/2011 12:47:59 AM | Computer Name = Tomcat | Source = Google Update | ID = 20
Description =

Error - 3/30/2011 2:43:00 PM | Computer Name = Tomcat | Source = Google Update | ID = 20
Description =

Error - 3/30/2011 2:59:05 PM | Computer Name = Tomcat | Source = Google Update | ID = 20
Description =

Error - 3/31/2011 6:48:45 PM | Computer Name = Tomcat | Source = Google Update | ID = 20
Description =

Error - 4/1/2011 10:14:46 AM | Computer Name = Tomcat | Source = Google Update | ID = 20
Description =

Error - 4/1/2011 11:25:00 PM | Computer Name = Tomcat | Source = Google Update | ID = 20
Description =

Error - 4/2/2011 11:32:45 PM | Computer Name = Tomcat | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF0A Description:Security Essentials is still installed
on your computer.. Security Essentials was not removed from your computer. It will
continue to monitor your computer and help protect it from potential threats. Error
code:0x8004FF0A.

Error - 4/6/2011 3:04:05 AM | Computer Name = Tomcat | Source = Google Update | ID = 20
Description =

Error - 4/6/2011 12:50:53 PM | Computer Name = Tomcat | Source = Google Update | ID = 20
Description =

Error - 4/6/2011 12:59:05 PM | Computer Name = Tomcat | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 4/3/2011 10:56:45 AM | Computer Name = Tomcat | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 4/3/2011 1:53:23 PM | Computer Name = Tomcat | Source = bowser | ID = 8003
Description =

Error - 4/3/2011 2:55:23 PM | Computer Name = Tomcat | Source = BROWSER | ID = 8032
Description =

Error - 4/3/2011 9:09:25 PM | Computer Name = Tomcat | Source = bowser | ID = 8003
Description =

Error - 4/4/2011 1:17:04 PM | Computer Name = Tomcat | Source = bowser | ID = 8003
Description =

Error - 4/4/2011 4:02:12 PM | Computer Name = Tomcat | Source = bowser | ID = 8003
Description =

Error - 4/5/2011 2:57:52 AM | Computer Name = Tomcat | Source = bowser | ID = 8003
Description =

Error - 4/5/2011 3:45:49 AM | Computer Name = Tomcat | Source = bowser | ID = 8003
Description =

Error - 4/5/2011 4:07:15 PM | Computer Name = Tomcat | Source = bowser | ID = 8003
Description =

Error - 4/5/2011 5:14:44 PM | Computer Name = Tomcat | Source = bowser | ID = 8003
Description =


< End of report >






OTL logfile created on: 4/6/2011 5:54:17 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Tom\Desktop\malwareremoval
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 200.29 Gb Free Space | 86.00% Space Free | Partition Type: NTFS

Computer Name: TOMCAT | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/06 17:51:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\malwareremoval\OTL.exe


========== Modules (SafeList) ==========

MOD - [2011/04/06 17:51:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\malwareremoval\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/11 15:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 15:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/02 11:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/06 23:08:19 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/10/24 22:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/05/27 23:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/14 02:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/12/03 17:48:32 | 000,716,872 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2009/10/26 16:36:22 | 001,202,688 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\smserial.sys -- (smserial)
DRV:64bit: - [2009/07/17 12:14:14 | 000,220,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:10:49 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV:64bit: - [2009/07/02 11:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/17 23:53:50 | 000,013,224 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomhidfilter.sys -- (WacomHidFilter)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/04 22:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/03/02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm






IE - HKU\S-1-5-21-1991381348-1993913557-2874525089-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
IE - HKU\S-1-5-21-1991381348-1993913557-2874525089-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1991381348-1993913557-2874525089-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1991381348-1993913557-2874525089-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 85 E3 FF A2 6C ED CB 01 [binary data]
IE - HKU\S-1-5-21-1991381348-1993913557-2874525089-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&systemid=406&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/24 23:30:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/24 23:30:38 | 000,000,000 | ---D | M]

[2011/04/02 22:31:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions
[2011/04/02 22:31:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\f6cggkyz.default\extensions
[2011/03/23 07:24:21 | 000,005,529 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\f6cggkyz.default\searchplugins\SearchquWebSearch.xml
[2011/04/06 02:31:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/13 02:54:23 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/03/06 23:35:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/03/06 23:35:22 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/23 07:24:21 | 000,005,529 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchquWebSearch.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - File not found
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-21-1991381348-1993913557-2874525089-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1991381348-1993913557-2874525089-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 165.95.48.20 128.194.254.2
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WIC55D~1\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WIC55D~1\Datamngr\x64\IEBHO.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/03 00:53:36 | 000,000,000 | ---D | C] -- C:\Users\Tom\Desktop\malwareremoval
[2011/04/02 18:59:54 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\StreamTorrent
[2011/04/02 18:52:17 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Ilivid Player
[2011/04/02 18:50:25 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\PackageAware
[2011/03/24 16:59:43 | 000,000,000 | ---D | C] -- C:\Users\Tom\Desktop\tech writing
[2011/03/13 02:55:37 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\skypePM
[2011/03/13 02:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/03/13 02:54:29 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Google
[2011/03/13 02:54:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/03/13 02:54:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/03/13 02:54:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011/03/13 02:54:06 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011/03/13 02:54:05 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Skype
[2011/03/13 02:54:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/03/09 17:22:43 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/03/09 17:22:42 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/03/09 17:22:42 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/03/09 17:22:42 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/03/09 17:12:14 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Foxit Software
[2011/03/08 18:32:19 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2011/03/08 18:32:19 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/03/08 18:32:19 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2011/03/08 18:32:18 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2011/03/08 18:32:18 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011/03/08 18:32:18 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/03/08 18:32:18 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011/03/08 18:32:17 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011/03/08 18:32:07 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2011/03/08 18:32:07 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2011/03/08 18:32:06 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2011/03/08 18:32:06 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe

========== Files - Modified Within 30 Days ==========

[2011/04/06 17:53:58 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/06 17:53:58 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/06 16:59:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/06 15:04:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/06 02:14:11 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/03 02:19:07 | 000,733,692 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/03 02:19:07 | 000,629,182 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/03 02:19:07 | 000,108,366 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/02 22:55:02 | 3017,662,464 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/02 22:32:45 | 000,002,127 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/04/02 04:18:21 | 000,746,906 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/24 20:14:48 | 000,002,359 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/03/17 16:06:50 | 000,033,134 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\UserTile.png
[2011/03/13 02:55:39 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/03/13 02:55:20 | 000,002,258 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/13 02:54:08 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

========== Files Created - No Company Name ==========

[2011/03/17 16:06:50 | 000,033,134 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\UserTile.png
[2011/03/13 02:55:39 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/03/13 02:55:20 | 000,002,359 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/03/13 02:55:20 | 000,002,258 | ---- | C] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/13 02:54:37 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/13 02:54:36 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/13 02:54:08 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/03/07 00:36:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/06 23:18:48 | 000,746,906 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/03/09 17:12:14 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Foxit Software
[2011/04/02 18:59:54 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\StreamTorrent
[2009/07/14 00:08:49 | 000,004,358 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
sportjunkie07
Active Member
 
Posts: 2
Joined: April 3rd, 2011, 1:44 am

Re: Searchqu must die!! Computer advice needed

Unread postby askey127 » April 6th, 2011, 8:46 pm

sportjunkie07,
You may have (had) a rootkit, but I haven't seen it yet.
After this you may have to reset your search site to msn, google, whatever...
----------------------------------------------
Perform a Custom Scan or Fix with OTL
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    [2011/04/02 18:59:54 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\StreamTorrent
    O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - File not found
    O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - File not found
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O4:64bit: - HKLM..\Run: [] File not found
    FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&systemid=406&q="
    FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"
    FF - prefs.js..browser.search.defaultenginename: "Web Search"
    FF - prefs.js..browser.search.order.1: "Web Search"
    FF - prefs.js..browser.search.selectedEngine: "Web Search"
    [2011/03/23 07:24:21 | 000,005,529 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\f6cggkyz.default\searchplugins\SearchquWebSearch.xml
    [2011/03/23 07:24:21 | 000,005,529 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
    IE - HKU\S-1-5-21-1991381348-1993913557-2874525089-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
    
    :Files
    C:\Users\Tom\AppData\Roaming\StreamTorrent
    C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    (Vista - W7 users: Right-click and select "Run As Administrator")
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.
---------------------------------------------------
So, In Your Reply, we will be looking for the following :
  • OTL.txt from the OTL Quick Scan
  • The report from TDSSKiller
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Searchqu must die!! Computer advice needed

Unread postby askey127 » April 10th, 2011, 11:12 am

Due to Lack of Response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 62 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware