Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Searchqu hijacking browser

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Searchqu hijacking browser

Unread postby timr905 » April 23rd, 2011, 6:30 pm

Hi - I am having some issues with Searchqu hijacking my browser and would appreciate any help you can give. I have attached both the logs you require - thanks in advance!


DDS:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by HP_Administrator at 18:24:41.15 on Sat 04/23/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3006.2228 [GMT -4:00]
.
AV: Norton Internet Security 2006 *Enabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Norton Internet Worm Protection *Disabled*
FW: Norton Internet Security 2006 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\NLSSRV32.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sophos\Sophos Anti-Rootkit\sargui.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\nmlzxd.exe
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://cnn.com/
uSearch Page =
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://inboxtoolbar.com/search/dispatch ... p=aus&qkw=%s&tbid=%tb_id&%language
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.3\iobitToolbarIE.dll
uURLSearchHooks: H - No File
BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.3\iobitToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.3\iobitToolbarIE.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\hp_administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [SmartRAM] "c:\program files\iobit\advanced systemcare 3\Sup_SmartRAM.exe" /m
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [ALCMTR] ALCMTR.EXE
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_05\bin\jusched.exe
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\hp_administrator\application data\dropbox\bin\Dropbox.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\hp_administrator\start menu\programs\imvu\Run IMVU.lnk
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimi ... Config.CAB
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcC ... taller.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/200 ... oader5.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Puppy%20Luv%20Adventures/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/61.10/uploader2.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/41.22/uploader2.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro2.cce.hp.com/ChatEntry/do ... ysinfo.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://chill.comcast.net/Gameshell/Game ... meHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} - hxxp://www.instantaction.com/download/iaplayer.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-4-19 13496]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
R1 MpKsl40f57143;MpKsl40f57143;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2a20812a-32f8-4255-a357-12714554fdac}\MpKsl40f57143.sys [2011-4-23 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-5-28 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-10 14336]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-1-28 387072]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2009-12-16 65856]
R3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\e3.tmp --> c:\windows\system32\E3.tmp [?]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\drivers\nielprt.sys --> c:\windows\system32\drivers\nielprt.sys [?]
S2 ccEvtMgr;Symantec Event Manager; [x]
S2 ccSetMgr;Symantec Settings Manager; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-4-22 38224]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 12872]
.
=============== Created Last 30 ================
.
2011-04-23 20:15:44 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-04-23 20:15:44 -------- d-----w- c:\documents and settings\hp_administrator\log
2011-04-23 20:14:33 -------- d-----w- c:\program files\Sophos
2011-04-23 18:56:18 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{2a20812a-32f8-4255-a357-12714554fdac}\MpKsl40f57143.sys
2011-04-23 01:44:29 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{2a20812a-32f8-4255-a357-12714554fdac}\mpengine.dll
2011-04-22 22:45:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-22 22:45:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-22 22:45:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-22 18:51:51 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\Malwarebytes
2011-04-22 18:51:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-19 23:01:56 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-04-19 23:01:56 13496 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-04-18 19:57:58 -------- d-----w- c:\docume~1\hp_adm~1\locals~1\applic~1\Ilivid Player
2011-04-18 19:57:15 -------- d-----w- c:\program files\iLivid
2011-04-18 19:56:47 -------- d-----w- c:\docume~1\hp_adm~1\locals~1\applic~1\PackageAware
2011-04-17 19:16:43 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\Dropbox
2011-04-17 04:50:57 -------- d-----w- c:\program files\common files\Simple Star Shared
2011-04-17 04:50:56 -------- d-----w- c:\program files\Simple Star
2011-04-17 04:49:09 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\Simple Star
2011-04-01 18:59:08 -------- d-----w- c:\program files\CCleaner
2011-04-01 18:57:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\IObit
2011-04-01 18:57:10 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\Search Settings
2011-04-01 18:57:06 -------- d-----w- c:\program files\IObit Toolbar
2011-04-01 18:57:06 -------- d-----w- c:\program files\common files\Spigot
2011-04-01 18:57:06 -------- d-----w- c:\program files\Application Updater
2011-04-01 18:56:39 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\IObit
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25:52 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-04 22:48:32 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-04 22:48:30 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
.
============= FINISH: 18:25:10.62 ===============


Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/13/2008 3:49:48 PM
System Uptime: 4/23/2011 2:55:44 PM (4 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NAGAMI
Processor: AMD Athlon(tm) 64 Processor 3800+ | Socket 939 | 2404/199mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 175 GiB total, 107.569 GiB free.
D: is FIXED (FAT32) - 12 GiB total, 4.612 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP799: 1/24/2011 8:36:43 AM - Software Distribution Service 3.0
RP800: 1/25/2011 8:53:22 AM - System Checkpoint
RP801: 1/26/2011 9:10:16 AM - Software Distribution Service 3.0
RP802: 1/27/2011 9:34:32 AM - Software Distribution Service 3.0
RP803: 1/28/2011 3:52:12 PM - Software Distribution Service 3.0
RP804: 1/29/2011 4:02:26 PM - Software Distribution Service 3.0
RP805: 1/30/2011 4:36:07 PM - System Checkpoint
RP806: 1/31/2011 4:52:07 PM - System Checkpoint
RP807: 1/31/2011 6:45:35 PM - Software Distribution Service 3.0
RP808: 1/31/2011 7:00:22 PM - Software Distribution Service 3.0
RP809: 2/1/2011 7:39:59 PM - System Checkpoint
RP810: 2/2/2011 4:03:02 PM - Software Distribution Service 3.0
RP811: 2/3/2011 4:14:33 PM - System Checkpoint
RP812: 2/4/2011 7:16:55 PM - Software Distribution Service 3.0
RP813: 2/5/2011 7:24:25 PM - System Checkpoint
RP814: 2/6/2011 9:30:31 AM - Software Distribution Service 3.0
RP815: 2/7/2011 3:34:58 PM - Software Distribution Service 3.0
RP816: 2/8/2011 7:02:26 PM - System Checkpoint
RP817: 2/9/2011 4:02:11 PM - Software Distribution Service 3.0
RP818: 2/10/2011 3:51:57 PM - Software Distribution Service 3.0
RP819: 2/10/2011 5:31:44 PM - Software Distribution Service 3.0
RP820: 2/11/2011 4:14:26 PM - Software Distribution Service 3.0
RP821: 2/12/2011 10:05:18 AM - Software Distribution Service 3.0
RP822: 2/12/2011 10:13:12 AM - Software Distribution Service 3.0
RP823: 2/13/2011 9:24:42 AM - Software Distribution Service 3.0
RP824: 2/14/2011 9:30:50 AM - Software Distribution Service 3.0
RP825: 2/14/2011 9:39:34 AM - Software Distribution Service 3.0
RP826: 2/15/2011 3:51:35 PM - Software Distribution Service 3.0
RP827: 2/15/2011 4:00:17 PM - Software Distribution Service 3.0
RP828: 2/16/2011 6:23:44 PM - Software Distribution Service 3.0
RP829: 2/16/2011 6:33:06 PM - Software Distribution Service 3.0
RP830: 2/16/2011 11:12:02 PM - Installed Fiesta
RP831: 2/16/2011 11:46:20 PM - Removed Stamps.com Application Support for Microsoft Word 2000-2010
RP832: 2/16/2011 11:47:08 PM - Removed Stamps.com
RP833: 2/16/2011 11:56:57 PM - Removed Google Earth Plug-in.
RP834: 2/16/2011 11:57:41 PM - Removed Fiesta
RP835: 2/17/2011 12:02:38 AM - Configured Verizon PC Security Checkup
RP836: 2/17/2011 12:04:32 AM - Configured Customer Experience Enhancement
RP837: 2/17/2011 12:10:31 AM - Removed muvee autoProducer 4.5
RP838: 2/17/2011 6:24:38 PM - Software Distribution Service 3.0
RP839: 2/18/2011 7:45:06 AM - Software Distribution Service 3.0
RP840: 2/19/2011 9:01:36 AM - Software Distribution Service 3.0
RP841: 2/20/2011 9:39:34 AM - Software Distribution Service 3.0
RP842: 2/21/2011 1:08:11 PM - Software Distribution Service 3.0
RP843: 2/22/2011 1:29:09 PM - System Checkpoint
RP844: 2/23/2011 7:12:02 AM - Software Distribution Service 3.0
RP845: 2/24/2011 7:32:08 AM - Software Distribution Service 3.0
RP846: 2/25/2011 11:25:50 AM - Software Distribution Service 3.0
RP847: 2/26/2011 6:22:31 PM - System Checkpoint
RP848: 2/27/2011 1:23:20 AM - Software Distribution Service 3.0
RP849: 2/28/2011 7:03:54 AM - Software Distribution Service 3.0
RP850: 3/1/2011 7:43:38 AM - Software Distribution Service 3.0
RP851: 3/2/2011 8:18:05 AM - Software Distribution Service 3.0
RP852: 3/3/2011 3:40:23 PM - Software Distribution Service 3.0
RP853: 3/4/2011 6:36:15 PM - System Checkpoint
RP854: 3/5/2011 10:03:22 AM - Software Distribution Service 3.0
RP855: 3/6/2011 10:53:44 AM - Software Distribution Service 3.0
RP856: 3/7/2011 11:07:09 AM - System Checkpoint
RP857: 3/8/2011 3:51:33 PM - Software Distribution Service 3.0
RP858: 3/8/2011 4:00:51 PM - Software Distribution Service 3.0
RP859: 3/9/2011 7:38:40 AM - Software Distribution Service 3.0
RP860: 3/10/2011 4:08:31 PM - Software Distribution Service 3.0
RP861: 3/11/2011 5:01:37 PM - System Checkpoint
RP862: 3/12/2011 9:55:39 AM - Software Distribution Service 3.0
RP863: 3/13/2011 1:33:49 PM - Software Distribution Service 3.0
RP864: 3/14/2011 3:10:54 PM - Software Distribution Service 3.0
RP865: 3/15/2011 4:06:50 PM - Software Distribution Service 3.0
RP866: 3/16/2011 3:51:27 PM - Software Distribution Service 3.0
RP867: 3/16/2011 5:10:24 PM - Software Distribution Service 3.0
RP868: 3/17/2011 5:33:52 PM - System Checkpoint
RP869: 3/18/2011 7:55:15 AM - Software Distribution Service 3.0
RP870: 3/19/2011 9:22:19 AM - Software Distribution Service 3.0
RP871: 3/19/2011 9:33:38 AM - Software Distribution Service 3.0
RP872: 3/20/2011 12:33:34 PM - Software Distribution Service 3.0
RP873: 3/21/2011 2:42:38 PM - System Checkpoint
RP874: 3/22/2011 3:45:33 PM - Software Distribution Service 3.0
RP875: 3/23/2011 3:51:23 PM - System Checkpoint
RP876: 3/24/2011 7:59:57 AM - Software Distribution Service 3.0
RP877: 3/25/2011 3:52:48 PM - Software Distribution Service 3.0
RP878: 3/25/2011 4:01:40 PM - Software Distribution Service 3.0
RP879: 3/26/2011 4:45:04 PM - System Checkpoint
RP880: 3/26/2011 9:25:43 PM - Software Distribution Service 3.0
RP881: 3/28/2011 3:56:03 PM - Software Distribution Service 3.0
RP882: 3/29/2011 4:01:58 PM - Software Distribution Service 3.0
RP883: 3/30/2011 5:32:58 PM - System Checkpoint
RP884: 3/31/2011 4:12:01 PM - Software Distribution Service 3.0
RP885: 4/1/2011 5:02:18 PM - System Checkpoint
RP886: 4/2/2011 5:40:15 PM - Software Distribution Service 3.0
RP887: 4/3/2011 5:40:29 PM - System Checkpoint
RP888: 4/4/2011 4:43:32 PM - Software Distribution Service 3.0
RP889: 4/5/2011 5:12:51 PM - Software Distribution Service 3.0
RP890: 4/6/2011 6:00:48 PM - System Checkpoint
RP891: 4/7/2011 2:51:09 PM - Software Distribution Service 3.0
RP892: 4/8/2011 4:06:17 PM - Software Distribution Service 3.0
RP893: 4/10/2011 7:56:25 PM - Software Distribution Service 3.0
RP894: 4/11/2011 8:53:18 PM - System Checkpoint
RP895: 4/12/2011 8:42:41 AM - Software Distribution Service 3.0
RP896: 4/14/2011 3:51:15 PM - Software Distribution Service 3.0
RP897: 4/15/2011 4:34:33 PM - Software Distribution Service 3.0
RP898: 4/15/2011 4:43:04 PM - Software Distribution Service 3.0
RP899: 4/16/2011 4:37:42 PM - Software Distribution Service 3.0
RP900: 4/16/2011 4:45:07 PM - Software Distribution Service 3.0
RP901: 4/17/2011 2:25:08 PM - Software Distribution Service 3.0
RP902: 4/18/2011 8:12:33 AM - Software Distribution Service 3.0
RP903: 4/18/2011 8:20:34 AM - Software Distribution Service 3.0
RP904: 4/19/2011 4:20:01 PM - Software Distribution Service 3.0
RP905: 4/19/2011 4:29:03 PM - Software Distribution Service 3.0
RP906: 4/19/2011 6:47:11 PM - Removed muvee autoProducer unPlugged 1.2
RP907: 4/20/2011 4:17:23 PM - Software Distribution Service 3.0
RP908: 4/20/2011 7:31:06 PM - Software Distribution Service 3.0
RP909: 4/21/2011 3:00:23 AM - Software Distribution Service 3.0
RP910: 4/21/2011 7:24:52 PM - Software Distribution Service 3.0
RP911: 4/22/2011 12:15:03 PM - Software Distribution Service 3.0
RP912: 4/22/2011 6:39:51 PM - IObit Uninstaller RestorePoint
RP913: 4/22/2011 9:44:25 PM - Software Distribution Service 3.0
RP914: 4/23/2011 11:54:52 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3
Adobe Shockwave Player 11.5
Advanced SystemCare 3
Agere Systems PCI-SV92PP Soft Modem
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
CameraDrivers
CC_ccProxyExt
ccCommon
CCleaner
ccPxyCore
Customer Experience Enhancement
DriverAgent by TouchStone Software
Dropbox
Eusing Free Registry Cleaner
Free Realms
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB954550-v5)
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Driver Diagnostics
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Product Detection
HPProductAssistant
HpSdpAppCoreApp
IObit Toolbar v4.3
iTunes
J2SE Runtime Environment 5.0 Update 5
Java Auto Updater
Java DB 10.5.3.0
Java(TM) 6 Update 20
Java(TM) 6 Update 4
Java(TM) SE Development Kit 6 Update 20
LightScribe Diagnostic Utility
LightScribe System Software 1.10.27.1
LightScribe Template Designs - Tribal Pack 1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Away Mode
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Reward Board
Nero 7 Essentials
neroxml
Norton Internet Security
Norton Protection Center
Norton Security Scan
NVIDIA Drivers
Oblivion
Octoshape add-in for Adobe Flash Player
Picasa 3
PowerDVD
PowerProducer
PSPrinters08
PSTAPlugin
QuickTime
Realtek High Definition Audio Driver
Scan to PDF
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Smart Defrag 2
Sophos Anti-Rootkit 1.5.4
SpongeBob SquarePants Krabby Quest
Spybot - Search & Destroy
SymNet
Timez Attack Launcher
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Outlook 2007 Junk Email Filter (KB2508979)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB971029)
Update Rollup 2 for Windows XP Media Center Edition 2005
Verizon PC Security Checkup
WebFldrs XP
WildGames
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB2502898
.
==== Event Viewer Messages From Past Week ========
.
4/23/2011 12:36:49 AM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
4/22/2011 9:33:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: gagp30kx iaStor IntelIde ViaIde
4/22/2011 9:33:24 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
4/22/2011 3:06:09 PM, error: Service Control Manager [7034] - The InCD Helper service terminated unexpectedly. It has done this 1 time(s).
4/22/2011 3:04:53 PM, error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).
4/22/2011 3:04:15 PM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
4/22/2011 3:02:51 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/22/2011 12:13:01 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
4/21/2011 3:01:12 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Silverlight (KB2526954).
4/17/2011 2:26:15 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070659: Security Update for the 2007 Microsoft Office System (KB2466156).
4/17/2011 2:26:15 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070659: Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623).
4/17/2011 2:26:15 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070659: Security Update for Microsoft Office 2007 System (KB2509488).
4/17/2011 2:21:29 PM, error: Service Control Manager [7000] - The Automatic LiveUpdate Scheduler service failed to start due to the following error: The system cannot find the path specified.
4/16/2011 4:39:43 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070659: Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2522999).
4/16/2011 4:39:43 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070659: Security Update for Microsoft Office PowerPoint 2007 (KB2464594).
4/16/2011 4:39:43 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070659: Security Update for Microsoft Office Excel 2007 (KB2464583).
4/16/2011 4:39:43 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2446704).
.
==== End Of File ===========================
timr905
Regular Member
 
Posts: 18
Joined: April 23rd, 2011, 6:26 pm
Advertisement
Register to Remove

Re: Searchqu hijacking browser

Unread postby Carolyn » April 24th, 2011, 2:14 pm

I'm reviewing your logs and will post back shortly.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Searchqu hijacking browser

Unread postby Carolyn » April 24th, 2011, 2:58 pm

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems.

Please do not run any other tool until instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

======================================

Uninstall Norton Internet Security

  1. Begin by Disabling NIS
    • Start Norton Internet Security.
    • In the left pane, click Status & Settings.
    • Click Security.
    • Click Turn off.
  2. Next, click Start > Control Panel > Add/Remove Programs
    Remove these programs by clicking Remove
    Norton Internet Security
    Norton Protection Center
    Norton Security Scan
  3. To ensure that the software is completely uninstalled, please click HERE and follow the instructions in STEP 2 to download and run the norton removal tool.

======================================

Remove Outdated Programs
You can install current versions of these programs after your computer is clean

Please Click Start > Control Panel > Add/Remove Programs
Remove these programs by clicking Remove

Adobe Reader 9.3
J2SE Runtime Environment 5.0 Update 5
Java Auto Updater
Java DB 10.5.3.0
Java(TM) 6 Update 20
Java(TM) 6 Update 4
Java(TM) SE Development Kit 6 Update 20

======================================

Registry Cleaners

I notice the presence of IOBit Advanced SystemCare 3 Registry Cleaner on your pc.

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners
Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference
If it doesn't work properly you may end up with an expensive doorstop.


http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html
http://forums.whatthetech.com/Regcleaner_t42862.html


I also recommend uninstalling IObit Toolbar v4.3

IOBit has a poor reputation. You can read more about that at the link below:
IOBit Steals Malwarebytes’ Intellectual Property

======================================

I see you already have Malwarebytes Anti-Malware installed:
  • Launch the application, select the Updates tab and click Check for Updates
  • Select the Scanner tab, choose Perform Full Scan then click Scan
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

======================================

Disable Microsoft Security Essentials in preparation for a Online Scan
  • Open MSE and go to Settings > Real Time Protection.
  • Then uncheck "Turn on real time protection".
  • Exit MSE when done.
  • Note: Don't forget to Re-enable it after the below fix.

=====================================

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go herehere to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

=====================================

Please post the following in your next reply:
  • The Malwarebytes' log
  • The ESET log
  • A fresh DDS.txt and Attach.txt log
  • A description of how your computer is behaving
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Searchqu hijacking browser

Unread postby timr905 » April 24th, 2011, 10:03 pm

Hi, Carolyn! Thank you for responding. I got as far as downloading the Norton removal tool and completing that step. After that point, when I went to uninstall any program, I got the following message:

"This installation is forbidden by system policy. Contact your System Administrator."

I am logged in under my computer's administrator account and I can uninstall programs through their entries on the Start/All Programs list. I have never had this issue before and have been freely able to remove unwanted programs prior to (I believe) removing the Norton Security suite.
timr905
Regular Member
 
Posts: 18
Joined: April 23rd, 2011, 6:26 pm

Re: Searchqu hijacking browser

Unread postby Carolyn » April 25th, 2011, 9:02 am

"This installation is forbidden by system policy. Contact your System Administrator."


Thank you for letting me know. It is probably caused by the malware interfering with the uninstaller.

Please continue with the remaining instructions in my earlier post. Let me know if you run into any other difficulties. Image
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Searchqu hijacking browser

Unread postby timr905 » April 25th, 2011, 9:15 am

Thanks - I will work on it later this evening when I get home. I believe I uninstalled something as recently as two to three days ago. Could the removal of the Norton Security program triggered something?
timr905
Regular Member
 
Posts: 18
Joined: April 23rd, 2011, 6:26 pm

Re: Searchqu hijacking browser

Unread postby timr905 » April 25th, 2011, 11:16 pm

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6444

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/25/2011 11:09:59 PM
mbam-log-2011-04-25 (23-09-59).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 341498
Time elapsed: 1 hour(s), 36 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEAD004E-7E2D-49f8-831C-A01647E85B53} (PUP.MightyMagoo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
timr905
Regular Member
 
Posts: 18
Joined: April 23rd, 2011, 6:26 pm

Re: Searchqu hijacking browser

Unread postby timr905 » April 26th, 2011, 1:11 am

ESET Log:


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=1dcb34cedbc1f94fa43f408aafd16601
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-26 04:41:19
# local_time=2011-04-26 12:41:19 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5121 16777214 0 96 88116153 117573303 0 0
# compatibility_mode=5891 16776869 42 87 0 14892663 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=153519
# found=5
# cleaned=5
# scan_time=5080
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\speedupmypc.exe Win32/SpeedUpMyPC application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\FoxTabVideoConverter\VideoConverter.exe a variant of Win32/SweetIM.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\IObit Toolbar\IE\4.3\iobitToolbarIE.dll a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
timr905
Regular Member
 
Posts: 18
Joined: April 23rd, 2011, 6:26 pm

Re: Searchqu hijacking browser

Unread postby timr905 » April 26th, 2011, 1:17 am

Fresh DDS & Attach

DDS:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by HP_Administrator at 1:14:55.16 on Tue 04/26/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3006.2138 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\NLSSRV32.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\tcpsvcs.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\dds (2).scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://cnn.com/
uSearch Page =
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://inboxtoolbar.com/search/dispatch ... p=aus&qkw=%s&tbid=%tb_id&%language
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} -
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} -
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
uRun: [SmartRAM] "c:\program files\iobit\advanced systemcare 3\Sup_SmartRAM.exe" /m
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\hp_administrator\application data\dropbox\bin\Dropbox.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\hp_administrator\start menu\programs\imvu\Run IMVU.lnk
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimi ... Config.CAB
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcC ... taller.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/200 ... oader5.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Puppy%20Luv%20Adventures/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/61.10/uploader2.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/41.22/uploader2.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro2.cce.hp.com/ChatEntry/do ... ysinfo.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-be ... canner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://chill.comcast.net/Gameshell/Game ... meHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} - hxxp://www.instantaction.com/download/iaplayer.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
R1 MpKslef87095d;MpKslef87095d;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{eae5cbf2-1013-4a43-a44c-aa7608947064}\MpKslef87095d.sys [2011-4-26 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-5-28 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-10 14336]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2009-12-16 65856]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\drivers\nielprt.sys --> c:\windows\system32\drivers\nielprt.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\e3.tmp --> c:\windows\system32\E3.tmp [?]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 12872]
.
=============== Created Last 30 ================
.
2011-04-26 05:12:50 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{eae5cbf2-1013-4a43-a44c-aa7608947064}\MpKslef87095d.sys
2011-04-26 05:12:36 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{eae5cbf2-1013-4a43-a44c-aa7608947064}\mpengine.dll
2011-04-26 03:14:39 -------- d-----w- c:\program files\ESET
2011-04-24 01:17:54 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\MSNInstaller
2011-04-24 01:15:40 18944 ----a-w- c:\windows\system32\simptcp.dll
2011-04-24 01:15:40 18944 ----a-w- c:\windows\system32\dllcache\simptcp.dll
2011-04-23 20:15:44 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-04-23 20:15:44 -------- d-----w- c:\documents and settings\hp_administrator\log
2011-04-23 20:14:33 -------- d-----w- c:\program files\Sophos
2011-04-22 22:45:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-22 22:45:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-22 22:45:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-22 18:51:51 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\Malwarebytes
2011-04-22 18:51:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-18 19:57:58 -------- d-----w- c:\docume~1\hp_adm~1\locals~1\applic~1\Ilivid Player
2011-04-18 19:57:15 -------- d-----w- c:\program files\iLivid
2011-04-18 19:56:47 -------- d-----w- c:\docume~1\hp_adm~1\locals~1\applic~1\PackageAware
2011-04-17 19:16:43 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\Dropbox
2011-04-17 04:50:57 -------- d-----w- c:\program files\common files\Simple Star Shared
2011-04-17 04:50:56 -------- d-----w- c:\program files\Simple Star
2011-04-17 04:49:09 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\Simple Star
2011-04-01 18:57:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\IObit
2011-04-01 18:57:10 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\Search Settings
2011-04-01 18:57:06 -------- d-----w- c:\program files\IObit Toolbar
2011-04-01 18:57:06 -------- d-----w- c:\program files\common files\Spigot
2011-04-01 18:57:06 -------- d-----w- c:\program files\Application Updater
2011-04-01 18:56:39 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\IObit
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-04 22:48:32 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-04 22:48:30 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
.
============= FINISH: 1:16:14.05 ===============

Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/13/2008 3:49:48 PM
System Uptime: 4/25/2011 8:55:25 PM (5 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NAGAMI
Processor: AMD Athlon(tm) 64 Processor 3800+ | Socket 939 | 2405/199mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 175 GiB total, 110.11 GiB free.
D: is FIXED (FAT32) - 12 GiB total, 4.613 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP914: 4/23/2011 11:54:52 AM - Software Distribution Service 3.0
RP915: 4/23/2011 11:05:14 PM - Software Distribution Service 3.0
RP916: 4/24/2011 6:12:22 PM - Software Distribution Service 3.0
RP917: 4/24/2011 10:22:27 PM - Revo Uninstaller's restore point - Adobe Reader 9.3
RP918: 4/24/2011 10:30:02 PM - Revo Uninstaller's restore point - Adobe Reader 9.3
RP919: 4/24/2011 10:32:16 PM - Revo Uninstaller's restore point - Adobe Reader 9.3
RP920: 4/24/2011 10:32:47 PM - Revo Uninstaller's restore point - Java(TM) 6 Update 20
RP921: 4/24/2011 10:33:40 PM - Revo Uninstaller's restore point - Adobe Reader 9.3
RP922: 4/24/2011 10:35:38 PM - Software Distribution Service 3.0
RP923: 4/25/2011 9:06:51 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Shockwave Player 11.5
Agere Systems PCI-SV92PP Soft Modem
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
CameraDrivers
Customer Experience Enhancement
DriverAgent by TouchStone Software
Dropbox
ESET Online Scanner v3
Free Realms
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB954550-v5)
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Driver Diagnostics
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Product Detection
HPProductAssistant
HpSdpAppCoreApp
iTunes
J2SE Runtime Environment 5.0 Update 5
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 4
Java(TM) SE Development Kit 6 Update 20
LightScribe Diagnostic Utility
LightScribe System Software 1.10.27.1
LightScribe Template Designs - Tribal Pack 1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Away Mode
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Reward Board
Nero 7 Essentials
neroxml
Norton Security Scan
NVIDIA Drivers
Oblivion
Octoshape add-in for Adobe Flash Player
Picasa 3
PowerDVD
PowerProducer
PSPrinters08
PSTAPlugin
QuickTime
Realtek High Definition Audio Driver
Revo Uninstaller 1.92
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sophos Anti-Rootkit 1.5.4
SpongeBob SquarePants Krabby Quest
Spybot - Search & Destroy
Timez Attack Launcher
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Outlook 2007 Junk Email Filter (KB2508979)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB971029)
Update Rollup 2 for Windows XP Media Center Edition 2005
Verizon PC Security Checkup
WebFldrs XP
WildGames
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB2502898
.
==== Event Viewer Messages From Past Week ========
.
4/24/2011 8:29:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
4/24/2011 8:29:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
4/24/2011 8:29:16 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
4/24/2011 8:29:14 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/24/2011 8:29:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 Fips IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip Tcpip6
4/24/2011 8:29:00 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
4/24/2011 8:29:00 PM, error: Service Control Manager [7001] - The Simple TCP/IP Services service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
4/24/2011 8:29:00 PM, error: Service Control Manager [7001] - The IPv6 Helper Service service depends on the Microsoft IPv6 Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/24/2011 8:29:00 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/24/2011 8:29:00 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/24/2011 8:29:00 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
4/24/2011 8:29:00 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/24/2011 8:29:00 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/23/2011 9:17:51 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the crd service to connect.
4/23/2011 9:17:51 PM, error: Service Control Manager [7000] - The crd service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/23/2011 12:36:49 AM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
4/23/2011 10:53:36 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {D851F103-8C90-4321-AFF0-58BA5BD421C2} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
4/22/2011 9:33:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: gagp30kx iaStor IntelIde ViaIde
4/22/2011 9:33:24 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
4/22/2011 3:06:09 PM, error: Service Control Manager [7034] - The InCD Helper service terminated unexpectedly. It has done this 1 time(s).
4/22/2011 3:04:53 PM, error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).
4/22/2011 3:04:15 PM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
4/22/2011 3:02:51 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/22/2011 12:37:18 PM, error: Service Control Manager [7000] - The Automatic LiveUpdate Scheduler service failed to start due to the following error: The system cannot find the path specified.
4/22/2011 12:20:31 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070659: Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2522999).
4/22/2011 12:20:31 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070659: Security Update for Microsoft Office PowerPoint 2007 (KB2464594).
4/22/2011 12:20:31 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070659: Security Update for Microsoft Office Excel 2007 (KB2464583).
4/22/2011 12:20:31 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Silverlight (KB2526954).
4/22/2011 12:20:31 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2446704).
4/22/2011 12:17:09 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070659: Security Update for the 2007 Microsoft Office System (KB2466156).
4/22/2011 12:17:09 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070659: Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623).
4/22/2011 12:17:09 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070659: Security Update for Microsoft Office 2007 System (KB2509488).
4/22/2011 12:13:13 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
.
==== End Of File ===========================
timr905
Regular Member
 
Posts: 18
Joined: April 23rd, 2011, 6:26 pm

Re: Searchqu hijacking browser

Unread postby timr905 » April 26th, 2011, 1:20 am

Description:

I was able to redirect my browser to open directly to Chrome but I still cannot remove the programs you instructed me to remove. I have been mostly doing the scans this evening and have not had much of a chance to gauge performance. Amy advice on removing the programs?
timr905
Regular Member
 
Posts: 18
Joined: April 23rd, 2011, 6:26 pm

Re: Searchqu hijacking browser

Unread postby Carolyn » April 26th, 2011, 6:19 am

I need to see a more detailed scan....

OTL - System Scan
Please download OTL.exe ... by Old Timer . Save it to your Desktop
Important! Close all applications and windows so that you have nothing open and are at your Desktop
  1. Double click on the OTL icon to run it. Keep all other windows closed and let OTL run uninterrupted.
  2. When the window appears, underneath Output at the top, make sure Minimal Output is selected.
  3. Under the Standard Registry box change it to All.
  4. Check/tick the boxes beside LOP Check and Purity Check.
  5. Highlight the following bold text with your mouse and press Ctrl + C on your keyboard:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles



  6. Click under the Custom Scan box and press Ctrl + V on your keyboard to paste the above.
  7. Click the Run Scan button. The scan won't take long.
  8. When the scan completes, Notepad will open (2 windows) with files: OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • OTListIt.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  9. Please post the contents of both OTListIt.txt and Extras.txt files in your next reply.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Searchqu hijacking browser

Unread postby timr905 » April 26th, 2011, 5:12 pm

OTL Log:

OTL logfile created on: 4/26/2011 4:28:25 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
7.00 Gb Paging File | 7.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 4509 4509 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 174.54 Gb Total Space | 114.55 Gb Free Space | 65.63% Space Free | Partition Type: NTFS
Drive D: | 11.75 Gb Total Space | 4.61 Gb Free Space | 39.24% Space Free | Partition Type: FAT32

Computer Name: YOUR-4DACD0EA75 | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
PRC - C:\WINDOWS\arservice.exe (Microsoft)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll ()
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (nlsX86cc) -- C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (Iprip) -- C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
SRV - (InCDsrv) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
SRV - (ARSVC) -- C:\WINDOWS\arservice.exe (Microsoft)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (MpKslef6316f2) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EAE5CBF2-1013-4A43-A44C-AA7608947064}\MpKslef6316f2.sys (Microsoft Corporation)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG)
DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (ftsata2) -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys (Promise Technology, Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (bb-run) -- C:\WINDOWS\system32\DRIVERS\bb-run.sys (Promise Technology, Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId= ... pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://home.mywebsearch.com/index.jhtml ... VNu1MPtSdw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - Reg Error: Value error. File not found
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "www.comcast.net"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.11
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=685749&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/04 18:07:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/03/27 13:08:25 | 000,000,000 | ---D | M]

[2010/09/21 22:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2011/03/26 21:09:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/09/21 22:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2011/03/26 21:13:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ebkn1on2.default\extensions
[2010/10/19 20:36:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ebkn1on2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/01/04 23:56:32 | 000,000,274 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ebkn1on2.default\searchplugins\search.xml

O1 HOSTS File: ([2004/08/10 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: <Company name>)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SmartRAM] File not found
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcC ... taller.cab (Support.com Configuration Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Puppy%20Luv%20Adventures/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/61.10/uploader2.cab (UploadListView Class)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/41.22/uploader2.cab (UploadListView Class)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro2.cce.hp.com/ChatEntry/do ... ysinfo.cab (SysData Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-be ... canner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://chill.comcast.net/Gameshell/Game ... meHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} http://www.instantaction.com/download/iaplayer.cab (InstantAction Game Launcher)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: vzTCPConfig http://my.verizon.com/micro/speedoptimi ... Config.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/HP_ADM~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/22 02:30:24 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 14:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 06:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{a106eba2-e6d9-11df-ab5b-001731056218}\Shell - "" = AutoRun
O33 - MountPoints2\{a106eba2-e6d9-11df-ab5b-001731056218}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a106eba2-e6d9-11df-ab5b-001731056218}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL twice.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/25 23:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/24 22:21:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Revo Uninstaller
[2011/04/23 21:17:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\MSNInstaller
[2011/04/23 21:15:40 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\simptcp.dll
[2011/04/23 21:15:40 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2011/04/23 16:15:44 | 000,190,032 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/04/23 16:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\log
[2011/04/23 16:14:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sophos
[2011/04/23 16:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/04/22 18:45:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/22 18:45:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/22 18:45:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/22 18:45:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/22 18:42:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/22 18:35:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/22 14:51:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
[2011/04/22 14:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/22 12:24:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\Recent
[2011/04/21 23:26:25 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\HP_Administrator\Desktop\setup-spybotsd162.exe
[2011/04/18 15:57:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Ilivid Player
[2011/04/18 15:57:15 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
[2011/04/18 15:56:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\PackageAware
[2011/04/17 15:18:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Dropbox
[2011/04/17 15:17:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Dropbox
[2011/04/17 15:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Dropbox
[2011/04/17 00:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Simple Star Shared
[2011/04/17 00:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\Simple Star
[2011/04/17 00:49:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Simple Star
[2011/04/12 12:45:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Night Time Bud Mods
[2011/04/01 14:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/04/01 14:57:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Search Settings
[2011/04/01 14:57:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011/04/01 14:57:06 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011/04/01 14:56:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\IObit

========== Files - Modified Within 30 Days ==========

[2011/04/26 16:20:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-485449437-1823949288-755308761-1008UA.job
[2011/04/26 16:20:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/26 16:05:46 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/26 16:00:53 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/26 16:00:53 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_Startup.job
[2011/04/26 16:00:52 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2011/04/26 16:00:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/26 02:04:30 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/26 01:28:07 | 000,000,161 | ---- | M] () -- C:\Delme.bat
[2011/04/24 22:21:59 | 000,000,928 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Revo Uninstaller.lnk
[2011/04/24 22:07:54 | 000,000,279 | -HS- | M] () -- C:\boot.ini
[2011/04/23 23:24:32 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/04/23 22:53:37 | 000,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/04/23 21:20:44 | 000,448,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/23 21:20:44 | 000,073,624 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/23 21:16:44 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/23 21:15:10 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2011/04/23 16:15:43 | 000,190,032 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/04/22 18:45:03 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/21 23:26:39 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\HP_Administrator\Desktop\setup-spybotsd162.exe
[2011/04/21 08:20:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-485449437-1823949288-755308761-1008Core.job
[2011/04/19 18:43:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2011/04/18 21:49:47 | 000,001,078 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Dropbox.lnk
[2011/04/18 21:49:47 | 000,001,078 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Dropbox.lnk
[2011/04/18 16:11:52 | 000,012,985 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Davinci Guld 1.bat
[2011/04/17 01:21:01 | 000,127,717 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Lily Then.jpg
[2011/04/17 01:19:59 | 000,122,113 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Nate Then.jpg
[2011/04/17 01:18:43 | 000,084,210 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Nate 2010.jpg
[2011/04/17 01:17:26 | 000,273,800 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Nate 2009.jpg
[2011/04/17 01:16:40 | 000,095,718 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Lily Soccer 2009.jpg
[2011/04/17 01:10:42 | 000,235,384 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Lily 2009.jpg
[2011/04/17 01:07:10 | 000,506,025 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Family Then.jpg
[2011/04/17 01:03:34 | 000,464,298 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Nate Soccer 2009.jpg
[2011/04/17 00:53:53 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/04/15 16:45:26 | 000,315,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/14 15:40:33 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/08 21:57:00 | 000,000,544 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/03/30 00:45:35 | 000,833,133 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\2010_Application_rev (1).pdf

========== Files Created - No Company Name ==========

[2011/04/24 22:21:59 | 000,000,928 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Revo Uninstaller.lnk
[2011/04/23 21:14:32 | 000,004,566 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/04/22 18:45:03 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/18 16:12:07 | 000,012,985 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Davinci Guld 1.bat
[2011/04/17 15:18:09 | 000,001,078 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Dropbox.lnk
[2011/04/17 15:17:25 | 000,001,078 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Dropbox.lnk
[2011/04/17 01:07:58 | 000,122,113 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Nate Then.jpg
[2011/04/17 01:05:43 | 000,127,717 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Lily Then.jpg
[2011/04/17 01:04:21 | 000,506,025 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Family Then.jpg
[2011/04/17 01:02:55 | 000,464,298 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Nate Soccer 2009.jpg
[2011/04/17 01:01:51 | 000,095,718 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Lily Soccer 2009.jpg
[2011/04/17 01:00:37 | 000,235,384 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Lily 2009.jpg
[2011/04/17 00:57:02 | 000,084,210 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Nate 2010.jpg
[2011/04/17 00:54:49 | 000,273,800 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Nate 2009.jpg
[2011/04/03 23:37:08 | 000,000,270 | ---- | C] () -- C:\WINDOWS\tasks\Game_Booster_Startup.job
[2011/04/01 14:58:10 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2011/03/30 00:45:35 | 000,833,133 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\2010_Application_rev (1).pdf
[2011/02/17 00:24:48 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2011/02/17 00:24:48 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2011/02/16 22:35:05 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
[2010/09/20 17:12:48 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\TAConf.conf
[2010/04/02 09:17:44 | 000,000,078 | ---- | C] () -- C:\WINDOWS\TONKA.INI
[2009/12/23 12:31:52 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2009/12/23 12:03:33 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009/12/23 12:03:31 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2009/11/12 19:38:10 | 000,068,048 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/19 13:14:43 | 000,332,536 | ---- | C] () -- C:\WINDOWS\My Reward Board Uninstaller.exe
[2009/06/17 12:13:30 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2009/01/12 00:36:21 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2008/12/26 00:40:02 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/20 13:36:42 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/12/02 22:34:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2008/07/25 17:23:08 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/07/13 15:50:59 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2008/04/01 22:14:14 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2008/01/20 11:28:50 | 000,000,073 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2008/01/12 20:30:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EAREMOVE.INI
[2007/09/19 23:13:51 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2007/08/20 19:12:28 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2007/07/30 16:55:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/07/18 20:02:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/07/04 10:06:56 | 000,001,495 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2007/07/04 09:54:27 | 000,000,058 | ---- | C] () -- C:\WINDOWS\Cloud9.ini
[2007/06/24 15:55:16 | 000,000,011 | ---- | C] () -- C:\WINDOWS\Preschol.ini
[2007/06/20 19:01:09 | 000,000,603 | ---- | C] () -- C:\WINDOWS\E-REGTLC.INI
[2007/06/20 19:00:34 | 000,000,108 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2007/06/19 19:37:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/06/11 06:50:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2007/06/02 19:35:30 | 000,000,514 | ---- | C] () -- C:\WINDOWS\ka.ini
[2007/04/01 14:53:20 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/31 18:33:21 | 000,000,667 | ---- | C] () -- C:\WINDOWS\VTruck1.ini
[2007/03/31 18:22:59 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/03/09 01:00:33 | 000,001,759 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/02/26 22:16:16 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2007/02/26 22:14:17 | 000,001,526 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/02/26 20:13:59 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/02/22 02:57:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/02/22 02:37:14 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2007/02/22 02:34:31 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-9972322.exe
[2007/02/22 02:33:46 | 000,014,317 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2007/02/22 02:33:42 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2007/02/22 02:31:01 | 000,000,031 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2007/02/22 02:28:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/22 02:17:07 | 000,000,406 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/02/22 02:15:36 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2007/02/22 02:15:36 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2007/02/22 02:10:26 | 000,080,417 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
[2007/02/22 02:10:26 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
[2007/02/22 02:09:33 | 000,072,881 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2007/02/22 02:06:08 | 000,087,276 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2007/02/22 01:56:55 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/02/22 01:56:55 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/02/22 01:56:55 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/02/22 01:56:55 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/02/22 01:56:55 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/02/22 01:56:55 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/02/22 01:56:55 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/02/22 01:56:54 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/02/22 01:56:54 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/02/22 01:56:54 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/02/22 01:56:54 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2007/02/22 01:55:24 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/02/12 18:59:40 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/12/10 00:03:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/31 07:17:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/31 07:07:46 | 000,448,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/31 07:07:46 | 000,073,624 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/31 07:05:30 | 000,315,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/31 07:01:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/31 06:58:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/06 01:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 03:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/08/10 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/26 17:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/08/23 18:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 18:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/07 02:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2007/02/22 02:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2007/11/20 18:23:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2011/04/03 21:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2008/12/25 01:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2008/01/20 13:10:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MakeMusic
[2007/04/04 14:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2011/01/31 19:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2009/12/23 15:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2007/04/05 21:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2010/03/09 15:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2008/12/24 09:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/05/16 08:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prevx
[2011/02/21 00:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegInOut
[2008/07/10 20:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2007/09/12 21:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2009/01/11 12:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/11/27 16:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2008/10/03 16:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/02/26 20:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/09/01 17:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/07/01 12:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/05 15:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/04/11 04:59:00 | 000,000,454 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job
[2011/04/26 16:00:53 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\Game_Booster_Startup.job
[2011/04/26 16:05:46 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/04/11 04:32:00 | 000,000,336 | ---- | M] () -- C:\WINDOWS\Tasks\PC Medkit.job
[2011/02/21 00:59:33 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\RegInOut Scheduled Scan - HP_Administrator.job
[2011/04/26 16:00:52 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Startup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/11/16 21:53:29 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/10 00:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/11/16 21:53:29 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/16 21:53:29 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/10 00:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/11/16 21:53:29 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/06/17 16:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\hp\drivers\Intel_5_1_0_1022_PV\iastor.sys
[2005/06/17 16:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 20:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2008/04/13 20:11:54 | 000,344,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\hnetcfg.dll

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A696643D
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44DAF2F1
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E799D7F
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40520FC3
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8591AF9
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1D3FEF0

< End of report >
timr905
Regular Member
 
Posts: 18
Joined: April 23rd, 2011, 6:26 pm

Re: Searchqu hijacking browser

Unread postby timr905 » April 26th, 2011, 5:13 pm

Extras Log:


OTL Extras logfile created on: 4/26/2011 4:28:25 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
7.00 Gb Paging File | 7.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 4509 4509 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 174.54 Gb Total Space | 114.55 Gb Free Space | 65.63% Space Free | Partition Type: NTFS
Drive D: | 11.75 Gb Total Space | 4.61 Gb Free Space | 39.24% Space Free | Partition Type: FAT32

Computer Name: YOUR-4DACD0EA75 | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"1039:TCP" = 1039:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{1596098A-FCEC-48F0-B7C7-08A31B771033}" = Nero 7 Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{272F534A-29A8-40D4-8E0C-2A9A596F808D}" = LightScribe Template Designs - Tribal Pack 1
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{32A3A4F4-B792-11D6-A78A-00B0D0160200}" = Java(TM) SE Development Kit 6 Update 20
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{624D19C3-D55D-4368-BC10-9B53036D8358}" = HP Driver Diagnostics
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBCF859F-04BE-4A07-B6FA-F4FAD69EF1ED}" = LightScribe System Software 1.10.27.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F092D1A4-ED8C-47ED-AE72-45B80D7C0543}" = Verizon PC Security Checkup
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FBD2BEB1-A40A-49DC-AD73-45B1F85F04B3}" = LightScribe Diagnostic Utility
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"Akamai" = Akamai NetSession Interface
"AwayMode160" = Microsoft Away Mode
"DriverAgent.exe" = DriverAgent by TouchStone Software
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MSNINST" = MSN
"My Reward Board" = My Reward Board
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"Revo Uninstaller" = Revo Uninstaller 1.92
"RP Scan and Clean {F092D1A4-ED8C-47ED-AE72-45B80D7C0543}" = Verizon PC Security Checkup
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"Timez Attack Launcher E" = Timez Attack Launcher
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WildTangent wildgames Master Uninstall" = WildGames
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WT026257" = SpongeBob SquarePants Krabby Quest

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"SOE-Free Realms" = Free Realms

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/24/2011 10:36:33 PM | Computer Name = YOUR-4DACD0EA75 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Enterprise 2007 - Update 'Update for Outlook
2007 Junk Email Filter (KB2522999)' could not be installed. Error code 1625. Windows
Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

Error - 4/26/2011 4:03:14 PM | Computer Name = YOUR-4DACD0EA75 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Enterprise 2007 - Update 'Security Update
for Microsoft Office PowerPoint Viewer 2007 (KB2464623)' could not be installed.
Error code 1625. Windows Installer can create logs to help troubleshoot issues
with installing software packages. Use the following link for instructions on turning
on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 4/26/2011 4:03:36 PM | Computer Name = YOUR-4DACD0EA75 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Enterprise 2007 - Update 'Security Update
for 2007 Microsoft Office System (KB2466156)' could not be installed. Error code
1625. Windows Installer can create logs to help troubleshoot issues with installing
software packages. Use the following link for instructions on turning on logging
support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 4/26/2011 4:03:43 PM | Computer Name = YOUR-4DACD0EA75 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Enterprise 2007 - Update 'Security Update
for 2007 Microsoft Office System (KB2509488)' could not be installed. Error code
1625. Windows Installer can create logs to help troubleshoot issues with installing
software packages. Use the following link for instructions on turning on logging
support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 4/26/2011 4:04:03 PM | Computer Name = YOUR-4DACD0EA75 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB2446704v2'
could not be installed. Error code 1625. Additional information is available in
the log file C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\Microsoft .NET Framework
2.0-KB2446704_20110426_200351875-Msi0.txt.

Error - 4/26/2011 4:04:05 PM | Computer Name = YOUR-4DACD0EA75 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2446704,
P2 1033, P3 1625, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 4/26/2011 4:04:14 PM | Computer Name = YOUR-4DACD0EA75 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Enterprise 2007 - Update 'Security Update
for Microsoft Office PowerPoint 2007 (KB2464594)' could not be installed. Error
code 1625. Windows Installer can create logs to help troubleshoot issues with installing
software packages. Use the following link for instructions on turning on logging
support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 4/26/2011 4:04:23 PM | Computer Name = YOUR-4DACD0EA75 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft Silverlight - Update 'Microsoft Silverlight 4.0.60310.0'
could not be installed. Error code 1625. Additional information is available in
the log file C:\WINDOWS\TEMP\SilverlightMSI.log.

Error - 4/26/2011 4:04:29 PM | Computer Name = YOUR-4DACD0EA75 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Enterprise 2007 - Update 'Security Update
for Microsoft Office Excel 2007 (KB2464583)' could not be installed. Error code
1625. Windows Installer can create logs to help troubleshoot issues with installing
software packages. Use the following link for instructions on turning on logging
support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 4/26/2011 4:04:35 PM | Computer Name = YOUR-4DACD0EA75 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Enterprise 2007 - Update 'Update for Outlook
2007 Junk Email Filter (KB2522999)' could not be installed. Error code 1625. Windows
Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

[ OSession Events ]
Error - 3/11/2009 3:17:56 PM | Computer Name = YOUR-4DACD0EA75 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1127
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/7/2010 1:18:52 PM | Computer Name = YOUR-4DACD0EA75 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 698
seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/26/2011 2:05:15 AM | Computer Name = YOUR-4DACD0EA75 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 4/26/2011 2:05:45 AM | Computer Name = YOUR-4DACD0EA75 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/26/2011 4:03:31 PM | Computer Name = YOUR-4DACD0EA75 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070659: Security Update for Microsoft Office PowerPoint Viewer 2007
(KB2464623).

Error - 4/26/2011 4:03:41 PM | Computer Name = YOUR-4DACD0EA75 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070659: Security Update for the 2007 Microsoft Office System (KB2466156).

Error - 4/26/2011 4:03:48 PM | Computer Name = YOUR-4DACD0EA75 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070659: Security Update for Microsoft Office 2007 System (KB2509488).

Error - 4/26/2011 4:04:12 PM | Computer Name = YOUR-4DACD0EA75 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on
Windows Server 2003 and Windows XP x86 (KB2446704).

Error - 4/26/2011 4:04:19 PM | Computer Name = YOUR-4DACD0EA75 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070659: Security Update for Microsoft Office PowerPoint 2007 (KB2464594).

Error - 4/26/2011 4:04:28 PM | Computer Name = YOUR-4DACD0EA75 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Microsoft Silverlight (KB2526954).

Error - 4/26/2011 4:04:34 PM | Computer Name = YOUR-4DACD0EA75 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070659: Security Update for Microsoft Office Excel 2007 (KB2464583).

Error - 4/26/2011 4:04:50 PM | Computer Name = YOUR-4DACD0EA75 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070659: Update for Microsoft Office Outlook 2007 Junk Email Filter
(KB2522999).


< End of report >
timr905
Regular Member
 
Posts: 18
Joined: April 23rd, 2011, 6:26 pm

Re: Searchqu hijacking browser

Unread postby timr905 » April 26th, 2011, 5:44 pm

One last thing regarding performance - I have noticed for about 2-3 weeks that my fan starts running a lot, especially when something runs on Flash. I don't remember it doing that all that much before but I don't know how resource intensive the newer Flash player is or when it was updated.
timr905
Regular Member
 
Posts: 18
Joined: April 23rd, 2011, 6:26 pm

Re: Searchqu hijacking browser

Unread postby Carolyn » April 26th, 2011, 5:58 pm

Download and Run ComboFix

  • Please download ComboFix from one of the following links.

    Link 1.

    Link 2.

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**

  • Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 46 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware