Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Another Searchqu topic

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Another Searchqu topic

Unread postby kmkayser » May 9th, 2011, 12:38 pm

So I got this searchqu malware that after skimming the forum it looks like is going around right now. Before I saw your site I had tried deleting files and running malware bytes with no luck (my scan found no issues). Hopefully I can get some help here. Thanks!

Basically it makes it so my mozilla seach is searchqu.com and my homepage is seachqu. Chrome is running fine now all I had to do is change the settings and it stuck. My IE home page is fine once I changed it but the default search is still searchqu.com

DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Kevin at 10:23:41.45 on Mon 05/09/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.4095.1791 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\Logitech\G930\G930.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
C:\Program Files\Logitech\SetPointG\SetPointII.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDMedia.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x64\LCDRSS.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x64\LCDClock.exe
C:\Users\Kevin\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x64\LCDCountdown.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x64\LCDPop3.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kevin\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\ToolBar\searchqudtx.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\ToolBar\searchqudtx.dll
uRun: [Google Update] "C:\Users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [Logitech G930] C:\Program Files (x86)\Logitech\G930\G930.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://webvpn.dpsk12.org/CACHE/stc/1/b ... vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: UrlHelper Class: {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
mRun-x64: [Launch LCore] "C:\Program Files\Logitech Gaming Software\LCore.exe" /minimized
mRun-x64: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
AppInit_DLLs-X64: C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\ugdmaaom.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=406&q=
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Kevin\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
.
============= SERVICES / DRIVERS ===============
.
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/02/28 02:41:11];C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-11-17 146928]
R2 6077757b;6077757b;C:\Windows\System32\drivers\regi.sys [2011-2-28 14112]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-4-3 240232]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-5-5 583360]
R3 LADF_BakerCOnly;BakerC Filter Driver;C:\Windows\System32\drivers\ladfBakerCamd64.sys [2010-10-17 363224]
R3 LADF_BakerROnly;BakerR Filter Driver;C:\Windows\System32\drivers\ladfBakerRamd64.sys [2010-10-17 334552]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2011-2-17 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2011-2-17 16008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 regi;regi;C:\Windows\System32\drivers\regi.sys [2011-2-28 14112]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-2-23 20992]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-23 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-17 1255736]
.
=============== Created Last 30 ================
.
2011-05-09 15:45:44 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Malwarebytes
2011-05-09 15:45:41 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-09 15:45:41 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-05-09 15:45:38 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-09 15:45:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-05-09 14:54:50 -------- d-----w- C:\Users\Kevin\AppData\Local\{5F1F2484-5258-4D30-95B9-10265DD738FF}
2011-05-09 01:43:23 -------- d-----w- C:\Users\Kevin\AppData\Local\Ilivid Player
2011-05-09 01:43:01 -------- d-----w- C:\Program Files (x86)\Windows iLivid Toolbar
2011-05-09 01:42:54 -------- d-----w- C:\Users\Kevin\AppData\Local\PackageAware
2011-05-07 22:19:53 -------- d-----w- C:\Users\Kevin\AppData\Local\{3794C2D2-0DAF-4719-A50D-75DAC237E837}
2011-05-06 16:24:08 8802128 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{A78FF0ED-0369-43FE-AC40-2EF736DB4727}\mpengine.dll
2011-05-06 16:01:17 -------- d-----w- C:\Users\Kevin\AppData\Local\{C8B176C3-5BB2-4810-A08A-AF2F42C783E2}
2011-05-06 15:43:33 -------- d-----w- C:\Users\Kevin\AppData\Local\{37DB45E7-1D0E-4E10-93B9-BE50020DD9EA}
2011-05-05 18:54:01 -------- d-----w- C:\SC2Replay Archive
2011-05-05 16:10:24 -------- d---a-w- C:\Program Files (x86)\Sc2gears
2011-05-05 12:31:42 -------- d-----w- C:\Users\Kevin\AppData\Local\{F0993C91-FC89-4A84-86A5-865AFAC68D9B}
2011-05-04 13:27:50 -------- d-----w- C:\Users\Kevin\AppData\Local\{B2C1EA82-66D7-45D9-B78F-5F5C530D4078}
2011-05-03 22:47:01 -------- d-----w- C:\Users\Kevin\AppData\Local\{73DBFB5D-8E1F-424A-829D-FC743BF1179F}
2011-05-03 08:29:53 -------- d-----w- C:\Users\Kevin\AppData\Local\{AA3E587F-9D3D-44EA-AD59-A691825175EF}
2011-05-02 18:07:29 506368 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2011-05-02 18:06:23 -------- d-----w- C:\Program Files (x86)\Rainmeter
2011-05-02 17:26:05 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Rainmeter
2011-05-02 17:26:02 -------- d-----w- C:\Program Files\Rainmeter
2011-05-01 08:26:21 -------- d-----w- C:\Program Files (x86)\StarCraft II
2011-05-01 02:58:57 -------- d-----w- C:\Users\Kevin\SC2-WingsOfLiberty-enUS-Installer
2011-04-30 02:33:36 -------- d-----w- C:\Users\Kevin\AppData\Local\{9EF03610-1EF4-49EB-9B1B-A6E9C6F48155}
2011-04-29 01:25:11 -------- d-----w- C:\Users\Kevin\AppData\Local\ElevatedDiagnostics
2011-04-29 01:24:08 -------- d-----w- C:\PROGRA~3\Kodak
2011-04-28 20:47:00 -------- d-----w- C:\Users\Kevin\AppData\Local\{70125137-4900-4FE7-9C0B-A0738ABB6CA6}
2011-04-27 19:09:15 -------- d-----w- C:\Users\Kevin\AppData\Local\{710C0BE6-7759-490D-9496-06985A6EB876}
2011-04-26 20:58:40 2871808 ----a-w- C:\Windows\explorer.exe
2011-04-26 19:42:49 -------- d-----w- C:\Users\Kevin\AppData\Local\{D71CF6FB-37F8-4EB0-A473-C8D492A27470}
2011-04-23 15:54:08 -------- d-----w- C:\Users\Kevin\AppData\Local\{C7E882B3-6A5A-4C06-8CB8-A080ED3D9F16}
2011-04-22 17:18:30 -------- d-----w- C:\Users\Kevin\AppData\Local\{B938D1B7-2599-4A77-9489-D17FF611F15E}
2011-04-21 13:29:58 -------- d-----w- C:\Users\Kevin\AppData\Local\{D3526383-B311-4E73-8A87-8F6A09A07652}
2011-04-20 00:36:46 -------- d-----w- C:\Users\Kevin\AppData\Local\{670C6A06-2B52-4DAD-A3B7-E5B6B213708A}
2011-04-19 05:54:35 -------- d-----w- C:\Users\Kevin\AppData\Local\CrashDumps
2011-04-16 06:58:07 4096 ----a-w- C:\Windows\SysWow64\drivers\nocashio.sys
2011-04-16 05:40:37 -------- d-----w- C:\Users\Kevin\AppData\Local\{FAC79464-2688-4F04-B802-AAC5CB5E68EC}
2011-04-13 23:50:11 -------- d-----w- C:\Users\Kevin\AppData\Local\{1D9876F3-7BC1-42F9-82BC-DA7398F78835}
2011-04-12 21:15:29 -------- d-----w- C:\Users\Kevin\AppData\Local\{CFC379ED-BE3C-4FE2-AD5B-DA4425EB89B5}
2011-04-11 22:23:55 -------- d-----w- C:\Users\Kevin\AppData\Local\{60B58C1A-F42B-4368-B092-7255D815DF54}
2011-04-10 21:05:09 -------- d-----w- C:\Users\Kevin\AppData\Local\{2DD7328A-0C2E-4829-B30E-83EF711DC6CE}
2011-04-09 20:12:54 -------- d-----w- C:\Users\Kevin\AppData\Local\{C6E2380E-7D47-4406-8AC4-922A62531121}
.
==================== Find3M ====================
.
2011-05-08 18:14:38 280768 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-05-08 18:14:38 280768 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-05-08 18:13:19 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-03-24 06:27:32 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-03-12 12:08:49 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-12 11:23:45 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-03-11 06:41:37 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-03-11 06:41:34 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:41:34 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:41:34 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:41:26 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:41:12 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-03-11 06:41:12 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:33:29 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-03-11 06:30:28 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-11 05:33:09 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2011-03-11 05:31:07 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-04 06:19:28 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19:27 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52:08 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-03-01 00:27:16 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-02-28 12:00:51 2434856 ----a-w- C:\Windows\SysWow64\pbsvc_bc2.exe
2011-02-28 09:39:24 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2011-02-28 09:39:23 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-02-28 09:39:23 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-02-28 09:35:59 3140 --sha-w- C:\PROGRA~3\KGyGaAvL.sys
2011-02-28 09:35:54 88 --sh--r- C:\PROGRA~3\20E42C1C49.sys
2011-02-25 05:30:54 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-02-24 06:15:44 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-24 05:38:54 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-23 06:40:01 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-02-23 06:40:00 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-02-23 04:56:31 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-02-23 04:56:27 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-23 04:56:03 411648 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-23 04:55:47 167936 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-23 04:55:12 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-02-23 04:55:12 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-02-23 04:55:04 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 12:03:46 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-19 09:00:32 367616 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-02-19 06:30:46 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-19 04:34:54 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-18 10:51:16 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-02-18 05:39:44 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-02-18 00:45:18 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-02-18 00:43:51 374792 ----a-w- C:\Windows\System32\drivers\UMDF\lgSSQVGA.dll
2011-02-18 00:43:51 22408 ----a-w- C:\Windows\System32\drivers\LGBusEnum.sys
2011-02-18 00:43:51 16008 ----a-w- C:\Windows\System32\drivers\LGVirHid.sys
2011-02-18 00:43:51 157704 ----a-w- C:\Windows\System32\drivers\UMDF\lgSSBW.dll
2011-02-12 11:34:16 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-02-10 13:41:44 86016 ----a-w- C:\Windows\SysWow64\frapsvid.dll
2011-02-10 13:41:42 84992 ----a-w- C:\Windows\System32\frapsv64.dll
.
============= FINISH: 10:24:03.84 ===============
kmkayser
Active Member
 
Posts: 2
Joined: May 9th, 2011, 12:29 pm
Advertisement
Register to Remove

Re: Another Searchqu topic

Unread postby kmkayser » May 9th, 2011, 4:32 pm

Ok I apologize apparently I did fix the issue when I found the files and deleted them. Everything is working now but if it doesn't I'll make a new post. Thanks!
kmkayser
Active Member
 
Posts: 2
Joined: May 9th, 2011, 12:29 pm

Re: Another Searchqu topic

Unread postby Wingman » May 9th, 2011, 4:59 pm

As your problems appear to have been resolved, this topic is now closed.
We are pleased we could help you resolve your computer's malware issues.

If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read :
Donations For Malware Removal
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14108
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 47 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware