Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

How to remove searchqu

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

How to remove searchqu

Unread postby valnar25 » May 20th, 2011, 8:30 am

Hello everybody. As the topic suggests, I have this nasty problem where the site hxxp://www.searchqu.com/406 automatically makes itself my homepage.

So I downloaded this iLivid thing although it wasn't at all what I wanted (stupid misleading descriptions). I removed it immediatlely but noticed that searchqu toolbar was installed and the site was my standard homepage in Firefox. First I deactivated/removed the toolbar and that DataMngr thing from my add on list. That took care of the toolbar but the problem with the homepage remained. Of course I also changed it in the internet options.
So I did a malwarebytes scan but it found nothing. I also used Hijackthis and deleted the searchqu related things there but that didn't help either. A quick use of google revealed that quite a few people have this problem (also on this board) so I tried various stuff that was suggested there but simply nothing worked.

I've had this crap on my machine (Windows XP btw) for 6 days now, didn't have the time/nerv to take care of it. It doesn't seem to do anything bad except from being annoying but it still worries me and I finally want to get rid of it.

I really hope you can help me with this. Thanks in advance. (I also hope I'm doing this right. I did read the "how to get help" thread but I'm still unsure. If you need any additional information please tell me.)

Anyway here are the DDS log:

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Tharand at 14:16:19 on 2011-05-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.540 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programs\Avira\AntiVir Desktop\sched.exe
svchost.exe
D:\Programs\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Programs\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
D:\Programs\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
D:\Programme\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
D:\Programs\Mozilla\firefox.exe
C:\Documents and Settings\Tharand\Desktop\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.de/firefox
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~1\spybot~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [avgnt] "d:\programs\avira\antivir desktop\avgnt.exe" /min
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [DeviceDiscovery] c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - d:\programme\setpoint\SetPoint.exe
IE: Free YouTube to MP3 Converter - c:\documents and settings\tharand\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\programme\icq6.5\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~1\spybot~1\SDHelper.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDow ... eqlab3.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\tharand\application data\mozilla\firefox\profiles\q2texqp6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=406&q=
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: d:\programs\divx\divx player\npDivxPlayerPlugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;d:\programs\avira\antivir desktop\avgio.sys [2009-5-15 11608]
R2 AntiVirSchedulerService;Avira AntiVir Planer;d:\programs\avira\antivir desktop\sched.exe [2009-5-15 136360]
R2 AntiVirService;Avira AntiVir Guard;d:\programs\avira\antivir desktop\avguard.exe [2009-5-15 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-15 61960]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-1-20 10384]
.
=============== Created Last 30 ================
.
2011-05-17 12:40:44 -------- d-----w- c:\program files\directx
2011-05-17 12:39:40 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2011-05-17 12:39:40 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2011-05-17 12:39:40 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2011-05-17 12:39:40 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2011-05-17 12:39:39 692224 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2011-05-17 12:39:39 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2011-05-17 12:39:39 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2011-05-15 18:01:41 -------- d-sha-r- C:\cmdcons
2011-05-15 18:00:30 98816 ----a-w- c:\windows\sed.exe
2011-05-15 18:00:30 89088 ----a-w- c:\windows\MBR.exe
2011-05-15 18:00:30 256512 ----a-w- c:\windows\PEV.exe
2011-05-15 18:00:30 161792 ----a-w- c:\windows\SWREG.exe
2011-05-15 10:39:40 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-05-15 09:03:38 -------- d-----w- c:\documents and settings\tharand\local settings\application data\Ilivid Player
2011-05-15 09:02:00 -------- d-----w- c:\documents and settings\tharand\local settings\application data\PackageAware
.
==================== Find3M ====================
.
2011-03-20 12:57:18 2983288 ----a-w- C:\sam.tmp
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 14:16:52,03 ===============





.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12.01.2009 16:19:34
System Uptime: 20.05.2011 14:06:35 (0 hours ago)
.
Motherboard: Dell Inc. | | 0G5611
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 20 GiB total, 8,298 GiB free.
D: is FIXED (NTFS) - 129 GiB total, 82,989 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Scientific Atlanta WebSTAR 2000 series Cable Modem
Device ID: USB\VID_069A&PID_4402\0014F8ED5E90
Manufacturer: Scientific Atlanta
Name: Scientific Atlanta WebSTAR 2000 series Cable Modem
PNP Device ID: USB\VID_069A&PID_4402\0014F8ED5E90
Service: USBCM
.
==== System Restore Points ===================
.
RP142: 14.02.2011 20:32:03 - System Checkpoint
RP143: 20.02.2011 18:24:26 - System Checkpoint
RP144: 27.02.2011 13:10:06 - System Checkpoint
RP145: 01.03.2011 17:44:30 - System Checkpoint
RP146: 05.03.2011 10:43:59 - System Checkpoint
RP147: 09.03.2011 21:58:36 - Software Distribution Service 3.0
RP148: 17.03.2011 15:27:54 - Software Distribution Service 3.0
RP149: 24.03.2011 19:05:58 - Software Distribution Service 3.0
RP150: 27.03.2011 11:48:53 - System Checkpoint
RP151: 29.03.2011 20:20:21 - System Checkpoint
RP152: 02.04.2011 11:38:55 - System Checkpoint
RP153: 04.04.2011 08:39:56 - System Checkpoint
RP154: 10.04.2011 13:57:21 - System Checkpoint
RP155: 15.04.2011 07:04:33 - Software Distribution Service 3.0
RP156: 27.04.2011 11:05:09 - Software Distribution Service 3.0
RP157: 06.05.2011 14:22:59 - System Checkpoint
RP158: 11.05.2011 14:31:49 - Software Distribution Service 3.0
RP159: 14.05.2011 21:08:03 - System Checkpoint
RP160: 17.05.2011 14:40:18 - Installiert ANNO 1602 Königs-Edition
RP161: 19.05.2011 20:50:58 - ComboFix created restore point
.
==== Installed Programs ======================
.
.
ABBYY FineReader 5.0 Sprint
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.4 - Deutsch
Adobe Shockwave Player 11.5
ANNO 1602 Königs-Edition
Avira AntiVir Personal - Free Antivirus
Broadcom Advanced Control Suite 2
Broadcom Gigabit Integrated Controller
Canon iP100 series
Canon iP100 series User Registration
Canon My Printer
Canon Setup Utility 2.4
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CDDRV_Installer
Command & Conquer Generals
Command and Conquer(TM) Generäle Die Stunde Null
Critical Update for Windows Media Player 11 (KB959772)
Deus Ex
Deus Ex - Invisible War
DivX-Setup
DivX Converter
DivX Plus DirectShow Filters
DivX Version Checker
EVEREST Home Edition v2.20
FLV Player 2.0 (build 25)
Free Audio CD Burner version 1.4.7
Free YouTube to MP3 Converter version 3.9.31
Freelancer
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Deskjet 3840
hp deskjet 5100
HP Memories Disc
HP Photo and Imaging 2.0 - Deskjet Series
hp print screen utility
HP Update
ICQ6.5
KhalInstallWrapper
Logitech SetPoint
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Game Studios Common Redistributables Pack 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (German)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft XML Parser
Mozilla Firefox 4.0.1 (x86 de)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX v8.10.13
overland
Plustek USB Scanner
RTP 1.32 Add-On for RM2k
RTP for RM2K (Png, Wav, Midi, Fonts)
Sacred
Scientific Atlanta WebSTAR 2000 series Cable Modem
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Spybot - Search & Destroy
System Requirements Lab
Takatis - A Tribute To Manfred Trenz
TeamSpeak 2 RC2
TeamSpeak 3 Client
Throne of Darkness
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Veoh Web Player
VLC media player 1.1.0
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
15.05.2011 20:01:46, error: WMPNetworkSvc [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2711'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
15.05.2011 20:01:14, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
.
==== End Of File ===========================
valnar25
Active Member
 
Posts: 5
Joined: May 19th, 2011, 3:45 pm
Advertisement
Register to Remove

Re: How to remove searchqu

Unread postby Cypher » May 21st, 2011, 7:28 am

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Backup your data - XP
Backup your data - Vista
Backup your data - windows 7


Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under Custom Scans/Fixes copy/paste the contents of the code box below.
    Code: Select all
    c:|Fun4IM;true;true;true; /FP
    c:|Bandoo;true;true;true; /FP
    c:|Searchqu;true;true;true; /FP
    c:|iLivid;true;true;true; /FP
    c:|whitesmoke;true;true;true; /FP
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: How to remove searchqu

Unread postby valnar25 » May 21st, 2011, 11:20 am

Hello Cypher and thanks for your reply I really appreciate your help.
Here are the requested logs:

OTL logfile created on: 21.05.2011 17:11:50 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Tharand\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

1.022,00 Mb Total Physical Memory | 571,00 Mb Available Physical Memory | 56,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20,00 Gb Total Space | 8,23 Gb Free Space | 41,15% Space Free | Partition Type: NTFS
Drive D: | 129,00 Gb Total Space | 82,97 Gb Free Space | 64,31% Space Free | Partition Type: NTFS

Computer Name: BLAH | User Name: Tharand | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Tharand\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Programs\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - D:\Programs\Mozilla\firefox.exe (Mozilla Corporation)
PRC - D:\Programs\Mozilla\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - D:\Programs\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - D:\Programs\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - D:\Programs\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - D:\Programme\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
PRC - C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Tharand\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - D:\Programme\SetPoint\lgscroll.dll (Logitech, Inc.)
MOD - D:\Programme\SetPoint\IMHook.dll (Logitech, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (AntiVirSchedulerService) -- D:\Programs\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- D:\Programs\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- D:\Programs\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (USBCM) -- C:\WINDOWS\system32\drivers\Sacm2K.sys ( )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1454471165-1284227242-1644491937-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/firefox
IE - HKU\S-1-5-21-1454471165-1284227242-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"
FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&systemid=406&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.16 15:57:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.16 15:57:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: D:\Programs\Mozilla\components [2011.05.15 20:20:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: D:\Programs\Mozilla\plugins [2011.05.16 15:57:34 | 000,000,000 | ---D | M]

[2011.05.15 13:05:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tharand\Application Data\Mozilla\Extensions
[2011.05.15 19:32:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tharand\Application Data\Mozilla\Firefox\Profiles\9tfv36s1.Jan\extensions
[2010.11.09 20:33:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tharand\Application Data\Mozilla\Firefox\Profiles\9tfv36s1.Jan\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.12.18 15:31:24 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\Tharand\Application Data\Mozilla\Firefox\Profiles\9tfv36s1.Jan\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.15 19:32:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tharand\Application Data\Mozilla\Firefox\Profiles\q2texqp6.default\extensions
[2009.09.11 07:36:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009.01.20 14:06:08 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
File not found (No name found) --

O1 HOSTS File: ([2011.05.19 20:55:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O4 - HKLM..\Run: [avgnt] D:\Programs\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = D:\Programme\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-1284227242-1644491937-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1454471165-1284227242-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1454471165-1284227242-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1454471165-1284227242-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Tharand\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDow ... eqlab3.cab (System Requirements Lab Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.225 83.169.186.97
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Tharand\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tharand\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.01.12 17:17:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.05.21 17:10:22 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tharand\Desktop\OTL.exe
[2011.05.20 14:16:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tharand\Start Menu\Programs\Administrative Tools
[2011.05.20 14:15:42 | 000,606,738 | R--- | C] (Swearware) -- C:\Documents and Settings\Tharand\Desktop\dds.scr
[2011.05.19 20:57:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011.05.17 14:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2011.05.17 14:40:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ANNO 1602 Königs-Edition
[2011.05.15 20:01:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.05.15 20:00:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011.05.15 20:00:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011.05.15 20:00:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011.05.15 20:00:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011.05.15 19:53:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.05.15 19:45:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.05.15 13:58:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ascaron Entertainment
[2011.05.15 12:39:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011.05.15 12:39:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011.05.15 11:03:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tharand\Local Settings\Application Data\Ilivid Player
[2011.05.15 11:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tharand\Local Settings\Application Data\PackageAware
[2011.04.29 14:26:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tharand\Start Menu\Programs\Takatis - A Tribute To Manfred Trenz
[2009.06.01 19:05:19 | 000,015,429 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm2K.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.05.21 17:10:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tharand\Desktop\OTL.exe
[2011.05.21 16:43:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.05.21 16:43:13 | 000,243,457 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011.05.21 16:43:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.05.20 14:15:44 | 000,606,738 | R--- | M] (Swearware) -- C:\Documents and Settings\Tharand\Desktop\dds.scr
[2011.05.19 20:55:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.05.19 20:50:09 | 004,351,992 | R--- | M] () -- C:\Documents and Settings\Tharand\Desktop\ComboFix.exe
[2011.05.17 17:23:44 | 000,173,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.05.17 14:47:45 | 000,000,473 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Conquerors.lnk
[2011.05.17 14:45:47 | 000,000,571 | ---- | M] () -- C:\Documents and Settings\Tharand\Desktop\Age of Empires II.lnk
[2011.05.17 14:41:19 | 000,000,499 | ---- | M] () -- C:\Documents and Settings\Tharand\Desktop\Anno 1602.lnk
[2011.05.16 18:31:24 | 000,000,557 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2011.05.16 15:57:23 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2011.05.15 20:20:00 | 000,000,539 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Internet.lnk
[2011.05.15 20:01:45 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011.05.15 13:58:57 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\Tharand\Desktop\Sacred.lnk
[2011.05.15 12:39:50 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\Tharand\Desktop\Spybot - Search & Destroy.lnk
[2011.05.15 12:39:50 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\Tharand\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011.05.07 17:47:28 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\Tharand\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.05.17 14:47:45 | 000,000,473 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Conquerors.lnk
[2011.05.17 14:45:47 | 000,000,571 | ---- | C] () -- C:\Documents and Settings\Tharand\Desktop\Age of Empires II.lnk
[2011.05.17 14:41:19 | 000,000,499 | ---- | C] () -- C:\Documents and Settings\Tharand\Desktop\Anno 1602.lnk
[2011.05.16 15:57:23 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2011.05.15 20:20:00 | 000,000,539 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011.05.15 20:01:45 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011.05.15 20:01:42 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011.05.15 20:00:30 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.05.15 20:00:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.05.15 20:00:30 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.05.15 20:00:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.05.15 20:00:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.05.15 19:53:25 | 004,351,992 | R--- | C] () -- C:\Documents and Settings\Tharand\Desktop\ComboFix.exe
[2011.05.15 13:58:57 | 000,000,519 | ---- | C] () -- C:\Documents and Settings\Tharand\Desktop\Sacred.lnk
[2011.05.15 12:39:50 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\Tharand\Desktop\Spybot - Search & Destroy.lnk
[2011.05.15 12:39:50 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\Tharand\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010.07.17 22:36:24 | 008,676,883 | ---- | C] () -- C:\WINDOWS\System32\NCMedia2.dll
[2010.07.17 22:36:24 | 000,758,018 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.07.17 22:36:24 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.07.17 21:23:01 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.17 17:09:55 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010.05.29 21:00:09 | 000,000,993 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010.04.04 13:09:47 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\Unlha32.dll
[2010.04.04 13:09:46 | 000,473,600 | ---- | C] () -- C:\WINDOWS\System32\Harmony.dll
[2009.12.24 16:53:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PrestoPM.INI
[2009.12.24 16:44:07 | 000,049,152 | R--- | C] () -- C:\WINDOWS\AutoSet.dll
[2009.12.24 16:44:03 | 000,000,613 | ---- | C] () -- C:\WINDOWS\if40le.ini
[2009.12.24 16:44:02 | 000,000,114 | ---- | C] () -- C:\WINDOWS\SCNDRVU.INI
[2009.12.24 16:43:48 | 000,002,993 | ---- | C] () -- C:\WINDOWS\If42le.ini
[2009.12.24 16:43:48 | 000,000,241 | ---- | C] () -- C:\WINDOWS\PEXPLORE.INI
[2009.12.24 16:43:46 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2009.12.24 16:43:40 | 000,000,403 | ---- | C] () -- C:\WINDOWS\umxaddin.ini
[2009.12.24 15:44:40 | 000,011,868 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini
[2009.10.04 14:54:33 | 000,000,749 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009.09.02 20:12:04 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009.08.23 15:45:42 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2009.08.23 15:18:03 | 001,597,690 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009.08.23 13:59:41 | 000,004,981 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
[2009.06.01 19:05:20 | 000,135,168 | R--- | C] () -- C:\WINDOWS\UNDPX2K.exe
[2009.06.01 19:05:20 | 000,053,693 | R--- | C] () -- C:\WINDOWS\UNDPX2K.sys
[2009.03.16 12:18:25 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009.03.16 12:18:25 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009.03.16 12:18:25 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009.01.27 18:54:09 | 000,010,757 | ---- | C] () -- C:\WINDOWS\hpdj3840.ini
[2009.01.25 19:10:56 | 000,008,026 | ---- | C] () -- C:\Documents and Settings\Tharand\Application Data\wklnhst.dat
[2009.01.20 13:55:33 | 000,087,040 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2009.01.20 13:32:00 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Tharand\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.19 13:54:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009.01.12 18:10:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009.01.12 18:10:46 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009.01.12 17:56:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.01.12 17:55:27 | 000,173,872 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.01.12 17:19:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.01.12 17:14:20 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.12.26 01:08:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008.12.26 01:08:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008.12.26 01:08:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008.12.26 01:08:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008.12.26 01:08:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008.12.26 01:08:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008.12.26 01:08:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008.12.26 01:08:00 | 000,432,672 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.04.14 05:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006.12.31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.03.03 09:50:56 | 000,004,460 | ---- | C] () -- C:\WINDOWS\hpfmdl_s04_main.dat
[2004.02.11 20:39:07 | 000,000,316 | ---- | C] () -- C:\WINDOWS\hpfins_s04_main.dat
[2003.06.17 18:20:28 | 000,005,358 | ---- | C] () -- C:\WINDOWS\hpfmdl01.dat
[2003.06.17 18:13:16 | 000,000,332 | ---- | C] () -- C:\WINDOWS\hpfins01.dat
[2002.08.29 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002.08.29 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002.08.29 13:00:00 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002.08.29 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002.08.29 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002.08.29 13:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002.08.29 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002.08.29 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002.08.29 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002.08.29 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1997.11.17 17:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Custom Scans ==========


< c:|Fun4IM;true;true;true; /FP >

< c:|Bandoo;true;true;true; /FP >

< c:|Searchqu;true;true;true; /FP >

< c:|iLivid;true;true;true; /FP >
[2011.05.15 11:03:40 | 000,000,000 | ---D | M] -- c:\Documents and Settings\Tharand\Local Settings\Application Data\Ilivid Player

< c:|whitesmoke;true;true;true; /FP >

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >






OTL Extras logfile created on: 21.05.2011 17:11:50 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Tharand\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

1.022,00 Mb Total Physical Memory | 571,00 Mb Available Physical Memory | 56,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20,00 Gb Total Space | 8,23 Gb Free Space | 41,15% Space Free | Partition Type: NTFS
Drive D: | 129,00 Gb Total Space | 82,97 Gb Free Space | 64,31% Space Free | Partition Type: NTFS

Computer Name: BLAH | User Name: Tharand | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1454471165-1284227242-1644491937-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programs\Mozilla\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programs\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programs\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"55903:TCP" = 55903:TCP:*:Enabled:Torrent
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Programme\ICQ6.5\ICQ.exe" = D:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"D:\World of Warcraft\BackgroundDownloader.exe" = D:\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"D:\World of Warcraft\Launcher.exe" = D:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"D:\Spiele\Freelancer\EXE\Freelancer.exe" = D:\Spiele\Freelancer\EXE\Freelancer.exe:*:Enabled:Freelancer -- (Microsoft Corporation)
"D:\Spiele\AoE2\age2_x1\age2_x1.icd" = D:\Spiele\AoE2\age2_x1\age2_x1.icd:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation)
"D:\Spiele\AoE2\EMPIRES2.ICD" = D:\Spiele\AoE2\EMPIRES2.ICD:*:Enabled:Age of Empires II -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{077A7810-A937-4465-AD08-ACED9807995F}" = ANNO 1602 Königs-Edition
"{0B6A9773-F8F8-4D3F-BCF0-029D2B87DB8A}" = Deus Ex - Invisible War
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP100_series" = Canon iP100 series
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15C165F1-1DAE-4476-AFB6-8723729B41E7}" = hp deskjet 5100
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{5265664F-6128-405C-9225-9782A85954FD}" = Plustek USB Scanner
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.4 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1591C79-1C35-4E09-AA15-F7D6923AFB96}" = HP Deskjet 3840
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{E0828692-FD9D-459F-9312-C645C3CA6650}" = HP Photo and Imaging 2.0 - Deskjet Series
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon iP100 series User Registration" = Canon iP100 series User Registration
"Canon Setup Utility 2.4" = Canon Setup Utility 2.4
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Deus Ex" = Deus Ex
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FLV Player" = FLV Player 2.0 (build 25)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.31
"Freelancer 1.0" = Freelancer
"HijackThis" = HijackThis 2.0.2
"hp print screen utility" = hp print screen utility
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"RTP 1.32 Add-On for RM2k" = RTP 1.32 Add-On for RM2k
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"Sacred_is1" = Sacred
"SystemRequirementsLab" = System Requirements Lab
"Takatis - A Tribute To Manfred Trenz" = Takatis - A Tribute To Manfred Trenz
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Throne of Darkness" = Throne of Darkness
"Uninstall_is1" = Uninstall 1.0.0.1
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.1.0
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebSTAR DPX2100 Uninstall" = Scientific Atlanta WebSTAR 2000 series Cable Modem
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1454471165-1284227242-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03.05.2011 12:40:37 | Computer Name = BLAH | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4127, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 03.05.2011 12:40:37 | Computer Name = BLAH | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4127, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 03.05.2011 12:40:38 | Computer Name = BLAH | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4127, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.

Error - 04.05.2011 10:49:42 | Computer Name = BLAH | Source = Application Error | ID = 1000
Description = Faulting application stdrt.exe, version 3.0.239.0, faulting module
oggflt.sft, version 1.0.1.0, fault address 0x0000f3cc.

Error - 04.05.2011 10:57:47 | Computer Name = BLAH | Source = Application Error | ID = 1000
Description = Faulting application stdrt.exe, version 3.0.239.0, faulting module
oggflt.sft, version 1.0.1.0, fault address 0x0000d46d.

Error - 15.05.2011 05:46:12 | Computer Name = BLAH | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.1.4120, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 18.05.2011 11:32:52 | Computer Name = BLAH | Source = Application Error | ID = 1000
Description = Faulting application 1602.exe, version 0.2.5.2, faulting module unknown,
version 0.0.0.0, fault address 0x4b435553.

Error - 18.05.2011 13:00:21 | Computer Name = BLAH | Source = Application Error | ID = 1000
Description = Faulting application 1602.exe, version 0.2.5.2, faulting module maxsound.dll,
version 2.3.0.0, fault address 0x00003596.

Error - 18.05.2011 14:13:04 | Computer Name = BLAH | Source = Application Error | ID = 1000
Description = Faulting application 1602.exe, version 0.2.5.2, faulting module unknown,
version 0.0.0.0, fault address 0x4b435553.

Error - 19.05.2011 15:34:02 | Computer Name = BLAH | Source = Application Error | ID = 1000
Description = Faulting application 1602.exe, version 0.2.5.2, faulting module unknown,
version 0.0.0.0, fault address 0x4b435553.

[ System Events ]
Error - 20.05.2011 13:19:58 | Computer Name = BLAH | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 20.05.2011 13:20:07 | Computer Name = BLAH | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 20.05.2011 13:20:15 | Computer Name = BLAH | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 20.05.2011 13:20:24 | Computer Name = BLAH | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 20.05.2011 13:20:33 | Computer Name = BLAH | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 20.05.2011 13:20:41 | Computer Name = BLAH | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 20.05.2011 13:20:50 | Computer Name = BLAH | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 20.05.2011 15:13:39 | Computer Name = BLAH | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 21.05.2011 04:36:39 | Computer Name = BLAH | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 21.05.2011 05:33:48 | Computer Name = BLAH | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.


< End of report >
valnar25
Active Member
 
Posts: 5
Joined: May 19th, 2011, 3:45 pm

Re: How to remove searchqu

Unread postby Cypher » May 21st, 2011, 11:52 am

Hi valnar25.
Hello Cypher and thanks for your reply I really appreciate your help.

You're welcome.
Please do the following then give me an update on your computers performance.

We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"
    FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&systemid=406&q="
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    
    :files
    c:\documents and settings\tharand\local settings\application data\Ilivid Player
    C:\Documents and Settings\Tharand\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    ipconfig /flushdns /c
    
    :commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Next.

I see you already have Malwarebytes Anti-Malware installed:

  • Launch the application, Check for Updates >> Perform Quick Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Logs/Information to Post in your Next Reply

  • OTL log.
  • Malwarebytes log.
  • Please give me an update on how your computer is performing.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: How to remove searchqu

Unread postby valnar25 » May 21st, 2011, 12:35 pm

Wow, that seems to have done the trick, searchqu is no longer my homepage.

This is the OTL Log:

All processes killed
========== OTL ==========
Prefs.js: "http://www.searchqu.com/406" removed from browser.startup.homepage
Prefs.js: "http://www.searchqu.com/web?src=ffb&systemid=406&q=" removed from keyword.URL
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== FILES ==========
c:\documents and settings\tharand\local settings\application data\Ilivid Player folder moved successfully.
C:\Documents and Settings\Tharand\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Tharand\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Tharand\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Anja
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 49286 bytes
->FireFox cache emptied: 3574331 bytes

User: Mutti
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 4332073 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Tharand
->Temp folder emptied: 63605 bytes
->Temporary Internet Files folder emptied: 3314576 bytes
->FireFox cache emptied: 486693226 bytes
->Flash cache emptied: 2015182 bytes

%systemdrive% .tmp files removed: 2983288 bytes
%systemroot% .tmp files removed: 6101468 bytes
%systemroot%\System32 .tmp files removed: 1162769 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 487,00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.22.3 log created on 05212011_181052

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...






Malwarebytes didn't find anything. Here is the log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6634

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21.05.2011 18:34:22
mbam-log-2011-05-21 (18-34-22).txt

Scan type: Quick scan
Objects scanned: 163799
Time elapsed: 2 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
valnar25
Active Member
 
Posts: 5
Joined: May 19th, 2011, 3:45 pm

Re: How to remove searchqu

Unread postby Cypher » May 21st, 2011, 12:46 pm

Hi valnar25.
Wow, that seems to have done the trick, searchqu is no longer my homepage.

Excellent.
We need to do a couple of updates to your computer then run another scan.

Java SE Runtime Environment (JRE).

Please download from HERE
  • Find Java SE Runtime Environment (JRE) 6 Update 25.
  • Click the Download JRE button to the right.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.
  • Note: remember to Uncheck Free McAfee® Security Scan Plus (optional)

Next.

Update Adobe Reader

  • You should Download and Install the newest version of Adobe Reader for reading pdf files.
  • Older versions may have vulnerabilities that malware can use to infect your system.
  • Go Here to download and install Adobe Reader X (10.0.1).
  • Note: remember to Uncheck Free McAfee® Security Scan Plus (optional)

Next.

Please download ATF Cleaner to your desktop.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Logs/Information to Post in your Next Reply

  • ESET log.
  • Please give me an update on how your computer is performing.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: How to remove searchqu

Unread postby valnar25 » May 21st, 2011, 1:59 pm

Hi again.

Things are looking good, ESET found nothing:


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=0989aa20cb1b30418fb7e48133dd6809
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-21 05:56:42
# local_time=2011-05-21 07:56:42 (+0100, W. Europe Daylight Time)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775141 100 100 97116 80898820 3037 0
# compatibility_mode=8192 67108863 100 0 335 335 0 0
# scanned=72602
# found=0
# cleaned=0
# scan_time=1946
valnar25
Active Member
 
Posts: 5
Joined: May 19th, 2011, 3:45 pm

Re: How to remove searchqu

Unread postby Cypher » May 21st, 2011, 2:23 pm

Hi valnar25.
If you are having no further problems you should be good to go.
your latest set of logs appear to be clean!
This is my general post for when your logs show no more signs of malware.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

Here are some free programs I recommend that could help you improve your computer's security.

Install SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

MVPS Hosts

Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer
You can do that HERE

Read some information HERE On how to prevent Malware

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: How to remove searchqu

Unread postby valnar25 » May 21st, 2011, 3:00 pm

Hello Cypher,

everything seems to work normal and I took your advise and downloaded a couple of the programs you suggested. Feels good to know that my computer is safe(r) at least for now.

Now I'd like to express my gratitude again. You provided me with fast and profound help. The steps were well explained and easy to follow and, above all else, it worked. You guys are really doing a terrific job here. Really thank you so much.

With this, the topic can be closed now.
valnar25
Active Member
 
Posts: 5
Joined: May 19th, 2011, 3:45 pm

Re: How to remove searchqu

Unread postby Cypher » May 21st, 2011, 3:10 pm

Hi valnar25.
Now I'd like to express my gratitude again

You're most welcome glad we could help.
Good luck and stay safe.
As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 70 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware