Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

searchqu set as homepage

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: searchqu set as homepage

Unread postby Koorana » June 7th, 2011, 2:53 am

here are the scans you requested,

All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ deleted successfully.
C:\Program Files\XfireXO\prxtbXfir.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ not found.
File C:\Program Files\XfireXO\prxtbXfir.dll not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ not found.
File C:\Program Files\XfireXO\prxtbXfir.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
File C:\Program Files\Windows iLivid Toolbar\ToolBar\searchqudtx.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
File C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ not found.
File C:\Program Files\XfireXO\prxtbXfir.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File C:\Program Files\Windows iLivid Toolbar\ToolBar\searchqudtx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}\ not found.
File C:\Program Files\XfireXO\prxtbXfir.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR not found.
File C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Cracked Steam Service not found.
File C:\Program Files\Cracked Steam\Cracked Steam.exe not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\InprocServer32\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\removeSearchqudatamngr not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\removeSearchqutoolbar not found.
Registry key HKEY_USERS\S-1-5-21-3756973964-1497226898-4133958051-1000\Software\AppDataLow\Software\searchqutoolbar\ not found.
Registry key HKEY_USERS\S-1-5-21-3756973964-1497226898-4133958051-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_USERS\S-1-5-21-3756973964-1497226898-4133958051-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\removeSearchqudatamngr not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{092C5E8B-F31E-49D3-9C61-6741470BED5B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{092C5E8B-F31E-49D3-9C61-6741470BED5B}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D128F010-2418-4808-AD35-ED15181EDA45} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D128F010-2418-4808-AD35-ED15181EDA45}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{092C5E8B-F31E-49D3-9C61-6741470BED5B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{092C5E8B-F31E-49D3-9C61-6741470BED5B}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D128F010-2418-4808-AD35-ED15181EDA45} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D128F010-2418-4808-AD35-ED15181EDA45}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{092C5E8B-F31E-49D3-9C61-6741470BED5B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{092C5E8B-F31E-49D3-9C61-6741470BED5B}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D128F010-2418-4808-AD35-ED15181EDA45} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D128F010-2418-4808-AD35-ED15181EDA45}\ not found.
========== FILES ==========
C:\Users\Liam\AppData\LocalLow\searchquband folder moved successfully.
C:\Users\Liam\AppData\LocalLow\searchqutoolbar\coupons folder moved successfully.
C:\Users\Liam\AppData\LocalLow\searchqutoolbar folder moved successfully.
File\Folder C:\Program Files\Windows iLivid Toolbar not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 75 bytes

User: Liam
->Temp folder emptied: 44996026 bytes
->Temporary Internet Files folder emptied: 39194023 bytes
->Java cache emptied: 6285614 bytes
->Google Chrome cache emptied: 6099312 bytes
->Flash cache emptied: 439502 bytes

User: Liam Mcanulty

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1491337 bytes
RecycleBin emptied: 3992088 bytes

Total Files Cleaned = 98.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: Liam
->Flash cache emptied: 0 bytes

User: Liam Mcanulty

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 06072011_161644

Files\Folders moved on Reboot...
File\Folder C:\Users\Liam\AppData\Local\Temp\~DF87C3.tmp not found!
File\Folder C:\Users\Liam\AppData\Local\Temp\~DF87F8.tmp not found!
File\Folder C:\Users\Liam\AppData\Local\Temp\~DF8B3D.tmp not found!
File\Folder C:\Users\Liam\AppData\Local\Temp\~DF8B60.tmp not found!
File\Folder C:\Users\Liam\AppData\Local\Temp\~DF8BEC.tmp not found!
File\Folder C:\Users\Liam\AppData\Local\Temp\~DF8C18.tmp not found!
C:\Users\Liam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9T95T0S7\search[6].htm moved successfully.
C:\Users\Liam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2NNL07TO\viewtopic[1].htm moved successfully.
File\Folder C:\Windows\temp\JETD6C8.tmp not found!

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.



OTL logfile created on: 7/06/2011 4:42:03 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Liam\Documents
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 44.61% Memory free
4.23 Gb Paging File | 2.92 Gb Available in Paging File | 68.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.44 Gb Total Space | 20.04 Gb Free Space | 17.22% Space Free | Partition Type: NTFS
Drive D: | 104.73 Gb Total Space | 85.18 Gb Free Space | 81.34% Space Free | Partition Type: NTFS
Drive F: | 442.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive J: | 930.86 Gb Total Space | 576.14 Gb Free Space | 61.89% Space Free | Partition Type: NTFS

Computer Name: LIAM-PC | User Name: Liam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Liam\Documents\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\ASScrPro.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe (ASUS)
PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Windows\System32\ASUSTPE.exe (ASUS)
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)
PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
PRC - C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Liam\Documents\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Norton Internet Security) -- File not found
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_8675ab0.dll ()
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110606.018\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110606.018\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110603.003\IDSvix86.sys (Symantec Corporation)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (lullaby) -- C:\Windows\system32\DRIVERS\lullaby.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (msloop) -- C:\Windows\System32\drivers\loop.sys (Microsoft Corporation)
DRV - (RTL8187) -- C:\Windows\System32\drivers\wg111v2.sys (NETGEAR Inc.)
DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (nmwcd) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia)
DRV - (nmwcdcm) -- C:\Windows\System32\drivers\nmwcdcm.sys (Nokia)
DRV - (nmwcdcj) -- C:\Windows\System32\drivers\nmwcdcj.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\nmwcdc.sys (Nokia)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=ASUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain ... &bmod=ASUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=ASUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 6E 4D FD 7E EF CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = ninemsn.com.au

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/01/18 16:26:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge

[2011/04/01 18:18:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Liam\AppData\Roaming\Mozilla\Firefox\extensions
[2011/04/01 18:18:29 | 000,000,000 | ---D | M] (XfireXO) -- C:\Users\Liam\AppData\Roaming\Mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}

O1 HOSTS File: ([2006/09/19 07:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [OTL] C:\Users\Liam\Documents\OTL.exe (OldTimer Tools)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} http://nxcache.nexon.net/mabinogi/rende ... 0.5.03.cab (MabinogiWebAvatarRenderer Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Liam\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Liam\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/01/29 06:00:27 | 000,000,088 | ---- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{1492de04-d42f-11df-9741-00248c8208aa}\Shell - "" = AutoRun
O33 - MountPoints2\{1492de04-d42f-11df-9741-00248c8208aa}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/07 16:16:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/07 16:15:56 | 000,000,000 | ---D | C] -- C:\Windows\7-06-2011
[2011/06/07 16:14:44 | 000,000,000 | ---D | C] -- C:\Users\Liam\Desktop\erunt
[2011/06/06 18:04:43 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Roaming\TerrariaWorldViewer
[2011/06/06 18:02:36 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2011/06/05 18:02:03 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Terraria
[2011/06/05 18:01:50 | 000,000,000 | ---D | C] -- C:\Program Files\Terraria
[2011/06/03 16:04:11 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Liam\Documents\OTL.exe
[2011/05/31 19:54:06 | 000,606,738 | R--- | C] (Swearware) -- C:\Users\Liam\Documents\dds.com
[2011/05/31 16:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011/05/31 16:32:14 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2011/05/31 16:31:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/30 20:12:47 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Roaming\SUPERAntiSpyware.com
[2011/05/30 20:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/05/30 20:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/05/30 20:12:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/30 19:33:28 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/30 19:33:28 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/05/30 16:38:44 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Local\PackageAware
[2011/05/29 17:26:27 | 000,000,000 | ---D | C] -- C:\Users\Liam\Documents\Cross Fire
[2011/05/29 17:26:15 | 000,000,000 | ---D | C] -- C:\CFLog
[2011/05/26 20:30:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Convert AVI to MP4
[2011/05/26 20:30:49 | 000,000,000 | ---D | C] -- C:\Program Files\Convert AVI to MP4
[2011/05/26 14:30:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2011/05/26 13:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\Lame For Audacity
[2011/05/23 20:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft XNA Game Studio 4.0
[2011/05/23 19:57:52 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2011/05/23 19:57:47 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2011/05/23 19:57:40 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2011/05/23 19:57:40 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2011/05/23 19:57:12 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2011/05/23 19:49:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA
[2011/05/23 19:43:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2011/05/23 19:43:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011/05/23 19:41:01 | 000,000,000 | ---D | C] -- C:\Users\Liam\Documents\Visual Studio 2010
[2011/05/23 19:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
[2011/05/23 19:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2011/05/23 19:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2011/05/23 19:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2011/05/23 19:10:09 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2011/05/23 19:09:35 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2011/05/23 19:09:35 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2011/05/23 16:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[2011/05/21 21:46:33 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Local\PunkBuster
[2011/05/21 21:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
[2011/05/21 20:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\Activision
[2011/05/18 18:13:24 | 000,000,000 | ---D | C] -- C:\Users\Liam\Documents\Kingdom Hearts Piano Collections Field & Battle
[2011/05/15 18:43:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2011/05/15 18:43:00 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2011/05/15 18:42:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/05/15 18:42:12 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/05/13 20:07:28 | 000,000,000 | ---D | C] -- C:\Users\Liam\Documents\Shark Picture
[2011/05/08 19:37:25 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2008/06/03 16:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
[2008/05/22 09:38:59 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[1 C:\Users\Liam\Documents\*.tmp files -> C:\Users\Liam\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/07 16:37:34 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/07 16:25:47 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/07 16:25:47 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/07 16:25:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/07 16:25:37 | 2144,653,312 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/07 16:15:17 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/07 15:57:38 | 000,513,320 | ---- | M] () -- C:\Users\Liam\Desktop\erunt.zip
[2011/06/06 17:53:03 | 000,000,491 | ---- | M] () -- C:\Users\Liam\Documents\TerrariaMapGenerator.xml
[2011/06/06 17:22:53 | 000,001,978 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/06/06 17:10:18 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2D4ECED4-F694-4FEB-A786-9B14DD895488}.job
[2011/06/05 19:34:14 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Liam.job
[2011/06/05 18:04:49 | 000,000,811 | ---- | M] () -- C:\Users\Liam\Desktop\Terraria.lnk
[2011/06/03 16:04:54 | 000,302,592 | ---- | M] () -- C:\Users\Liam\Documents\v041zz53.exe
[2011/06/03 16:04:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Liam\Documents\OTL.exe
[2011/06/01 20:41:59 | 000,138,240 | ---- | M] () -- C:\Users\Liam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/31 19:54:16 | 000,606,738 | R--- | M] (Swearware) -- C:\Users\Liam\Documents\dds.com
[2011/05/31 19:52:52 | 000,002,521 | ---- | M] () -- C:\Users\Liam\Desktop\HiJackThis.lnk
[2011/05/30 20:12:38 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/27 17:34:40 | 000,000,700 | ---- | M] () -- C:\Users\Liam\Desktop\Fraps.lnk
[2011/05/24 20:18:38 | 000,627,494 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/24 20:18:38 | 000,116,318 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/24 15:53:48 | 000,391,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/23 16:45:11 | 000,000,759 | ---- | M] () -- C:\Users\Liam\Desktop\Audacity.lnk
[2011/05/21 21:47:01 | 000,022,328 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/05/21 21:32:50 | 000,001,791 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) Singleplayer.lnk
[2011/05/21 21:32:50 | 000,001,791 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) Multiplayer.lnk
[2011/05/21 21:07:06 | 000,022,328 | ---- | M] () -- C:\Users\Liam\AppData\Roaming\PnkBstrK.sys
[2011/05/21 21:06:17 | 000,000,319 | ---- | M] () -- C:\Windows\game.ini
[2011/05/21 15:03:36 | 000,001,940 | ---- | M] () -- C:\Users\Liam\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/20 07:36:38 | 005,144,978 | ---- | M] () -- C:\Users\Liam\Documents\Goofy goober rock!.mp3
[2011/05/20 07:33:08 | 003,368,162 | ---- | M] () -- C:\Users\Liam\Documents\Goofy goober rock!.flv
[2011/05/18 18:53:19 | 113,055,541 | ---- | M] () -- C:\Users\Liam\Documents\KH Piano Collections - Sheet Music.zip
[2011/05/18 17:56:19 | 091,564,854 | ---- | M] () -- C:\Users\Liam\Documents\kingdom hearts piano collections field & battle.rar
[2011/05/15 18:43:01 | 000,000,811 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2011/05/09 19:59:50 | 000,086,991 | ---- | M] () -- C:\Users\Liam\Documents\Dearly-Beloved.pdf
[2011/05/09 19:55:03 | 000,128,887 | ---- | M] () -- C:\Users\Liam\Documents\Reviving-Hollow-Bastion.pdf
[1 C:\Users\Liam\Documents\*.tmp files -> C:\Users\Liam\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/07 15:57:37 | 000,513,320 | ---- | C] () -- C:\Users\Liam\Desktop\erunt.zip
[2011/06/06 17:53:01 | 000,000,491 | ---- | C] () -- C:\Users\Liam\Documents\TerrariaMapGenerator.xml
[2011/06/05 18:02:03 | 000,000,811 | ---- | C] () -- C:\Users\Liam\Desktop\Terraria.lnk
[2011/06/03 16:04:36 | 000,302,592 | ---- | C] () -- C:\Users\Liam\Documents\v041zz53.exe
[2011/05/30 20:12:38 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/30 19:33:28 | 000,002,521 | ---- | C] () -- C:\Users\Liam\Desktop\HiJackThis.lnk
[2011/05/23 16:45:11 | 000,000,771 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2011/05/23 16:45:11 | 000,000,759 | ---- | C] () -- C:\Users\Liam\Desktop\Audacity.lnk
[2011/05/21 21:32:50 | 000,001,791 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) Singleplayer.lnk
[2011/05/21 21:32:50 | 000,001,791 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) Multiplayer.lnk
[2011/05/21 21:06:17 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2011/05/20 07:33:18 | 005,144,978 | ---- | C] () -- C:\Users\Liam\Documents\Goofy goober rock!.mp3
[2011/05/20 07:33:08 | 003,368,162 | ---- | C] () -- C:\Users\Liam\Documents\Goofy goober rock!.flv
[2011/05/19 16:09:16 | 000,001,940 | ---- | C] () -- C:\Users\Liam\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/18 18:53:17 | 113,055,541 | ---- | C] () -- C:\Users\Liam\Documents\KH Piano Collections - Sheet Music.zip
[2011/05/18 17:56:18 | 091,564,854 | ---- | C] () -- C:\Users\Liam\Documents\kingdom hearts piano collections field & battle.rar
[2011/05/15 18:43:01 | 000,000,811 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2011/05/09 19:59:49 | 000,086,991 | ---- | C] () -- C:\Users\Liam\Documents\Dearly-Beloved.pdf
[2011/05/09 19:55:02 | 000,128,887 | ---- | C] () -- C:\Users\Liam\Documents\Reviving-Hollow-Bastion.pdf
[2011/05/08 19:37:26 | 000,000,700 | ---- | C] () -- C:\Users\Liam\Desktop\Fraps.lnk
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/03 15:49:09 | 000,000,276 | ---- | C] () -- C:\Windows\System32\ms-securea.ini
[2011/01/18 17:27:02 | 000,000,006 | ---- | C] () -- C:\Users\Liam\AppData\Roaming\start_pal
[2010/12/25 11:59:35 | 000,006,123 | ---- | C] () -- C:\Users\Liam\AppData\Roaming\NMM-MetaData.db
[2010/05/09 11:16:06 | 000,000,552 | ---- | C] () -- C:\Users\Liam\AppData\Local\d3d8caps.dat
[2010/04/25 14:12:25 | 000,010,064 | -HS- | C] () -- C:\Users\Liam\AppData\Local\b5bq8uC1G1B
[2010/04/25 14:12:25 | 000,010,064 | -HS- | C] () -- C:\ProgramData\b5bq8uC1G1B
[2010/04/24 16:30:03 | 000,011,014 | -HS- | C] () -- C:\Users\Liam\AppData\Local\1171927190
[2010/04/24 16:30:03 | 000,011,014 | -HS- | C] () -- C:\ProgramData\1171927190
[2010/04/24 16:07:35 | 000,002,604 | -HS- | C] () -- C:\Users\Liam\AppData\Local\O5poq8wPv8FxG
[2010/04/24 16:07:35 | 000,002,604 | -HS- | C] () -- C:\ProgramData\O5poq8wPv8FxG
[2010/03/27 05:04:54 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010/03/18 16:39:29 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/03/18 16:39:28 | 000,022,328 | ---- | C] () -- C:\Users\Liam\AppData\Roaming\PnkBstrK.sys
[2010/03/18 16:39:14 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/03/18 16:39:12 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/03/18 16:39:11 | 002,250,024 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010/02/12 16:54:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/12 09:32:23 | 000,001,356 | ---- | C] () -- C:\Users\Liam\AppData\Local\d3d9caps.dat
[2010/01/05 13:13:03 | 000,138,240 | ---- | C] () -- C:\Users\Liam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/04/04 15:00:34 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
[2009/04/04 15:00:24 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2009/04/04 14:29:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/04/04 14:03:00 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/04/04 14:03:00 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/02 12:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008/05/23 02:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
[2008/05/22 09:40:59 | 001,772,544 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008/05/22 09:38:59 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008/05/22 09:38:59 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2008/04/23 16:02:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008/03/10 00:01:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/03/09 23:32:51 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/03/04 21:01:59 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008/02/28 12:14:03 | 000,168,886 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/08/07 03:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe
[2006/11/02 22:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 22:47:37 | 000,391,392 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 22:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 20:33:01 | 000,627,494 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 20:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 20:33:01 | 000,116,318 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 20:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 20:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 18:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 18:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 17:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 11:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/12/07 11:31:00 | 000,202,752 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll

========== Files - Unicode (All) ==========
[2009/04/04 14:05:32 | 000,000,899 | ---- | C] ()(C:\Users\Liam\Desktop\????????.lnk) -- C:\Users\Liam\Desktop\華碩獨家軟體介紹.lnk
[2009/01/23 16:13:21 | 000,000,899 | ---- | M] ()(C:\Users\Liam\Desktop\????????.lnk) -- C:\Users\Liam\Desktop\華碩獨家軟體介紹.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:A2947BEA

< End of report >
Koorana
Active Member
 
Posts: 9
Joined: May 31st, 2011, 5:58 am
Advertisement
Register to Remove

Re: searchqu set as homepage

Unread postby deltalima » June 7th, 2011, 3:39 am

Hi Koorana,

MiniToolBox
Please download MiniToolBox.exe ... by Farbar and save it to your Desktop.
  1. Double click MiniToolBox to run it.
    Vista - W7 users: Right click on MiniToolBox.exe and select "Run As Administrator", to run the tool.
  2. Check the following in the list:
    • Flush DNS.
    • Report IE proxy settings.
    • Reset IE proxy settings.
    • List contents of Hosts.
    • List IP Configuration.
    • List last 10 Event Viewer Errors.
    • List Windows version, partitions, and memory size.
  3. Press the Go button.
    A file name Result.txt will be created in the same location where you downloaded MiniToolBox.exe
  4. Close the MiniToolBox window.
  5. Please post the contents of the Result.txt in your next reply.

Now run a quick scan with Malwarebytes and post the log in your next reply and let me know how the computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: searchqu set as homepage

Unread postby Koorana » June 7th, 2011, 4:54 am

here are the scans

MiniToolBox by Farbar
Ran by Liam (administrator) on 07-06-2011 at 18:27:56
Windows Vista (TM) Home Premium Service Pack 1 (X86)

***************************************************************************


================= Flush DNS: ==============================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

================= End of Flush DNS ========================================

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= End of IE Proxy Settings ========================

"Reset IE Proxy Settings": Proxy Settings were reset.

=============== Hosts content: ============================================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost

=============== End of Hosts ==============================================

================= IP Configuration: =======================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Local Area Connection 2" nexthop=5.0.0.1
set interface interface="Local Area Connection 2" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Liam-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Atheros AR928x Wireless Network Adapter
Physical Address. . . . . . . . . : 00-22-43-86-C9-EF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::207c:6edc:54e8:f35d%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, 7 June 2011 6:15:22 PM
Lease Expires . . . . . . . . . . : Thursday, 7 June 2012 12:15:22 AM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : SiS191 Ethernet Controller
Physical Address. . . . . . . . . : 00-24-8C-82-08-AA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hamachi Network Interface
Physical Address. . . . . . . . . : 7A-79-A0-AD-1A-12
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 5.45.72.114(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Lease Obtained. . . . . . . . . . : Tuesday, 7 June 2011 6:15:08 PM
Lease Expires . . . . . . . . . . : Wednesday, 6 June 2012 6:17:15 PM
Default Gateway . . . . . . . . . : 5.0.0.1
DHCP Server . . . . . . . . . . . : 5.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : isatap.Belkin
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{D534640D-5339-4955-BAD6-0A80FC677799}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:52d:4872::52d:4872(Preferred)
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.2.1

Name: google.com
Addresses: 74.125.237.80
74.125.237.84
74.125.237.81
74.125.237.83
74.125.237.82



Pinging google.com [74.125.237.80] with 32 bytes of data:

Reply from 74.125.237.80: bytes=32 time=25ms TTL=55

Reply from 74.125.237.80: bytes=32 time=25ms TTL=56



Ping statistics for 74.125.237.80:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 25ms, Maximum = 25ms, Average = 25ms

Server: UnKnown
Address: 192.168.2.1

Name: yahoo.com
Addresses: 72.30.2.43
98.137.149.56
209.191.122.70
67.195.160.76
69.147.125.65



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=276ms TTL=48

Reply from 209.191.122.70: bytes=32 time=274ms TTL=48



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 274ms, Maximum = 276ms, Average = 275ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
11 ...00 22 43 86 c9 ef ...... Atheros AR928x Wireless Network Adapter
10 ...00 24 8c 82 08 aa ...... SiS191 Ethernet Controller
13 ...7a 79 a0 ad 1a 12 ...... Hamachi Network Interface
1 ........................... Software Loopback Interface 1
14 ...00 00 00 00 00 00 00 e0 isatap.Belkin
15 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
16 ...00 00 00 00 00 00 00 e0 isatap.{D534640D-5339-4955-BAD6-0A80FC677799}
17 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 5.0.0.1 5.45.72.114 9256
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.6 20
5.0.0.0 255.0.0.0 On-link 5.45.72.114 9256
5.45.72.114 255.255.255.255 On-link 5.45.72.114 9256
5.255.255.255 255.255.255.255 On-link 5.45.72.114 9256
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.6 276
192.168.2.6 255.255.255.255 On-link 192.168.2.6 276
192.168.2.255 255.255.255.255 On-link 192.168.2.6 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 5.45.72.114 9256
224.0.0.0 240.0.0.0 On-link 192.168.2.6 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 5.45.72.114 9256
255.255.255.255 255.255.255.255 On-link 192.168.2.6 276
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 5.0.0.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
17 1110 ::/0 2002:c058:6301::c058:6301
1 306 ::1/128 On-link
17 1010 2002::/16 On-link
17 266 2002:52d:4872::52d:4872/128
On-link
11 276 fe80::/64 On-link
11 276 fe80::207c:6edc:54e8:f35d/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

================= End of IP Configuration =================================

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/07/2011 06:16:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2011 04:26:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2011 03:50:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2011 07:52:31 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.19048, time stamp 0x4d633f27, faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733dc, exception code 0xc0000005, fault offset 0x00065803,
process id 0x168c, application start time 0xiexplore.exe0.

Error: (06/07/2011 06:46:17 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/06/2011 07:57:28 PM) (Source: .NET Runtime) (User: )
Description: Application: TerrariaInvEdit.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Net.WebException
Stack:
at System.Net.WebClient.DownloadDataInternal(System.Uri, System.Net.WebRequest ByRef)
at System.Net.WebClient.DownloadString(System.Uri)
at System.Net.WebClient.DownloadString(System.String)
at TerrariaInvEdit.UpdateChecker.DoUpdate()
at TerrariaInvEdit.UpdateChecker.CheckForUpdates()
at TerrariaInvEdit.Program.Main()

Error: (06/06/2011 07:55:16 PM) (Source: .NET Runtime) (User: )
Description: Application: TerrariaInvEdit.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Net.WebException
Stack:
at System.Net.WebClient.DownloadDataInternal(System.Uri, System.Net.WebRequest ByRef)
at System.Net.WebClient.DownloadString(System.Uri)
at System.Net.WebClient.DownloadString(System.String)
at TerrariaInvEdit.UpdateChecker.DoUpdate()
at TerrariaInvEdit.UpdateChecker.CheckForUpdates()
at TerrariaInvEdit.Program.Main()

Error: (06/06/2011 07:55:03 PM) (Source: .NET Runtime) (User: )
Description: Application: TerrariaInvEdit.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Net.WebException
Stack:
at System.Net.WebClient.DownloadDataInternal(System.Uri, System.Net.WebRequest ByRef)
at System.Net.WebClient.DownloadString(System.Uri)
at System.Net.WebClient.DownloadString(System.String)
at TerrariaInvEdit.UpdateChecker.DoUpdate()
at TerrariaInvEdit.UpdateChecker.CheckForUpdates()
at TerrariaInvEdit.Program.Main()

Error: (06/06/2011 07:22:16 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.19048, time stamp 0x4d633f27, faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733dc, exception code 0xc0000005, fault offset 0x00065803,
process id 0x1e00, application start time 0xiexplore.exe0.

Error: (06/06/2011 06:07:15 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.19048, time stamp 0x4d633f27, faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733dc, exception code 0xc0000005, fault offset 0x00065803,
process id 0x1d44, application start time 0xiexplore.exe0.


System errors:
=============

Microsoft Office Sessions:
=========================

========================= End of Event log errors =========================

========================= Memory info: ====================================

Percentage of memory in use: 82%
Total physical RAM: 2046.54 MB
Available physical RAM: 364.94 MB
Total Pagefile: 4332.34 MB
Available Pagefile: 2382.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1966.52 MB

======================= Partitions: =======================================

1 Drive c: (VistaOS) (Fixed) (Total:116.44 GB) (Free:17.98 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:104.73 GB) (Free:85.18 GB) NTFS
4 Drive f: (WD SmartWare) (CDROM) (Total:0.43 GB) (Free:0 GB) UDF
8 Drive j: (My Book) (Fixed) (Total:930.86 GB) (Free:576.14 GB) NTFS

================= Users: ==================================================

User accounts for \\LIAM-PC

-------------------------------------------------------------------------------
Administrator Guest Liam
The command completed successfully.

================= End of Users ============================================



Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6795

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19048

7/06/2011 6:51:31 PM
mbam-log-2011-06-07 (18-51-31).txt

Scan type: Quick scan
Objects scanned: 180749
Time elapsed: 20 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




and my computer is running at normal speed, thank you for your help.
Koorana
Active Member
 
Posts: 9
Joined: May 31st, 2011, 5:58 am

Re: searchqu set as homepage

Unread postby deltalima » June 7th, 2011, 5:10 am

Hi Koorana,

Now that you are clean, please follow these steps in order to keep your computer clean and secure.

Remove GMER

Delete the GMER icon from your desktop.

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

It is vital that you update Windows Vista to Service Pack 2
Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.

Here are some additional utilities that will enhance your safety


Happy surfing and stay clean!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: searchqu set as homepage

Unread postby deltalima » June 8th, 2011, 5:45 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware